‘JIT Spraying': Hackers Find New Ways to Hijack Applications

“JIT spraying” might not mean anything to you, but to hackers, it’s a dangerous new exploit tool in their ever-increasing arsenal of methods.

At the Black Hat Security Conference here, researchers Sung-ting Tsai and Ming-chieh Pan demonstrated the new hacking technique of just-in-time (JIT) spraying. A JIT spraying attack sprays an application’s memory with large amounts of exploit code that effectively overwhelms the application’s address space randomization (ASR) and data execution prevention (DEP) security protocols.

After being JIT sprayed, these infected applications — Tsai and Pan chose Adobe Flash as an example of a program that can be exploited — are then attached to emails to launch successful spear-phishing attacks.

Spear-phishing attacks are executed when a criminal sends a legitimate-looking email containing an attached document — often a Flash, Microsoft Word or Microsoft Windows Media Player file — that contains corrupted code that launches on the target’s computer.

[Dastardly ‘Spear Phishing’ Targets Companies and Governments]

“These kind of silent threats are attacking the whole world, especially governments and large enterprises,” Tsai, a staff research engineer with Trend Micro, told the audience in his presentation, “Weapons of Targeted Attack: Modern Document Exploit Techniques.”

To prove just how vulnerable typical programs are to JIT spraying, Tsai and Pan, a senior vulnerability researcher with Net-Hack Inc., took the audience through several proof-of-concept hacks.

In one, Tsai used a JIT spraying attack to create a rogue version of Flash, which evaded detection by Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a program specifically designed to protect users from such strikes.

Tsai and Pan also JIT sprayed Flash to create a malicious file capable of bypassing a system’s sandbox, a security feature designed to isolate corrupt files and prevent them from spreading.

Of the constant push and pull between security vendors and the hackers that keep them in business, Tsai explained that as long as high-tech attacks like JIT spraying work, preventing hackers from launching such attacks will “always be a cat-and-mouse game.”

“We believe attackers are working hard on these topics,” Tsai added. “We wish security vendors could address these problems to come out with solutions ahead of the attackers.”

Article provided by SecurityNewsDaily, a sister site to Laptopmag.com.

Email* (will not be published)
*Indicates required field
Submit Comments

All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options