The ghost in the browser analysis of web based malware
Download
1 / 21

The Ghost In The Browser Analysis of Web-based Malware - PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on

The Ghost In The Browser Analysis of Web-based Malware. Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu Google, Inc. 鲍由之 11,23,2010. Overview. Aim to present the state of malware on the Web and emphasize the importance of this rising threat.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The Ghost In The Browser Analysis of Web-based Malware' - zanna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The ghost in the browser analysis of web based malware

The Ghost In The Browser Analysis of Web-based Malware

Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu

Google, Inc.

鲍由之

11,23,2010


Overview
Overview

  • Aim

    to present the state of malware on the Web and emphasize the importance of this rising threat.

  • Phase 1: observing the malware behavior when visiting malicious URLs and discover if malware binaries are being downloaded as a result of visiting a URL.

  • Phase 2: keeping detailed statistics about detected web pages and keep track of identified malware binaries for later analysis.

  • Furthermore examining how malware takes advantage of browser vulnerabilities to install itself on users’ computers.


Phase 1 detecting
Phase 1: Detecting

  • Definition of malicious web page

    • Causing the automatic installation of software without the user’s knowledge or consent.


Method
Method

  • MapReduceHeuristical URL

    Extraction:

  • Rating

    • No details


Results of detecting
Results of Detecting

  • Increasing amount of base per day because of optimizations


Categories
Categories

  • Four different aspects of content control responsible for enabling browser exploitation:

    • advertising

    • third-party widgets

    • user contributed content

    • web server security


Web server security
Web Server Security

  • Adversary gains control of a server

  • May changed over time


User contributed content
User Contributed Content

  • Blogs, comments, etc.

  • Example: a poll




Exploitation
Exploitation

  • Finding vulnerable network services and remotely exploiting them.

    • e.g. worms

    • NAT & Firewalls


  • Drive-by-download

    • Javascript, VB, Flash, pdf

    • <javascript> <iframe> tag

    • systematically catalogs the computing environment, instead of blindly trying

  • Tricking the User

    • Social engineering

      • Adult movie


Phase 2 trend and statistics
Phase 2: Trend and Statistics

  • To capture the evolution of all these characteristics over a twelve month period and present an estimate of the current status of malware on the web.

  • Obfuscation

  • Classification

  • Remotely Linked Exploits

  • Distribution of Binaries Across Domains

  • Malware Evolution


  • Obfuscation

    • Decoding

  • Classification

    • Trojan

    • Adware

    • Unknown/Obfused

    • Assuming that two binaries are different if their cryptographic digests are different.


  • Remotely Linked Exploits

    • Easy to change

    • May lead to bottleneck or a single point of failure

    • The top graph presents the number of unique web pages pointing to a malicious URL and for all of such URLs.



  • Malware Evolution

    • the majority of malicious URLs change binaries infrequently.

    • However, a small percentage of URLs change their binaries almost every hour.


Expection
Expection

  • The majority of malware is no longer spreading via remote exploitation but rather as we indicated in this paper via web-based infection.


Conclusion
Conclusion

  • An intro to malwares which is popular during the internet at present

    • No specific details about any tech

    • Appears to be a statistical report

    • No care about specific vulnerabilities but rather about how many URLs on the Internet are capable of compromising users.

  • BASE: A huge amount of data because of its privilege


  • we assumed that two binaries are different if their cryptographic digests are different.

  • If the majority of URLs on a site are malicious, the whole site, or a path component of the site, might be labeled as harmful when shown as a search result.

  • For each URL, we score the analysis run by assigning individual scores to each recorded component.



ad