Possible AJAX Malware Threats

by Alexander H
Security has always been a major issue for many. Unfortunately, with recent software advancements, it has become even more difficult to maintain and secure potential threats to computers. According to M86 Security, a Web filtering vendor, recent exploitation attacks have been found using AJAX (Asynchronous JavaScript and XML). “These Web exploitation attacks use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevent systems” (Constantin). The attack initially begins on the page that contains the harmful piece of JavaScript code that resembles those found on legitimate AJAX-using sites. The piece of code retrieves the payload in multiple chunks and assembles it back together on the client before executing. This technique makes it difficult for security programs to detect the attack due to the exploited vulnerability. Malware authors tend to use AJAX due to its ability to write generic attack pages, which often look like normal pages. It is recommended that users stay away from sites or web resources they are not familiar with to avoid any potential threat.

I found this article tie in well with this past week’s discussion regarding JavaScript, AJAX, JQuery and other applications. AJAX can be used to update parts of the page dynamically by connecting to, sending data to, and retrieving data from the server without replacing the current page. It is a powerful tool when dealing with parts of a web page, but can also become harmful given mal intent. AJAX, much like other various web applications, has become insecure due to exploited vulnerabilities.

One important piece of information I was able to come away with after having read the article was the fact that many sites that we visit may possibly become security threats that harm our computer or machine. I usually tend to visit the same sites on occasion, but I never considered any one of them being a potential threat to my computer. Anti-virus and malware protection software have been installed in all my machines. I am usually fairly confident about my security but after having read the article it’s possible that malware like this has bypassed the protection software. Still, I am becoming more weary on the dependability of security software as well as the authenticity of the sites I visit.



Fragmented AJAX-based Web Exploitation Attacks Detected in the Wild (2012). PC WORLD. Constantin, Lucisn. Retrieved May 6, 2012 from http://www.pcworld.com/businesscenter/article/247332/fragmented_ajaxbased_web_exploitation_attacks_detected_in_the_wild.html