Web Security Trends Report: 2007 forecast and info on dynamic code obfuscation

Finjan announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC).  In its Web Security Trends Report (Q4 2006), Finjan focuses on dynamic code obfuscation as a method to hide malicious code, a trend discovered by Finjan researchers that is growing in popularity among hackers as a means of bypassing traditional signature-based solutions in order to propagate malware.  The report also describes recent specific incidents of sophisticated hacker attacks that take advantage of Web 2.0 technologies to embed malicious code in high-traffic web sites — a vulnerability explored in Finjan’s previous Web Security Trends Report (Q3 2006).  In addition, the latest Finjan report includes a review of web security threats that emerged this year and the outlook for security trends in 2007.
 
Dynamic code obfuscation — the latest method used by hackers to evade detection
 
The Finjan report provides several examples of dynamic code obfuscation techniques identified by Finjan’s MCRC as an especially insidious threat that undermines the ability of security vendors to detect and counter encrypted malicious code.  These strategies entail providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions, parameter name changes, etc.  To counter this threat, a conventional signature-based security solution theoretically would need millions of signatures to detect the existence of this particular piece of malicious code and to block it.
 
Q3 follow-up:  hackers target Web 2.0 platforms and technologies
 
The Finjan report also details two recently publicized incidents in which hackers used the popular Wikipedia encyclopedia and MySpace social networking site to infect innocent users.  These incidents provide real-world examples of the use of Web 2.0 technologies to propagate malicious attacks, a topic discussed in the earlier Q3 Finjan report which revealed how malicious code on highly popular sites can be used to infect innocent visitors to these sites.
 
Dynamic nature of the Web complicates security going into 2007
 
The Finjan report concludes with a review of Web security trends that emerged in 2006, and forecasts new developments in 2007.  2006 saw the arrival of a diverse range of web-based infection techniques — including rogue anti-spyware, ransomware, and rootkits — that elude traditional security solutions geared to protect against email viruses and spam.  Another development in 2006 was the commercialization of malicious code, as financial motivations played an increasing role in the evolution of malware.  Motivated by financial gain, hackers are trading vulnerabilities in online auctions, commercializing products such as malicious website creation toolkits, and developing new distribution techniques, including spam, for the propagation of malicious code. 

Looking forward to 2007, the Web Security Trends Report predicts that as Windows Vista and Internet Explorer 7.0 begin to achieve critical mass, this development will likely trigger a new wave of exploits from professional hackers who have had time to prepare in advance for this scenario.