Senin, 27 Juni 2011

Top 5 Threat Vectors Showtime

JAVASCRIPT JavaScript is the root of many threats, since it is universally used by many applications such as web browsers and document readers. The Gumblar botnet is an active botnet that uses server-side polymorphic JavaScript code to infect machines, thus leveraging the language to start its dirty work. This means that each time you visit an infected Gumblar site, a new (previously unseen) script is sent to your browser that will begin fingerprinting—looking for software vulnerabilities. Once fingerprinted, the JavaScript will then attempt to serve up malicious exploits through other vectors such as PDF/Flash.

PDF/FLASH VULNERABILITIES There have been many zero-day vulnerabilities disclosed (and exploited) in 2010 based on PDF/Flash. These exploits have pioneered new attacks that bypass enhanced security measures such as address space layout randomization(ASLR) and data execution prevention (DEP). Due to the ubiquity of PDF/Flash technology, attackers use these vulnerabilities as a favorite way to infect machines. Oftentimes, end users think they cannot become infected through document/media fi les (only executables); this mentality needs to change quickly, because these vulnerabilities now present a very real and serious threat.
BOTNETS Once a machine is infected, there is another threat vector that exists—a botnet’s command and control (C&C) channel. Every botnet needs to phone home in order to receive commands and send stolen data. We see this as a potent threat vector, since if this channel is blocked, no instructions can be carried out, and no stolen information can be sent. There are lots of innovative ways that botnets try to discretely access C&C channels, but the most prevalent way remains HTTP, and, as a result, we deem the HTTP protocol itself a nasty threat vector. Most botnets will simply use RFC-compliant HTTP POST/GET commands; however, some will encrypt the payload to avoid detection.
XSS HOLES Cross-site scripting (XSS) holes have always been on the radar as one of the most dangerous web-based threats and continue to enjoy success because plenty of holes still exist on the web. A great example is a worm that hit Twitter in September 2010, where malicious tweets were sent out utilizing a freshly discovered XSS hole. While Twitter took quick action to shut this down, the worm was highly effective since it only required a user to roll their mouse over a link without having to click (it used the JavaScript onMouseOver technique). By doing so, the worm would then send further malicious tweets on that user’s behalf.
Persistent and nonpersistent XSS holes exist because of development oversights when implementing websites. Because they have existed for a while, and continue to be a problem, it is important to underscore the necessity of safe development practices to mitigate these threats.
THUMB DRIVES USB drives are actually one of, if not the most, common ways you can infect a network from inside a fi rewall. There are several reasons for this: They’re cheap, small, hold a lot of data, and can be used among multiple computer types. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as the notorious Confi cker worm, that can automatically execute upon connecting with a live USB port. What’s worse is that default operating system confi gurations typically allow most programs(including malicious ones) to run automatically.

Source :
Derek Manky is project manager and cyber security and threat researcher at Fortinet’s Fortiguard Labs, and author of Fortinet’s monthly Threat Landscape Report.

0 komentar:

Posting Komentar