Computer hackers are hiding malicious code in passages of text from some of the world’s greatest novels
IT security specialsits have warned that hackers are using passages from Jane Austen novels to trick Internet users into downloading computer viruses.
Firewalls are designed to spot suspicious looking texts but criminals have successfully been tricking them by hiding dangerous code in passages of text from classic novels, particularly Jane Austen’s 1811 debut novel Sense And Sensibility.
Cisco researchers, who have been studying the trick, said: “Adding passages of classic text to an exploit kit landing page is a more effective obfuscation technique than the traditional approach of using random text. Antivirus and other security solutions are more likely to categorise the web page as legitimate after ‘reading’ such text.”
Unfortunately, it is virtually impossible to tell ‘malicious code’ from ‘code’ and thus any security solution that relies on attempting to make this observation is doomed to fail, according to Amichai Shulman, CTO of Imperva.
While anti-malware solutions are improving, they are bound to stay behind attack methods – and not necessarily the most advanced ones, he added.
“The focus and effort should be shifted into detecting the attack, and the attack is almost always targeted at enterprise data,” he said. “You don’t get 145 million user account details, 70 million credit card numbers or 300,000 medical records from an endpoint. You get these by abusive access to enterprise databases and files servers – that is where the focus of advanced security solutions should be.”
It’s hardly a new phenomenon and certainly shows no sign of abating.
David Harley, senior research Fellow at IT Security Firm ESET, commented: “Spammers have used extracted text from all sorts of sources rather than purely random text for many years. Though, I have noticed a recent uptick in comment spam that uses bulk text that is sometimes a ‘pure’ extract and sometimes coherent but unconnected sentences.
“In general, I wouldn’t expect the coherence or otherwise of text to be the primary factor in a security product’s assessment of a page as malicious, though it might be used as one heuristic among many.”
How much do you know about Internet security? Take our quiz!