the ghost in the browser analysis of web based malware
Download
Skip this Video
Download Presentation
The Ghost In The Browser Analysis of Web-based Malware

Loading in 2 Seconds...

play fullscreen
1 / 21

The Ghost In The Browser Analysis of Web-based Malware - PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on

The Ghost In The Browser Analysis of Web-based Malware. Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu Google, Inc. 鲍由之 11,23,2010. Overview. Aim to present the state of malware on the Web and emphasize the importance of this rising threat.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The Ghost In The Browser Analysis of Web-based Malware' - zanna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the ghost in the browser analysis of web based malware

The Ghost In The Browser Analysis of Web-based Malware

Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu

Google, Inc.

鲍由之

11,23,2010

overview
Overview
  • Aim

to present the state of malware on the Web and emphasize the importance of this rising threat.

  • Phase 1: observing the malware behavior when visiting malicious URLs and discover if malware binaries are being downloaded as a result of visiting a URL.
  • Phase 2: keeping detailed statistics about detected web pages and keep track of identified malware binaries for later analysis.
  • Furthermore examining how malware takes advantage of browser vulnerabilities to install itself on users’ computers.
phase 1 detecting
Phase 1: Detecting
  • Definition of malicious web page
    • Causing the automatic installation of software without the user’s knowledge or consent.
method
Method
  • MapReduceHeuristical URL

Extraction:

  • Rating
    • No details
results of detecting
Results of Detecting
  • Increasing amount of base per day because of optimizations
categories
Categories
  • Four different aspects of content control responsible for enabling browser exploitation:
    • advertising
    • third-party widgets
    • user contributed content
    • web server security
web server security
Web Server Security
  • Adversary gains control of a server
  • May changed over time
user contributed content
User Contributed Content
  • Blogs, comments, etc.
  • Example: a poll
exploitation
Exploitation
  • Finding vulnerable network services and remotely exploiting them.
    • e.g. worms
    • NAT & Firewalls
slide12

Drive-by-download

    • Javascript, VB, Flash, pdf
    • <javascript> <iframe> tag
    • systematically catalogs the computing environment, instead of blindly trying
  • Tricking the User
    • Social engineering
      • Adult movie
phase 2 trend and statistics
Phase 2: Trend and Statistics
  • To capture the evolution of all these characteristics over a twelve month period and present an estimate of the current status of malware on the web.
  • Obfuscation
  • Classification
  • Remotely Linked Exploits
  • Distribution of Binaries Across Domains
  • Malware Evolution
slide14

Obfuscation

    • Decoding
  • Classification
    • Trojan
    • Adware
    • Unknown/Obfused
    • Assuming that two binaries are different if their cryptographic digests are different.
slide15

Remotely Linked Exploits

    • Easy to change
    • May lead to bottleneck or a single point of failure
    • The top graph presents the number of unique web pages pointing to a malicious URL and for all of such URLs.
slide16

Distribution of Binaries Across Domains

    • To avoid bottleneck or a single point of failure mentioned above
slide17

Malware Evolution

    • the majority of malicious URLs change binaries infrequently.
    • However, a small percentage of URLs change their binaries almost every hour.
expection
Expection
  • The majority of malware is no longer spreading via remote exploitation but rather as we indicated in this paper via web-based infection.
conclusion
Conclusion
  • An intro to malwares which is popular during the internet at present
    • No specific details about any tech
    • Appears to be a statistical report
    • No care about specific vulnerabilities but rather about how many URLs on the Internet are capable of compromising users.
  • BASE: A huge amount of data because of its privilege
slide20

we assumed that two binaries are different if their cryptographic digests are different.

  • If the majority of URLs on a site are malicious, the whole site, or a path component of the site, might be labeled as harmful when shown as a search result.
  • For each URL, we score the analysis run by assigning individual scores to each recorded component.
slide21

Q&A

  • Thank you
ad