12:55 PM
Connect Directly

New Hacker Toolkit Cloaks Browser Exploits

"VoMM," when applied to any browser exploit code, hides the exploit from static signature-based detection systems.

Metasploit, which regularly publishes exploit code for its flagship open-source attack testing platform, has released a new module designed to disguise any browser exploit from detection by signature-based defenses, Symantec warned Tuesday.

HD Moore, Aviv Raff, and someone identified only as "LMH" have created VoMM (for eVade-o-Matic Module), which when applied to any browser exploit code, hides the exploit from static signature-based detection systems.

Static detection -- where a specific signature is created to identify each exploit -- is used by many anti-virus products; the alternative, a generic signature that can spot an entire class of Web-based vulnerabilities, is harder to design and develop, said Symantec.

According to a post by LMH on his blog, VoMM uses multiple techniques to hide an exploit, including string obfuscation, block randomization, random comments, and variables obfuscation.

HD Moore applied most of the techniques to create an exploit of the now-patched VML vulnerability in Internet Explorer. Moore's exploit was undetected by all 26 virus scanning engines supported by VirusTotal, which include Grisoft's, McAfee's, Microsoft's, Symantec's, Kaspersky's, and others.

"This new module will make the detection of such attacks much more difficult," Symantec warned in an alert to customers of its DeepSight threat system.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.