Malicious Code Hidden in Rich Content Files Tough To Detect, According to Finjan Report

Finjan, a company that sells security products, said it has uncovered examples of obfuscated code embedded in rich-content files, and not just in HTML-based Web pages on legitimate Web sites. According to the vendor, code obfuscation remains the preferred technique for cybercriminals for their attacks.

Since JavaScript is the most-used scripting language for communication with Web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications add support for JavaScript writing as part of their application, the company reported in its September 2008 "Malicious Page of the Month." This offers "crimeware" authors the opportunity to inject malicious code into rich-content files used by ads and user-generated content on Web 2.0 Web sites.

According to the report, only three of 36 virus-scanning products tested were able to detect the presence of that type of malicious code, which is dynamically embedded in the JavaScript.

Online ads and user-generated content on Web 2.0 Web sites are becoming more popular in directing users unwittingly to malware-infected content files. A recent survey by the company found that 46 percent of respondents stated that their organization didn't have a Web 2.0 security policy in place.

The company said real-time content inspection is the optimal way to detect and block dynamically obfuscated code, since it analyzes and understands the code embedded within Web content or files in real time--before it reaches users, who may unintentionally execute the Trojan on their machines.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing digital brain above a chessboard with data charts and flowcharts

    Why AI Strategy Matters (and Why Not Having One Is Risky)

    If your institution hasn't started developing an AI strategy, you are likely putting yourself and your stakeholders at risk, particularly when it comes to ethical use, responsible pedagogical and data practices, and innovative exploration.

  • laptop screen with a video play icon, surrounded by parts of notebooks, pens, and a water bottle on a student desk

    New AI Tool Generates Video Explanations Based on Course Materials

    AI-powered studying and learning platform Studyfetch has launched Imagine Explainers, a new video creator that utilizes artificial intelligence to generate 10- to 60-minute explainer videos for any topic.

  • cloud and circuit patterns with AI stamp

    Cloud Management Startup Launches Infrastructure Intelligence Tool

    A new AI-powered infrastructure intelligence tool from cloud management startup env0 aims to turn the fog of sprawling, enterprise-scale deployments into crisp, queryable insight, minus the spreadsheets, scripts, and late-night Slack threads.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.