Using HTML5 To Hide Malware

New submitter Jordan13 writes: SecurityWeek reports on the findings of a group of Italian researchers about web malware. They developed three new obfuscation techniques that can be used to obfuscate exploits like the one usually leveraged in drive-by download malware attacks. These techniques use some functionalities of the HTML5 standard, and can be leveraged through the various JavaScript-based HTML5 APIs. The research also contains recommendations about some of the steps that can be taken to counter these obfuscation techniques.

Direct link to PDF

[rebelwarlock]

Here: http://arxiv.org/pdf/1507.03467v1.pdf

Because 1) these geniuses don't know how to do a hyperlink, and 2) the article is completely worthless aside from a link to a page that links to the PDF.

Re:links broken?

[davester666]

No, I get a proper, fully rendered page. Why is my CPU at 100%?

Re:Death of flash

[Anonymous+Brave+Guy]

You're absolutely right, of course.

The main reasons plug-ins get attacked so much are that (a) they do more than browsers offer natively, notably including hardware interaction as you mentioned, and (b) they provide a big, juicy target.

Expecting that moving those extra functions into the browser itself will somehow result in more secure implementations is optimistic. Every major browser fixes serious security vulnerabilities with updates, including the likes of Chrome and Firefox. They're right there in the release notes for the new version every six weeks, if anyone wants to look. The people and processes and tools used to make these browsers aren't dramatically more effective than the people and processes and tools used to make the popular plug-ins before. And it's often been the case that large, monolithic programs have proven harder to test and secure than a well-designed and well-isolated system of interacting smaller programs.

The argument that browsers will somehow magically become more secure ways of doing the same things comes from the same mindset that says running Linux is the best way to avoid viruses because Windows is a security nightmare. It seemed credible at first, because few people were being successfully attacked while running Linux, but then someone made a Linux system that became popular with regular non-geek types, and today which platform has the fastest growing malware problem? It's probably Android.

Re:links broken?

[ArcadeMan]

Because of the "Let the browser take care of my crappy code" mentality, one core could be busy decompressing the insanely-too-large JPEGs so-called "designers" are using, another core is busy wasting cycles to run what should be plain javascript and CSS transitions through half a dozen bloated javascript/HTML libraries/frameworks and another core is busy trying to make any sense whatsoever of the non-valid HTML code because people don't give a damn about matching tag pairs.

The 4th core is alone in the corner, talking with the GPU to render pointless shiny effects for the OS GUI.

Programmers, designers, coders, webmonkeys... we all should be running 5-years-old hardware on 1/4 the connection speeds of the average users. We're the ones making the programs, websites, apps, etc. But no, most of us have the latest hardware, fast connections, etc. That's like letting engineers design roads for their expensive and extremely fast motorcycles. But those roads would be sub-optimal for regular drivers with cars, truckers, etc.