New Ways to Attack: AJAX Targeted

by Monica G
There are plenty of ways to attack someone’s computer, maybe through a virus aimed at attacking their personal documents or the type of software designed to retrieve account numbers, passwords, etc. from any server. The beauty is that we have firewalls and antivirus to prevent events like the ones mentioned above from happening. But with the evolution of technology has come the growth of virus and malware. People have become more creative in their designs. This can clearly be seen in the new wave of attacks, which was found by researchers from M86 Security. The attacks use AJAX, Asynchronous JavaScript and XML, to break apart payloads into very small pieces of code that are later assembled, therefore making them harder to detect by firewalls and antivirus. According to Moshe Basanchig, the attacks seemed to be happening to a company’s server in China. The researchers were able to confirm that the code begins on a page with legitimate JavaScript code then after it passes through the firewalls enabled, it assembles on the client’s page (in your Web browser’s memory) before it is executed. This “payload fragmentation technique” makes it virtually impossible to detect because when you have code that looks fine and only becomes a problem after its been loaded, it can easily pass through the network interface level. There is some good news to all havoc, some antivirus are able to block that code when it’s attempting to reassemble. And there are things we can do to prevent it from happening to us, like keeping everything updated, and most importantly, never going to a website or loading anything that looks malicious.

This is related to the class because as we design web pages we have to keep in mind that things like this can happen. Therefore we must think a step ahead, and find ways to make it more difficult to become victims. As we learn JavaScript, and all the ways to use it, we see ways people use it against us. We learn how the back end of a webpage works by using JavaScript to write the date on a page.

My only concern about this article was that we were only told simple ways to preventing this technique from affecting us, but what happens when it has already occurred. That is to say what about the people already affected, do they have to start over or is there an easier way. Overall, the article was very helpful by informing us on new ways the Web is being attacked, especially because we will be dealing with these types of scenarios soon, very soon.

Citation: Constantin, L. (2012, January 5). Fragmentated AJAX-based Web Exploitation Attacks Detected in the Wild. Retrieved February 5, 2012, from PCWorld:


5 thoughts on “New Ways to Attack: AJAX Targeted”

  1. Hackers are smart. I get my email hacked about once every month and even wiped my hard drive once, in addition to changing my password millions of times and it still happens. I don’t see what benefit some hackers get in attacking single users like us, but I think companies should place a bigger value on security, especially valuable companies like banks and eCommerce.

  2. Nice to know this technique. Sometimes, im amazed how creative those hackers can be. Web developers should never let their guard off anytime.

  3. I can see how this type of attack can at first glance seem hard to stop, but there are multiple free tools and ad-dons that can completely shut down this type of intrusion. One that comes to mind is No-Script, it’s a Mozilla Firefox add-on that completely disables all scripts in a page you have never visited before. while at first it will seem like a hassle having to allow everything on sites as you begin to visit them in the long run it’s one more way to keep yourself protected.

  4. Really interesting, its like bringing together pieces of puzzle huh. I want to learn more about how hacking is done, it’s a really nice subject to know about. This AJAX technique is really something. Very nice article!

  5. I think it would also be important to choose the right Web browser. I know that all of them have the same-origin policy embedded into the Web browser to provide web content security but attackers are still able to inject their own script into the web pages to steal information or for malware planting. Well I read a journal last week that says that Firefox implemented a content security policy prototype which provides higher security. This policy is going to specify what sources may be loaded and from where they may be requested; and it will also provide an alert to the system for vulnerabilities on a website.

Comments are closed.