Security firm M86 Security’s latest Security Labs Report has highlighted the emergence of combined attacks that use Adobe’s ActionScript and JavaScript languages to navigate around traditional anti-virus platforms.
This obfuscation through combined attacks has emerged recently as cyber criminals look for new ways to get around defences and cover their tracks. Splitting the malicious code between Adobe ActionScript language – built into Adobe flash – and JavaScript components on the webpage limits the effectiveness of current security technologies, M86 said.
"Traditional methods such as spambots and dynamic code obfuscation are still very much in use. However the first half of 2010 has also seen the emergence of new advanced methods as seen in the new combined attacks," said Bradley Anstis, vice president of technology strategy, M86 Security. "Cyber criminals continue to try and outsmart even the latest Internet security protection mechanisms."
The report also found that spam remains a significant threat with cyber crooks adapting their attacks to take advantage of high profile news events such as the recent football World Cup, held in South Africa.
The global volume of spam continues to increase despite the successful shut down of rogue ISPs, which suggests the battle against spam is nowhere near being won.
Another worrying development picked up by M86 is website poisoning, where legitimate websites are infected by the Asprox botnet, which has made a return. M86 found more than 10,000 ASP sites had been infected by the botnet in just three days during June.
CBR recently spoke to Tim Warner, VP of sales at M86 Security and Ed Rowley, product manager at the security firm about the latest enterprise web and email vulnerabilities. Listen to the exclusive podcast here.