Chinese cyber attacks growing on trusted global websites

It says that its Malicious Code Research Centre (MCRC) has examined recent attacks and the mechanisms involved in executing them, and has discovered that while entry points are all over the world, they are all associated with servers registered as Chinese domains. Finjan CTO Yuval Ben-Itzhak says that criminals are spreading their attacks by placing the entry points on a variety of trusted websites, located in the USA, China and Western Europe, and recognised differently by URL categorisation engines. The infection, he says, consists of either an iframe or script tag placed on the website that causes visitors to be attacked. After the victim reaches an entry point, the attackers use dynamic code obfuscation methods to prevent signature-based technologies from detecting the attack, and the victim is redirected to a series of sites containing iframes that will eventually force him to visit a site that belongs to the Chinese network. “Signature-based and database-driven technologies like anti-virus and URL filtering are limited against the types of attacks we discovered, as the number of vectors and sophisticated structure of the network of websites can bypass traditional information security technologies,” says Ben-Itzhak, “Signature-based solutions are finding it hard to deal with the fact that most of the code is obfuscated and changed frequently. Also, URL classification-based solutions will find it hard to block an attack that is triggered from legitimate sites, such as government or academic domains. “The recommended methodology for handling these modern security threats is to inspect the actual content in real-time, regardless of its source, domain name, and the way it looks. To prevent these attacks, organisations should add real-time content inspection technology that blocks browsing to one of these infected sites after correctly identifying that they carry malicious code.”