Finjan has identified significant new web attack – the latest in a genre of crimeware that threatens to turn highly trusted web sites into insidious traps for unwary visitors. More than 10,000 websites in the US were infected in December by this latest malware.
The attack, which Finjan has designated “random js toolkit,” is an extremely elusive crimeware Trojan that infects an end user’s machine and sends data from the machine via the Internet to the Trojan’s “master”, a cybercriminal. Data stolen by the Trojan can include documents, passwords, surfing habitats, or any other sensitive information of interest to the criminal.
Signaturing a dynamic script is not effective. Signaturing the exploiting code itself is also not effective, since these exploits are changing continually to stay ahead of current zero-day threats and available patches. Keeping an up-to-date list of “highly-trusted-doubtful’ domains serves only as a limited defense against this attack vector.