Did I just say that? Usually security researchers hate obfuscation. But I say, let them obfuscate more!
Obfuscation is a loosely defined term, but it basically refers to a method of concealing your exploit code to avoid detection. Attackers employ various techniques and methodologies to achieve obfuscation. Some techniques are very clever and take even the most seasoned security researcher by surprise. In most cases, attackers try to obfuscate their exploit by stretching the limits of the language or protocol they are using. Some take advantage of the detection engine limitations as well.
Today many detection engines parse files and network streams to detect vulnerabilities and odd behavior by using pattern-matching algorithms. However, in many cases the detection logic used has some limitations and assumptions built in. Some limitations stem from the architecture of the detection engine, and some stem from the risk of a false positive. In this cat and mouse game,...
In a recent blogI discussed the ill effects of Web 2.0 and the main theme revolvedaround security for users of social networking sites. Well, what if youdon’t use social networking sites? What if you only just visit knownand legitimate "good" sites? For example, you read an online newspaperor view your government's national defense Web site, or look up wordson a popular online Web dictionary? Do these actions sound more likeyou? Are you protected in that case?
What most average users don’t know is that legitimate sites can beinfected as well. Symantec has seen a sharp increase in legitimate Websites becoming infected and serving browser-based exploits. For themost part, these sites are innocent victims themselves and in mostcases are unaware of the exploits hosted on their Web sites.
