Security Experts Identify Methods to Hide Malware in HTML5 Drive-by Download Attacks
HTML5 is an emerging platform that is thought to ultimately replace the repeatedly attacked Adobe Flash Player in the area of internet multimedia and graphical display. Unfortunately, as security experts have recently discovered, HTML5 is being used to hide malware in drive-by download attacks. Such a discovery is leading us to believe that HTML5 is a bridge for hackers and cybercrooks to easily spread malicious files and applications over the Internet.
Drive-by downloads are considered to be a method that hackers use to install malware on a computer by tricking the user into taking a single action. In most cases that action is made up of a single click on an enticing item. Through the use of HTML5, hackers have found a way to exploit the platform to inject malicious software that automatically downloads upon clicking on a specific item within the HTML5 component.
Attackers can obfuscate drive-by download exploits within HTML5 through many HTML technologies and APIs. Among these technologies, attackers can exploit ones using Canvas, Cross-Origin Client Communication, IndexedDB, localStorage, WebSocket, Web Workers, Web SQL, and others.
At one time during 2012 and 2013, HTML5-based techniques for exploits was never detected by antivirus engines. The recent discovery of HTML5 exploits comes off of the heels of new detection methods where only flaws within current-day antivirus engines allows an open door for HTML5 exploit obfuscations.
The initial discovery of HTML5 drive-by download attacks comes about as a collective of security researcher efforts and a research paper from Cornell University underlying prevention methods for HTML5 drive-by downloads of malware. Within the research paper there are several methods that outline the obfuscating and deobfuscating malicious code that leads to HTML5 Drive-by downloads of malware. The various techniques proved to be successful for specific countermeasures against such attacks.
The complexity of HTML5 Drive-by download attacks that end up spreading malware are still somewhat of a mystery to some. Even so, researchers explain that there is further research that needs to take place before there is a certain way of detecting and combating HTML5 derived Drive-by download attacks. Until then, HTML5 could be seeing worst days as cybercrook use the crafty method to weaponized themselves to wage attacks for spreading of malware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.