Hacker’s Newest Ploy: JIT Spraying

Friday, August 5, 2011 @ 10:08 AM gHale

JIT spraying is a new exploit tool hackers are using to get into systems.

A just-in-time (JIT) spraying attack sprays an application’s memory with large amounts of exploit code that effectively overwhelms the application’s address space randomization (ASR) and data execution prevention (DEP) security protocols, said researchers Sung-ting Tsai and Ming-chieh Pan at the Black Hat Security Conference in Las Vegas.

SCADA Hacking via Search Engines
Help Wanted: Government Hackers
Feds Fear New Stuxnet Threats
Web Sites to Find if You’re a Target

After being JIT sprayed, these infected applications then attach to emails to launch successful spear-phishing attacks, the researchers said.

Spear-phishing attacks are when a criminal sends a legitimate-looking email containing an attached document — often created by Flash, Microsoft Word or Microsoft Windows Media Player — that contains corrupted code that launches on the target’s computer.

“These kind of silent threats are attacking the whole world, especially governments and large enterprises,” said Tsai, a staff research engineer with Trend Micro, during his presentation, “Weapons of Targeted Attack: Modern Document Exploit Techniques.”

To prove just how vulnerable typical programs are to JIT spraying, Tsai and Pan, a senior vulnerability researcher with Net-Hack Inc., took the audience through several proof-of-concept hacks.

In one, Tsai used a JIT spraying attack to create a rogue version of Flash, which evaded detection by Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a program specifically designed to protect users from such strikes.

Tsai and Pan also JIT sprayed Flash to create a malicious file capable of bypassing a system’s sandbox.

Leave a Reply

You must be logged in to post a comment.