1 / 9

The Ghost In The Browser Analysis of Web-based Malware

Niels Provos , Dean McNamee, Panayiotis Mavrommatis , Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets ( HotBots ‘07), Usenix , 9 pp., 2007. Presentation by Yuk Hin (Edwin) Chan. The Ghost In The Browser Analysis of Web-based Malware.

Download Presentation

The Ghost In The Browser Analysis of Web-based Malware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NielsProvos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and NagendraModadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots ‘07), Usenix, 9 pp., 2007. Presentation by Yuk Hin (Edwin) Chan The Ghost In The BrowserAnalysis of Web-based Malware

  2. The Paper • By Google • Analyse large webpage repository for malware – “drive-by downloads” • A pull-based approach, which defeats network defences such as proxies and NAT • Outlines methods used by adversary • How exploits appear • What mechanisms they use • Discuss trends in malware

  3. The Experiment

  4. In Detail • Heuristics prune unlikely URLs • Much less URLs to analyse • Runs Internet Explorer in virtual machine • New processes created by visiting webpage • Classifies Malware • Voting by different anti-virus software • Relies on anti-virus companies • Difficult to be accurate • Analysis of malware distribution across hosts

  5. Good • Google has access to huge dataset • Gives comprehensive results • Provided statistical data on • Malware types • Malware distribution • Malware lifetime

  6. Limits 1 • Many methods used are not exact or detailed • “We detect malicious pages based on abnormalities such as heavy obfuscation” • Abnormalities are not well defined • “To detect pages … we examine the interpreted Javascript included on each web page.” • What about exploits that does not relate to Javascript?

  7. Limits 2 • Limited browsers tested • Tests only Internet Explorer • Which version of IE is tested? • Not all malware target Internet Explorer • Other Browsers? • Firefox, Opera, Safari • It would be interesting to see the proportion of malware that targets browsers with smaller market share.

  8. Thank You / Thoughts This study shows that malware is a common threat to users “About 10% of the URLs we analyzed were malicious”And the methods they use are varied and constantly evolving. How can we best combat this threat?

  9. MapReduce Heuristics Exploit Link Page URL Exploit Link Map Exploit Link Reduce Exploit Link

More Related