Categories: FirewallSecurity

Senseless Jane Austen Virus May Offend Your Sensibilities

IT security specialsits have warned that hackers are using passages from Jane Austen novels to trick Internet users into downloading computer viruses.

Firewalls are designed to spot suspicious looking texts but criminals have successfully been tricking them by hiding dangerous code in passages of text from classic novels, particularly Jane Austen’s 1811 debut novel Sense And Sensibility.

Exploit kit

Cisco researchers, who have been studying the trick, said: “Adding passages of classic text to an exploit kit landing page is a more effective obfuscation technique than the traditional approach of using random text. Antivirus and other security solutions are more likely to categorise the web page as legitimate after ‘reading’ such text.”

Unfortunately, it is virtually impossible to tell ‘malicious code’ from ‘code’ and thus any security solution that relies on attempting to make this observation is doomed to fail, according to Amichai Shulman, CTO of Imperva.

While anti-malware solutions are improving, they are bound to stay behind attack methods – and not necessarily the most advanced ones, he added.

“The focus and effort should be shifted into detecting the attack, and the attack is almost always targeted at enterprise data,” he said. “You don’t get 145 million user account details, 70 million credit card numbers or 300,000 medical records from an endpoint. You get these by abusive access to enterprise databases and files servers – that is where the focus of advanced security solutions should be.”

It’s hardly a new phenomenon and certainly shows no sign of abating.

David Harley, senior research Fellow at IT Security Firm ESET, commented: “Spammers have used extracted text from all sorts of sources rather than purely random text for many years. Though, I have noticed a recent uptick in comment spam that uses bulk text that is sometimes a ‘pure’ extract and sometimes coherent but unconnected sentences.

“In general, I wouldn’t expect the coherence or otherwise of text to be the primary factor in a security product’s assessment of a page as malicious, though it might be used as one heuristic among many.”

How much do you know about Internet security? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago