14 DAY TRIAL // Today, 6Scan announces that its security products for websites integrate a new feature that can detect and quarantine malicious code automatically.
The development of the feature stems from the fact that most malicious web-based links are hosted on legitimate websites as a result of hacking.
In order to solve the problem and ensure that websites can be accessed by visitors without any risk, the code is isolated immediately after detection, protecting customers against drive-by downloads or malicious redirects.
Cybercriminals have increased the complexity of their attacks, relying on dynamic DNS services and cloaking techniques to cover their tracks.
This solution should prove efficient against this sort of attacks, which could lead not only to infecting the customer’s machines with malware but also to blacklisting the website in search results, causing damage to the company.
Apart from isolating the malicious code, the new security approach allows investigation of the incident and possibly learning information about the attackers: “by quarantining the code we could quickly reverse engineer its behavior. This allows us to identify its infection techniques and how it communicates with command and control (C&C) servers,” a post from 6Scan informs.
The company tested the new capability when it was in beta stage of development with the site of one of its customers that had been infected for five months.
The attackers proved to be skillful in the art of evading detection because they used a calling script that would send information about the visitors to a command and control server, which would instruct for the delivery of the exploit only if certain parameters were met.
Triggering the exploit only when specific browsers are detected is an efficient way for attacks to go unnoticed for longer periods of time. In this case, apart from this, the crooks also made sure that the exploit was delivered just to new IP addresses connecting through Opera and Internet Explorer 11 and earlier.
Despite all this, 6Scan says that their solution was able to identify the malicious code and isolate it automatically.
“As threats to small businesses become more advanced solutions need to keep pace,” notes Chris Weltzien, 6Scan CEO. “And for small businesses, with limited resources and few, if any, dedicated IT security staff, it’s critical that these solutions are proactive and automated. With our latest release, 6Scan makes powerful real-time protection available to businesses and organizations of all sizes, regardless of their internal IT resources.”
The automated malware quarantine feature is available in Professional and Enterprise security suites from 6Scan.