Ajax Next Avenue for Drive By Downloads?
It has been a very long time since any of the major Antivirus companies produced an alert regarding a severe virus or a worm on the level of MyDoom or Sasser. There are many reasons for this, not the least of which is the success of Microsoft’s security efforts with Windows XP servicepack 2 and its autoupdate features. Additionally, weaker operating systems have been phased out and more homes and office systems operate behind a firewall to prevent discovery of weak systems by malicious scanning hosts.
But hackers still need to distribute their botnets. The easiest way to do that now is by using drive-by downloads, which exploit weaknesses in web browsers or helper programs such as Adobe Acrobat or Quicktime. The advantage to a hacker of using this method to distribute malware is much greater too. The hackers usually maintain some access to a compromised server’s weblogs or IRC channel to verify which hosts become infected and which botted hosts are online and awaiting commands.
According to one security company, Finjan, which makes a behavioral detection engine, Ajax will be the hacker’s best friend in 2007 when it comes to distributing malware via drive-by downloads. The advantage of a hacker using Ajax is that the server-side computing and the download would be completely transparent to the victim, and hackers can leverage very popular Web 2.0 sites for maximum malware distribution.
From Techtarget here:
Finjan also predicts that attackers will continue to target Web 2.0 Web sites, especially those using Ajax in 2007. Ajax combines several programming tools such as JavaScript and dynamic HTML to create more interactive Web applications.
“Hackers are starting to use file requests with Ajax with no visual indication that something is happening,” Ben-Itzhak said.
In 2006, Finjan found that Ajax was being used to silently request malicious code without a user’s knowledge. Hackers can exploit Ajax to query content on the Web that is not crawled by search engines.
“Although AJAX is fantastic and rich web experience, it is also a potential threat,” Ben-Itzhak said. “Only real time analysis and making decisions based on the traffic running on the wire will be able to discover and fight this threat.”
Granted Ben-Itzhak is hawking the capabilities of his own product to defend against this insidious threat, but he is right about Ajax’s capabilities for malware distribution.
One way to defend against this on the host level may be to upgrade to Vista, which prevents any software from being installed without the expressed approval of the user.
