Premium Essay

Analysis of Web Based Malware

In:

Submitted By toughral
Words 8266
Pages 34
The Ghost In The Browser
Analysis of Web-based Malware
Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu
Google, Inc.
{niels, deanm, panayiotis, kewang, ngm}@google.com

Abstract
As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.

1.

INTRODUCTION

Internet services are increasingly becoming an essential part of our everyday life. We rely more and more on the convenience and flexibility of Internet-connected devices to shop, communicate and in general perform tasks that would otherwise require our physical presence. Although very beneficial, Internet transactions can expose user sensitive information. Banking and

Similar Documents

Premium Essay

Wk 3 Lab

...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...

Words: 1054 - Pages: 5

Free Essay

Dfdgfg

...Build Your Report | Symantec http://www.symantec.com/threatreport/print.jsp?id=highlights... BOOKMARK THIS PAGE | PRINT THIS PAGE | CLOSE Internet Security Threat Report Volume 17 Custom Report SHARE THIS PAGE Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. Web based attacks increased by 36% with over 4,500 new attacks each day. 403 million new variants of malware were created in 2011, a 41% increase of 2010. SPAM volumes dropped by 34% in 2011 over rates in 2010. 39% of malware attacks via email used a link to a web page. Mobile vulnerabilities continued to rise, with 315 discovered in 2011. Only 8 zero-day vulnerabilities were discovered in 2011 compared with 14 in 2010. 50% of targeted attacks were aimed at companies with less than 2500 employees. Overall the number of vulnerabilities discovered in 2011 dropped 20%. Only 42% of targeted attacks are aimed at CEOs, Senior Managers and Knowledge Workers. In 2011 232 million identities were exposed. An average of 82 targeted attacks take place each day. Mobile threats are collecting data, tracking users and sending premium text messages. You are more likely to be infected by malware placed on a legitimate web site than one created by a hacker. Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors and...

Words: 44470 - Pages: 178

Free Essay

Information Security

...ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware do not have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. AD Copyright SANS Institute Author Retains Full Rights Analyzing Man in the Browser Attacks | 1 Analyzing Man-in-the-Browser (MITB) Attacks GIAC (GCFA) Gold Certification Author: Chris Cain, cicain08@gmail.com Advisor: Dominicus Adriyanto Accepted: December 22nd 2014 Abstract The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware don’t have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. No one is safe from a MITB once it is installed, which easily bypasses the security mechanisms we all rely on. By infecting the browser and changing what is displayed we now have to wonder what world we are living in? Take the Red Pill and learn how this attack occurs to better allow you to hide from malware that target us every...

Words: 5973 - Pages: 24

Free Essay

Nokia Company

...[pic] Our discussion begins with systems failure and systems failure analysis definitions. A systems failure occurs when a system does not meet its requirements. A laser failing to designate its target, an aerial refueling system failing to transfer fuel at the proper flow rate, a blood chemistry analyzer failing to provide accurate test results, a munition that detonates prematurely, and other similar conditions are all systems failures. A systems failure analysis is an investigation to determine the underlying reasons for the nonconformance to system requirements. A systems failure analysis is performed to identify nonconformance root causes and to recommend appropriate corrective actions. Nokia smartphones provide security and device management capabilities for both the business user and company IT needs. For most business users, security is a transparent feature that enables safe usage of the smartphone. Companies whoenable their employees to access email and other intranet data from smartphones, security accompanied with device management, provides tools to protect sensitive company data against unauthorized access. [pic] Security foundation Nokia Lumia smartphones are shipped from the factory with a pre-installed Nokia certificate. Certificate is used to validate that the smartphone is running Nokia validated authentic software. Certificate is always checked at the time of flash. Nokia certificate is written in the eMMC Secure Storage and forms the foundation for...

Words: 1020 - Pages: 5

Premium Essay

Crm and Impact

... The organization information system is backbone of organizational operational and functional units, the malware can produce potential threat to organization image, the establishment of an effective security measures and reassessment of organizational risk management approaches in order to cater with latest implication trend in network security. This report is based on literature review, analytical analysis of case studies, news articles magazines to highlight vulnerability and implication of malware attack to an organization, highlights the salient features of malware attack, malware attacks that can significantly hurt an enterprise information system, leading to serious functional commotions, can result into destructing the basic IT security up to identity theft, leakage of data, stealing private information, corporate information system blue prints, industrial white papers and networks break down. The only constant in the world of technology is a change, report highlights the latest trends, dimension and implication of malware attack and new critical source of threats, within the perspective of constantly changing IT world (e.g. cloud services-integration) Enterprise may not effectively device and manage malware threat and 'risk assessment processes. This report highlight the malware propagation process, malware vulnerability, the types of malware, optimistic cost effective solution in order to minimize security risk for an Enterprise information systems. This...

Words: 3648 - Pages: 15

Free Essay

Developer

...particular, we discuss Intrusion Detection and Prevention techniques for handling web based attacks and to patch up different kinds of vulnerabilities in computer system. I. INTRODUCTION Web based system makes the next way of computing. Global prosperity and even faster pace of business are driving the desire for employees, partners and customers to able to communicate from different location in this world. With this phenomenal growth of computing devices, the threat of viruses is likewise growing. New platforms such as MAC OS of Apple and Microsoft Windows are highly attractive targets to virus and Trojan writers. As technology in the world of networking industries advances, virus writers have plenty of room for growth. Worse thing is security measures such as firewalls and virus scanners i.e. antivirus softwares are not widely used. The future may be even worse. With distributed programming platforms such as .NET, combine with Microsoft’s Windows platform the potential for viruses is even greater. II. OVERVIEW OF THREATS AND POTENTIAL DAMAGE On the surface, the vulnerability of wireless devices to viruses and malicious code threats appears to follow the same patterns of vulnerabilities that the wired world has experienced. Yet, upon closer inspection, the vulnerabilities are more numerous and complex and can be categorized into three groups: • Application-based threats • Content-based threats • Mixed threats...

Words: 4071 - Pages: 17

Premium Essay

Malware

...young programmers: Robert Thomas Morris, Douglas Mcllroy and Victor Vysottsky created a game called CoreWar, based on the theory of Von Neumann and in which programs fought between each other, trying to occupy as much memory as possible and eliminating opposing programs. This game is considered the precursor to computer viruses. In 1972, Robert Thomas Morris created the first virus as such: Creeper, which could infect IBM 360 on the ARPANET (the predecessor of the Internet) and show an on-screen message saying “I’m the creeper, catch me if you can”. To eliminate it, a virus called Reaper was created to search for it and destroy it”…………………...PANDA SECURITY ( 2011) Malware Overview Retrieved from http://www.google.com/images?rlz=1T4ADFA_enUS391US392&q=virus+clipart&um=1&ie=UTF-8&source=univ&sa=X&ei=nOx7TfqZEoXorAGvu5zCBQ&ved=0CDMQsAQ&biw=1174&bih=463 Malicious software, better known as Malware, is the most sophisticated type of threat to a computer system. Malware is simply code that is designed with purpose and intent to destroy, steal, disrupt or damage someone’s data, computer system or network. Malware is software that is written to do detriment to the data that resides on a computer or network, and is designed to secretly gain access to the system without the owner's knowledge or consent. Once installed, malware can run and stay resident on the system. This disruption, infection, or damage results in system degradation...

Words: 3874 - Pages: 16

Premium Essay

Case Study: Mobile Device Security and Other Threats

...these devices a very big security concern for the businesses. In this paper the nature of IT related threats faced in 2014 are discussed along with the security issues of mobile devices. a) Security threats presented within the “Security Threat Report 2014” report: The security report of Sophos (Security Threat Report 2014 Smarter, Shadier, Stealthier Malware. (n.d.). Retrieved August 19, 2014, from https://blackboard.strayer.edu/bbcswebdav/institution/CIS/502/1144/Week8/sophos-security-threat-report-2014.pdf) highlights the emerging security risks in the world. It the report, they have identified the following concerns for 2014: a. More efficient Botnets: The botnets become more resilient and stealth by the year 2014. Along with many known attributes, the sharing and copying botnet codes have resulted in emerging new botnets which are being used for various attacks all over the world. Also the botnets managers are creating new codes to overcome the counter measures prepared by the antivirus companies and making their botnet more resilient from known security measures. b. Android Malware: Android devices are now enjoying more than 70% of smartphone market share. This caused the OS to become a lucrative target for the cyber attackers. As the...

Words: 1993 - Pages: 8

Premium Essay

Wireless Devices

...TM 562: Wireless Devices and Applications Table of Contents Introduction 1 Background about Smartphones 1 Defined Smartphone 1 Different applications on a Smartphone 1 Problem Statement 3 Security Risks 3 Analysis 4 Viruses 4 Threats 5 Recommended Solution and Implementation 6 6 6 References 7 Introduction Statement If you've ever wondered exactly what a smartphone is, well, you're not alone. How is a smartphone different than a cell phone, what makes it so smart, and how secure is the device? Firstly, IBM designed the first smartphone in 1992. It was called Simon. The smartphone was presented that year as a concept device in Las Vegas at the computer industry trade show known as COMDEX. The first cell phone, on the other hand, was demonstrated 19 years before the first smartphone (Wikipedia). Smartphones are phones that provide a new genre of application than the standard cell phone. They provide phone plus Internet connectivity and storage, text and multimedia, and multi-tasking. In a nutshell, a smartphone is a device that lets you make telephone calls, but also adds in features that you might find on a personal digital assistant or a computer, such as the ability to send and receive e-mail, scheduling and contact management software, edit Office documents, as well as a built-in camera and mp3 capabilities. However, with the access to the Internet the phone is now subjected to more security issues. If a person can hack the...

Words: 2102 - Pages: 9

Free Essay

Botnet Analysis and Detection

...Acknowledgements I would like to appreciate God Almighty for his faithfulness and for the strength, without him I am nothing. I would like to thank my supervisor Dr Hatem Ahriz for his guidance throughout the writing of this report. I would like to thank Richboy and Ete Akumagba for their guidance and for proof reading this report. I would like to thank my family for their support and love. ii Abstract This era of explosive usage of networks have seen the rise of several opportunities and possibilities in the IT sector. Unfortunately, cybercrime is also on the rise with several forms of attack including, but not limited to botnet attacks. A Botnet can simply be seen as a network of compromised set of systems that can be controlled by an attacker. These systems are able to take malicious actions as needed by the attacker without the consent of the device owner and can cause havoc. This paper is the first part of a two-part report and discusses on several reportedly known botnets and describes how they work and their mode of infection. Several historic attacks and the reported damage have been given to give a good picture and raise the bar on the capabilities of botnets. Several existing tools have been considered and examined which are useful for detecting and terminating botnets. You would find that each tool has its own detection strategy, which may have an advantage on some end than others. iii Table of Contents Declaration ................

Words: 13171 - Pages: 53

Free Essay

Antiphishing

...A Structured Analysis of PHISHING By Prasath Manimaran ID: 20038303 Table of Contents Chapter One – Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………...

Words: 15039 - Pages: 61

Free Essay

Compare and Contrast Three Forms of Malware

...of malware that originally had legitimate applications, but have over time been developed as malicious software are taken into account: ActiveX control, Telnet, and NetBIOS. They are explained first, then the risks user can face if his computer is infected with that malware are given, and the countermeasures which should be taken in order to combat the malware. After that, the compare and contrast of the three forms of malware mentioned above is given. In the end, two recent forms of malware, Flame and FinFisher are explained. ActiveX control What is an ActiveX control? ActiveX is a software component of Microsoft Windows. It is already installed in a computer with Internet Explorer. ActiveX controls are small programs, sometimes called add-ons that are used on the Internet. They can enhance browsing experience by allowing animation or they can help with tasks such as installing security updates at Microsoft Update. Some websites require installing ActiveX controls to see the site or perform certain tasks on it. When these websites are being visited, Internet Explorer asks to install the ActiveX control. The website that provides the ActiveX control should tell the visitor what the control is for. It should also provide relevant details on the web page before or after the warning. Internet Explorer blocks websites from using an ActiveX control if the website tries to use the ActiveX control in a way that might not be safe. What are the risks? ActiveX controls and web browser...

Words: 2385 - Pages: 10

Premium Essay

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Premium Essay

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Free Essay

Attacks

...that the variants of ransomware that hurt the security software that are installed within a computer may particularly target the endpoints which sign up with cloud-based storage solutions like Google Drive, Dropbox, OneDrive and many more. On detecting the endpoint, ransomware will exploit the stored personal credentials of the logged-in user and will even infect the cloud storage that is backed up. McAfee has warned that ransomware attackers will try out as many ways possible to shell out ransom payments from their victims. Degree of damage The most advanced and most damaging ransomware in the wild at the moment, specifically targeting U.S. businesses and individuals. It's a $70 million per year criminal enterprise. Its magnitude is now confirmed by law enforcement. Some quick math shows $18,145 in costs per victim, caused by network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. As you can see, the total costs of a ransomware infection goes well above just the ransom fee itself, which is usually around $500 but can go up to $10,000. What it attacked Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer...

Words: 2057 - Pages: 9