Sign In

Communications of the ACM

ACM TechNews

Researchers Prove Html5 Can Be ­sed to Hide Malware

The HTML5 logo.

Italian researchers have found the HTML5 standard could allow hackers to execute drive-by download attacks.

Credit: World Wide Web Consortium

The upcoming HTML5 standard could enable hackers to execute drive-by download attacks, according to researchers in Italy.

The team developed new obfuscation techniques in an effort to motivate developers to strengthen malware detection systems. The obfuscation techniques are based on some functionalities of the HTML5 standard, and can be leveraged through the JavaScript-based HTML5 application programming interfaces (APIs). The techniques follow the original drive-by-download malware scheme, but the delivery and de-obfuscation phases use the APIs to avoid typical and well-known de-obfuscation and malware assembly patterns. The techniques enable users to trigger the execution of the preparation code, distribute the preparation code over several concurrent and independent processes running within the browser, or delegate the preparation of a malware to the system APIs.

The researchers report in tests on existing malware-detection systems, the Web malware that was detected without obfuscation consistently went undetected when processed with their obfuscation techniques.

The researchers have proposed countermeasures for their techniques.

From Help Net Security
View Full Article - May Require Free Registration


Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account