Image/script duality trickery
Cybercriminals have started using so-called ‘polyglot images’ to disguise malvertising attacks.
The latest versions of popular browsers such as Chrome and Firefox enforce content type, so this kind of trickery will fail in many cases.
Surfers still using Internet Explorer, however, are still at risk of attack from polyglot-based exploits, which offer crooks advantages over what might be possible using standard steganographic attacks.
How the file is interpreted by the browser
“This attack has many layers and new techniques to attempt to hide what it’s true nature is and to hinder white hat reverse engineers from figuring out exactly how it works.”
The attack vector at the heart of this trickery is not that new. According to Devcon, these types of techniques have been “well known to security researchers and pen testers to execute shell code and deploy server-side attacks”.
The significance of the latest attacks is that it provides evidence that more advanced groups are now moving into the ad fraud space to exploit users, Devcon warns.