This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Cybercriminals inject obfuscated malware into PDFs

29 September 2008

Finjan, a leader in secure web gateway products, has announced that its Malicious Code Research Center (MCRC) discovered examples of obfuscated code embedded not only in HTML-webpages on legitimate websites, but also in rich-content files.

Yuval Ben-Itzhak, CTO of Finjan
Yuval Ben-Itzhak, CTO of Finjan

“Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application,” said Yuval Ben-Itzhak, CTO of Finjan. “This offers crimeware authors the opportunity to inject malicious code into rich-content files used by Ads and user-generated content on Web 2.0 websites.”

The report also covers the evolution of obfuscated code for cybercrime attacks: In 2005, code obfuscation consisted of character-based encoding - using any format a browser could interpret - and code scrambling. In 2006, code obfuscation became dynamic – providing a predefined function which receives as input long sets of characters. In 2007, an AJAX-based “private key” is used for de-obfuscating the code, enabling the code to be seen once- and in real-time only. In 2008, obfuscated code is not only embedded in HTML-webpages on legitimate websites, but also in rich-content files such as PDF and Flash.

Online Ads and user-generated content on Web 2.0 websites are becoming more popular in directing users to malware-infected content files. Finjan’s H1/2008 Web Security Survey Report indicates that 46% of respondents stated that their organisation didn’t have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains the preferred technique for cybercriminals for their attacks. Real-time content inspection is the optimal way to detect and block dynamically obfuscated code and similar types of advanced cybercrime techniques, since it analyses and understands the code embedded within web content or files in real time - before it reaches the end-users.

Contact Details and Archive...

Print this page | E-mail this page