• My Tweats

    • Flickr Photos

    Javascript Malware

    From Dark Reading:

    Network security, in large part, had a huge role to play in creating the newest attacks. Network administrators rightly told their architects to build applications that could be tunneled over hypertext transfer protocol, while at the same time they would close down all access to any other unnecessary inbound services. Can you see the obvious flaw in their logic here?

    I was one of those people. We did hat we could with the tools of the time.

    How it works:

    When a user inside a corporate LAN visits the malicious Web page, that Web page starts making requests to internal devices behind your firewall.

    The first thing the malware does is attempt to locate any machine that responds. Once it does that it attempts to fingerprint things on the machine that might tell the attacker more (like what Web server itself it is running, which might have default issues with it or a particular outdated version of an open sourced package with remote file includes built into it). Using that as a steppingstone, the malware attempts to execute the command on the user on your corporate intranet’s behalf. If the attack is successful the machine behind the firewall is compromised.

    It is all about layers:

    • Inbound and Outbound web traffic should be scanned for virus/malware.
    • A filtering service should be used that uses a network of sensors and keeps current
    • Desktops should have anti-malware and even centrally controlled desktop firewalls to control activity
    • Internal intrusion detection through the of standard ids, honeypots and
    • Network/security zone segmentation an inetrnal firewalls (at L2 or L3) to futher breakdown.
    • Log everything centrally with ip/userid when possible.
    • Use traffic analysis by segments triggering on unusual patterns
    • Treat your internal network server pool just like DMZs with closed access.
    • Do watch outbound failures on your firewalls – they are a great source of intel on bad things gong on.
    • You need to watch for and respond quicklyto this stuff

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google photo

    You are commenting using your Google account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: