Malware Can Be Hidden In Drive-By Download Exploits Using HTML5.

According to two researchers from Italian universities in Rome and Salerno, have identified methods through which malware can be hidden in drive-by download exploits using modern HTML5 APIs.

Hackers can use drive-by download method to install malware, spyware or computer viruses on victims computer. Most of these type of exploits are spotted by antivirus softwares, which made the attackers to think different techniques to hide their actions.

On 2013 a research was done and redone in July 2015. Researchers tested out their HTML5-based using VirusTotal antiviurs engines and used security bugs in Internet Explorer and Firefox

Developers use three different ways for confusing and clearing malicious code. These methods were successful  against static and dynamic analysis detection engines

  • Delegated Preparation –  Delegates the preparation of malware to the system APIs.

  • Distributed Preparation – Distributes the preparation code over several concurrent and independent processes running within the browser.

  • User-driven Preparation – Lets the user trigger the execution of the preparation code during the time he spends interacting with the page.

Researchers says that,”A further investigation revealed that this failure [to detect the obfuscated malware] was due to the inability of these [detection] systems  to  recognize  and  deal  with  HTML5  related  primitives.”

Related posts

Popup Builder Plugin Flaw Exploited To Infect WordPress Sites

Pipidae – the latest malware to take over the Mac ecosystem

Unmasking the Multi-Stage AiTM Phishing and BEC Attack on Financial Institutions