Hackers have started to adopt domain-generation techniques normally used by botnet-type malware in order to prolong the life of Web-based attacks, according to security researchers from antivirus firm Symantec.
Such domain-generation techniques were recently observed in a series of drive-by download attacks that used the Black Hole exploit toolkit to infect Web users with malware when visiting compromised websites, Symantec security researcher Nick Johnston
said in a blog post on Tuesday.
Drive-by download attacks rely on rogue code injected into compromised websites to silently redirect their visitors to external domains that host exploit toolkits such as Black Hole. This is usually done through hidden iframe HTML tags.
Those toolkits then check if the visitors' browsers contain vulnerable plug-ins and if any are found, they load the corresponding exploits to install malware.
Web attacks usually have a short life span because security researchers work with hosting providers and domain registrars to shut down attack websites and suspend abusive domain names.
Because of similar takedown efforts targeting botnet command-and-control (C&C) servers, some malware creators have implemented backup methods that allow them to regain control of infected computers.
Read more: http://www.calendarofupdates.com/updates/index.php?s=8f3638ada4f96527dcd1d914983e4d99&showtopic=35895