Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using HTML5 To Hide Malware

Posted by timothy on from the but-html5-is-magic dept.

New submitter Jordan13 writes: SecurityWeek reports on the findings of a group of Italian researchers about web malware. They developed three new obfuscation techniques that can be used to obfuscate exploits like the one usually leveraged in drive-by download malware attacks. These techniques use some functionalities of the HTML5 standard, and can be leveraged through the various JavaScript-based HTML5 APIs. The research also contains recommendations about some of the steps that can be taken to counter these obfuscation techniques.

6 of 56 comments (clear)

  1. Direct link to PDF by rebelwarlock · · Score: 5, Informative

    Here: http://arxiv.org/pdf/1507.03467v1.pdf

    Because 1) these geniuses don't know how to do a hyperlink, and 2) the article is completely worthless aside from a link to a page that links to the PDF.

  2. Re:Ya blew it by Demonoid-Penguin · · Score: 2

    Links that work pls thx.

    The links are recursive (they point at /.) so they'd be fuck all use at providing more information - and nothing to do with the crappy summary (SecurityWeek reports). Thanks for nothing Timothy.

    Articles from the last week of SecurityWeek about HTML5 and malware 4 security flaws in MSIE, a stupid "story" about old flaws long patched,

    This one - paper it's based on is here tl;dr If you don't use stupid (Silverlight, Java, Adobe, Flash) it won't matter.

  3. Re:links broken? by davester666 · · Score: 4, Funny

    No, I get a proper, fully rendered page. Why is my CPU at 100%?

    --
    Sleep your way to a whiter smile...date a dentist!
  4. Death of flash by DarkOx · · Score: 2

    Its funny I was just saying the other day to someone who said now that flash is being mostly canned security should improve.

    I said I don't know about that. The massive and rapid expansion of browser features and moving target that is HTML five support where everyone and their brother rushes out extensions is worrisome. I'll be surprised if there are not major exploits in some of that new browser code, especially sandbox escapes via the hardware stuff like webgl and what not. Only now there won't be any simple mitigation like just removing a plugin. You'll have to switch browsers.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    1. Re:Death of flash by Anonymous+Brave+Guy · · Score: 3, Informative

      You're absolutely right, of course.

      The main reasons plug-ins get attacked so much are that (a) they do more than browsers offer natively, notably including hardware interaction as you mentioned, and (b) they provide a big, juicy target.

      Expecting that moving those extra functions into the browser itself will somehow result in more secure implementations is optimistic. Every major browser fixes serious security vulnerabilities with updates, including the likes of Chrome and Firefox. They're right there in the release notes for the new version every six weeks, if anyone wants to look. The people and processes and tools used to make these browsers aren't dramatically more effective than the people and processes and tools used to make the popular plug-ins before. And it's often been the case that large, monolithic programs have proven harder to test and secure than a well-designed and well-isolated system of interacting smaller programs.

      The argument that browsers will somehow magically become more secure ways of doing the same things comes from the same mindset that says running Linux is the best way to avoid viruses because Windows is a security nightmare. It seemed credible at first, because few people were being successfully attacked while running Linux, but then someone made a Linux system that became popular with regular non-geek types, and today which platform has the fastest growing malware problem? It's probably Android.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  5. Re:links broken? by ArcadeMan · · Score: 4, Insightful

    Because of the "Let the browser take care of my crappy code" mentality, one core could be busy decompressing the insanely-too-large JPEGs so-called "designers" are using, another core is busy wasting cycles to run what should be plain javascript and CSS transitions through half a dozen bloated javascript/HTML libraries/frameworks and another core is busy trying to make any sense whatsoever of the non-valid HTML code because people don't give a damn about matching tag pairs.

    The 4th core is alone in the corner, talking with the GPU to render pointless shiny effects for the OS GUI.

    Programmers, designers, coders, webmonkeys... we all should be running 5-years-old hardware on 1/4 the connection speeds of the average users. We're the ones making the programs, websites, apps, etc. But no, most of us have the latest hardware, fast connections, etc. That's like letting engineers design roads for their expensive and extremely fast motorcycles. But those roads would be sub-optimal for regular drivers with cars, truckers, etc.

    --
    Get free satoshi (Bitcoin) and Dogecoins