Competition: web attacks and web Protection

With the gradual upgrade of the Internet, both sides of Web attacks and Web Protection have launched a new round of tug-of-war. From quietly allowing malicious software to sneak in to users' systems for illegal downloads, to redirecting users to malicious advertisements of fake Anti-Virus products that attempt to extort money, the Internet world is filled with various unknown threats. In the face of this new pattern, traditional protection methods cannot provide full protection.

A variety of Web attack techniques

Currently, a webpage may contain many synchronized data sources from around the world. As long as one of the data sources is under Web attacks, new Web attacks may rapidly spread to many unwary Internet users.

"The most dangerous form of malware infection is known as illegal downloads," said JohnHarrison, manager of the terminal protection product group at Symantec's security technology and response center. Users can automatically download executable content to the user's computer by simply browsing the website, without having to know it or having to authorize the user ."

Not only that, but today, hacker attack methods are more concealed than before. "The technology in the Web attack toolkit not only helps attackers find the vulnerabilities that can be attacked in the user environment, but also increases the flexibility of attackers, facilitating their successful attacks and Evading detection," johnharsen said ."

Reporters learned that attackers can use Web attack packets to launch hidden attacks to users. Based on the specific operating systems, browser types, and plug-ins running on the computers of potential victims, the toolkit increases the success rate of Web attacks to the maximum, it also minimizes the chances of attackers being detected. The Web attack package can also select the attack time and launch regional attacks based on the specific area of the user. All these hidden means make it difficult for website administrators and security providers to detect and remedy.

These technologies are automatic attacks initiated by attackers by exploiting computer vulnerabilities. However, at present, malware makers focus more on using social engineering (spoofing) technology to attack users and their computers with greater caution.

JohnHarrison said Symantec recently detected that attackers could forge user-familiar scenarios by creating attractive audio and video websites. Then, when users access the website, the website prompts that you must install a new decoder to access the content of the website. In fact, the downloading is not a decoder, but a malware. Moreover, attackers also use P2P file sharing systems, malicious advertisements, and pseudo-scan programs to trick users into installing malware or stealing users' personal information.

Security suppliers respond calmly

JohnHarrison said: "The illegal download attack makes traditional feature-based detection technology that only has anti-virus functionality practically useless. Using conventional virus features, it is difficult to detect attacks against multimedia, reader, browser, and third-party software vulnerabilities, because these Web attacks will automatically display in the browser by exploiting hidden vulnerabilities. When the hacker download attack technology is combined with the code obfuscation technology, the conventional detection method is more powerless, so we have to adopt new detection and protection methods ."

For general users, updating all software on the system to the latest version is one of the most important protection measures. These include OS updates, applications, Web browsers, and plug-in software updates. Furthermore, users must be cautious with their websites, click links, and installed applications to prevent the intrusion of social engineering technologies.

Of course, users also need to deploy comprehensive endpoint security products to make up for the shortcomings of traditional feature-based anti-virus products. JohnHarrison said Symantec uses active defense technologies to help users defend against Web attacks initiated by hidden vulnerabilities and protect browsers and plug-ins from code obfuscation threats, and block unexpected threats to new attack technologies.

Robert pregnell, regional product manager of Symantec's security business unit in the Pacific region, said that due to the lack of IT funds and technical staff in the face of increasingly complex Internet, most SMEs in China face severe security problems. SymantecEndpointProtection active threat scanning technology for small and medium-sized enterprises can help enterprises defend against threats without being identified by security providers. This protection software can help enterprises effectively prevent new Web attacks, such as illegal downloads, by monitoring vulnerabilities exploited by computers and identifying the website attack toolkit.