New Ways to Attack: AJAX Targeted{5}

by Monica G
There are plenty of ways to attack someone’s computer, maybe through a virus aimed at attacking their personal documents or the type of software designed to retrieve account numbers, passwords, etc. from any server. The beauty is that we have firewalls and antivirus to prevent events like the ones mentioned above from happening. But with the evolution of technology has come the growth of virus and malware. People have become more creative in their designs. This can clearly be seen in the new wave of attacks, which was found by researchers from M86 Security. The attacks use AJAX, Asynchronous JavaScript and XML, to break apart payloads into very small pieces of code that are later assembled, therefore making them harder to detect by firewalls and antivirus. According to Moshe Basanchig, the attacks seemed to be happening to a company’s server in China. The researchers were able to confirm that the code begins on a page with legitimate JavaScript code then after it passes through the firewalls enabled, it assembles on the client’s page (in your Web browser’s memory) before it is executed. This “payload fragmentation technique” makes it virtually impossible to detect because when you have code that looks fine and only becomes a problem after its been loaded, it can easily pass through the network interface level. There is some good news to all havoc, some antivirus are able to block that code when it’s attempting to reassemble. And there are things we can do to prevent it from happening to us, like keeping everything updated, and most importantly, never going to a website or loading anything that looks malicious.

This is related to the class because as we design web pages we have to keep in mind that things like this can happen. Therefore we must think a step ahead, and find ways to make it more difficult to become victims. As we learn JavaScript, and all the ways to use it, we see ways people use it against us. We learn how the back end of a webpage works by using JavaScript to write the date on a page.

My only concern about this article was that we were only told simple ways to preventing this technique from affecting us, but what happens when it has already occurred. That is to say what about the people already affected, do they have to start over or is there an easier way. Overall, the article was very helpful by informing us on new ways the Web is being attacked, especially because we will be dealing with these types of scenarios soon, very soon.

Citation: Constantin, L. (2012, January 5). Fragmentated AJAX-based Web Exploitation Attacks Detected in the Wild. Retrieved February 5, 2012, from PCWorld: