by Stephen O
What the exploit does is fairly amazing and scary. Security filters look for malware as a whole, when they see a malicious script they can recognize it and block it. However, the exploit is called a Fragmented AJAX Exploit, because they are using a fragmented approach to sending these nasty scripts. It sends bits so small that the filter would not recognize that are malicious. The fragmented bits are harmless until dynamic content is requested and loaded. It is able to bypass through firewalls and avoid detection until it is too late. “’This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass through the firewall,’ said Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender.” (Constantin, 2012) Some antivirus programs may be able to detect the malicious code once it is in memory, but users should not count on that to protect themselves, people using the internet should always practice safe surfing habits.
It is a scary world no doubt about it. Things you normally would think would be safe now contain malicious code. Something to think about next time you are using Google maps to find your local Chilis. Because now you possibly have a key logger, logging your keys when all you wanted were some baby back ribs with some cinnamon apples and home-style fries. Now your identity has been stolen and your up to your eyebrows in debt that isn’t yours, I hope those ribs were worth it…
Yeah, it really does bite, you cannot let your guard down, there might be malicious code in the Flash Ads, things like Google Maps that use AJAX are no longer safe, and they have found another way to harm you. All you can do is practice safe computing habits. Habits like making sure your browsers and their plug-ins are always up to date (especially Adobe Flash); make sure your Malware and Antivirus suites are up to date. Most importantly of all stay away from websites you are not familiar with, this includes URLs from any emails from people you don’t know promising amazing things, there are no Nigerian Princes who want to include you on some business venture.
Constantin, L. (2012, January 5th). Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild. Retrieved Jumary 15th, 2012, from PCWORLD: http://www.pcworld.com/businesscenter/article/247332/fragmented_ajaxbased_web_exploitation_attacks_detected_in_the_wild.html