Jump to content

Is ESET able to detect HTML5 malware?


Azure Phoenix
 Share

Recommended Posts

1- https://www.infosecurity-magazine.com/news/security-of-html5-may-not-live-up/

2 - https://martechtoday.com/media-trust-warns-of-malware-in-html5-ads-217292?utm_src=ml&utm_medium=textlink&utm_campaign=mlxpost

 

"One of the most problematic characteristics of the way in which HTML5 malware is delivered, Olson said, is that it is taking advantage of “obfuscated code” populating HTML5 ads. This obfuscation, he said, is “like a kind of encryption,” used by many legitimate developers to keep their software tricks from competitors.

But that “makes it extremely difficult to understand” and to find the delivery mechanisms used to carry the malware."

 

Link to comment
Share on other sites

Bunch of HTML5 tests here: https://html5sec.org/#html5 .

Many would not run in IE11. I did get a SmartScreen alert from the evil.com test.

Nothing from Eset but don't know if that means anything since the test shows HTML5 code used by malware w/o any actual malicious code employed.

Link to comment
Share on other sites

the blog both articles refer to is really light on details beyond inferring that bad actors are using html5 redirects on mobile devices with specific criteria; my guess is that eset would protect the user from the domain a browser is redirected to. imo, the html5 "malware" referenced doesn't seem like "malware" so much as using html5 features to do sketchy stuff.

Link to comment
Share on other sites

HTML5 malware is not new: https://news.softpedia.com/news/html5-can-be-used-to-hide-malware-in-drive-by-download-attacks-486974.shtml . I do know that Microsoft browsers and Firefox were both recently patched to eliminate most if not all of the attack vectors. Also, Chrome has its own protection mechanisms.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...