“Their obfuscation tools are primitive but effective,” Nazario said. “They use obfuscation to avoid simple signatures,” he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.
Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.
View: Full Story @ News.com