According to two researchers from Italian universities in Rome and Salerno, have identified methods through which malware can be hidden in drive-by download exploits using modern HTML5 APIs.
Hackers can use drive-by download method to install malware, spyware or computer viruses on victims computer. Most of these type of exploits are spotted by antivirus softwares, which made the attackers to think different techniques to hide their actions.
On 2013 a research was done and redone in July 2015. Researchers tested out their HTML5-based using VirusTotal antiviurs engines and used security bugs in Internet Explorer and Firefox
Developers use three different ways for confusing and clearing malicious code. These methods were successful against static and dynamic analysis detection engines
Delegated Preparation – Delegates the preparation of malware to the system APIs.
Distributed Preparation – Distributes the preparation code over several concurrent and independent processes running within the browser.
User-driven Preparation – Lets the user trigger the execution of the preparation code during the time he spends interacting with the page.
Researchers says that,”A further investigation revealed that this failure [to detect the obfuscated malware] was due to the inability of these [detection] systems to recognize and deal with HTML5 related primitives.”