AJAX hack{3}

by Daniel M
The article that i read was about how hackers are using ajax to hack people’s computers. Basically what the hackers are doing is putting unsuspicious pieces of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites and then these javaScripts are fetching the payloads and assembling them back on the clients computer. This technique is called the payload fragmenting technique and it makes it hard for security systems to detect. It is harder to detect because the code that is passing through is legitimate until it is reassembled on the clients hard drive. There are some other layers of the anti-virus software that may detect the attack. The article talks about how the best way to avoid these attacks is to stay off of websites you do not know and don’t click on the links in spam emails.

I found this article interesting because hackers seem to always find new ways to get around anti-virus software. Also because the packets that are transferred are harmless by themselves it makes it harder to detect. Attacks at the network level are harder for an anti-virus software to detect as it is. This article relates to the class because we were talking about AJAX and i suppose this is another use for it. It also relates because we need to be aware of the possible threats that are out there.

reference:Constantin, L. (2012, January 5). Ajax-based web exploitation attacks detected in the wild . Retrieved from http://www.infoworld.com/d/security/ajax-based-web-exploitation-attacks-detected-in-the-wild-183308