A new level of sophistication in exploit tool kits has emerged. These tool kits cleverly circumvent most security detection techniques such as traditional signature and mobile malicious code analysis as noted recently in the press. New anti-malware technology includes full browser emulation capability that leaps ahead of exploit tool kits, zero-day threats, and similar malware.
Today's web browser environments provide powerful scripting functionality to create feature-rich, user friendly, and customizable browsing experiences through dynamic web content. Unfortunately, this also creates an excellent environment for cybercrooks to create web scripts that, though appearing innocuous, are actually carrying malicious code inside, designed to ultimately infect the user's computer. Malicious JavaScript may be conducting reconnaissance on the PC, checking for browser, availability and versions (or patch level) of plug-ins such as Adobe Reader, Flash Player, or .NET Framework, to determine the next steps of the attack that will ultimately gain control of the PC.
The intent of malicious JavaScript, either changing dynamically during browser execution or changing quickly on the server-side (via polymorphism), will often pass undetected by the current technologies. Simply evaluating JavaScript and other malicious mobile code for visible known patterns would not flag these obfuscated scripts as being malicious in their own right. Only patent-pending emulation capability can reveal the real-world effects caused by active web content under analysis.
Trending Discussions