Evasive Malicious Code
New developments in malware:
Finjan reports an increasing trend for "evasive" web attacks, which keep track of visitors' IP addresses. Attack toolkits restrict access to a single-page view from each unique IP address. The second time an IP address tries to access the malicious page, a benign page is displayed in its place.
Evasive attacks can also identify the IP addresses of crawlers used by URL filtering, reputation services and search engines, and reply to these engines with legitimate content such as news. The malicious code on the host website accesses a database of IP addresses to determine whether to serve up malware or legitimate content.
Just another step in the neverending arms race of network security.
Posted on June 8, 2007 at 1:53 PM • 24 Comments