Browsing the Internet has become an increasingly risky business in recent years. The massive increase in vulnerabilities that can be exploited via the ubiquitous Web browser has meant that attackers have steadily adopted this vector as a primary infection route for malware payloads.
Traditionally, Web browser attacks have relied on fairly simple exploit code, typically written as scripts within HTML documents. Consequently, Web browser exploits are easy to block. Using standard regular-expression and heuristic-based signature engines, exploit patterns are easily identified, and the attack can be thwarted over the network or at the host.
To overcome such protection mechanisms, attackers adopted numerous obfusca-tion techniques to disguise their raw exploit code. Their methods worked well, and newer, more sophisticated obfuscation methods were developed, almost guaranteeing that signature-based engines would not be able to protect against newer threats. In a world dominated by copy-paste exploit cloning, vendors of signature-based protection systems then focused on detecting the obfuscated exploit variant and were therefore able to provide protection to their custom-ers. Although not zero-day protection, it was sufficient for many enterprise customers to mitigate widespread infection.
This document is in PDF format. To view it click here.