Translate

1/05/2014

Potentially Suspicious Blogsite: - viralblogspotblog.blogspot.com
Malicious Heap Spray Attempts

Potentially Suspicious Blogsite: Phish included Likely (Likely Malicious Heap Spray Attempt)

URL:

viralblogspotblog.blogspot.com
  • https://www.virustotal.com/de/url/3f174bab33559159c8177dc0c73bc6b17c8dde1ab4dae3aba5a0b193273551db/analysis/1388942353/

HTML (TITLE: Amazing Money Making Blog)

  • https://www.virustotal.com/de/file/1aa603f7c051f2d1344d631efac25b6e5f7a5b73a825dae63c1aa72c98bb682c/analysis/
Likely Malicious Heap Spray Attempt
  • https://urlquery.net/report.php?id=8705799
  • https://urlquery.net/report.php?id=8705803

 What is a heap spray attack ?

Heap spraying refers to the attempt to insert code into a predetermined location using the potential exploits of vulnerable browsers.

“Heap” comes from the term heap-based memory allocation (also known as Dynamic memory allocation), which is the allowance of memory storage to be used by a computer program when it runs. 

“Spraying the heap” is code that inserts a sequence of bytes into the memory of a target process by creating large blocks on the process’ heap and filling them in with specific values. 

This takes advantage of existing memory corruption errors in type-unsafe applications and allows the attacker to perform arbitrary code execution

Though heap spraying has been used since at least 2001, the method became popular in 2005 with the publication of several exploits involving the Internet Explorer web browser. Heap spraying proved popular due to how easy it was for novice hackers to write exploits or copy previous exploits for many vulnerabilities found in web browsers or browser plug-ins. 

When targeting browsers for heap spraying, JavaScript is mostly used. Microsoft Office has also been found to be vulnerable to heap spraying, so security experts recommend scanning all email going through a server for malware hidden in a Microsoft Office document attachment. Solutions such as Nozzle, a runtime monitoring infrastructure that detects attacker’s attempts to spray the heap, have been developed in order to counter this technique. 

Antivirus software also can protect against heap spraying attacks, so keeping your antivirus browser software up to date is essential.




by PC Tools (Symantec)

Keine Kommentare:

Kommentar veröffentlichen