Fighting against Web exploitation
Fighting against Web exploitation
September 25, 2008: Exploit Filtering is a new addition to the Web-security arsenal of IronPort Systems, designed to protect users from malware delivered through compromised Web sites even when these sites are not identified through URL filtering or signature scanning.
Exploit Filtering, available on the IronPort S-Series of Web-security appliances, zeroes in on the latest security threat: trusted Web sites that have been compromised to deliver Trojans or phishing attacks. Such attacks are carried out via techniques such as cross-site scripting exploits (a flaw within web applications that sends malicious code to the browsers of unsuspecting users), buffer overflows (sending too much data to an application’s temporary storage, which can enable security breaches), SQL injections (a technique that exploits a security vulnerability occurring in the database layer of an application), and invisible iFrame redirects (sending users to malware-generating sites).
According to IronPort, exploited Web sites are responsible for more than 87 per cent of all Web-based threats today, and an increasing number of malware writers are targeting well-known, trusted Web sites. For example, in early July, a major Japanese video game company’s Web site fell victim to an SQL injection attack, in which a piece of malicious JavaScript was embedded in parts of the site so that a pop-up message warned users that their computers were infected with malware. The pop-up then led users to a site where they could purchase so-called anti-virus software that was actually a malicious Trojan.
Traditional URL filters are not effective in identifying these threats because they rely on manual classification techniques. Infected sites can hide behind generic classifications such as shopping, finance, entertainment or news. However, IronPort’s Web-reputation technology uses real-time scanning in order to find and block access to the compromised Web sites before their malware can become operational.
“With the addition of Exploit Filtering, we are offering uncompromised protection against one of the biggest invisible threats on the Web: the transparent passing of malware through legitimate Web sites,” said Tom Gillis, vice president of marketing at IronPort Systems.
“By automatically filtering against exploited Web sites, IronPort continues to set itself apart from the competition in the Web-security-appliance market. With this innovative approach to filtering, we can reassure our customers that their network security will not be jeopardised when browsing trusted sites, which are often targets of malicious Trojan and phishing attacks.”