tailieunhanh - The Ghost In The Browser Analysis of Web-based Malware

As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference. | The Ghost In The Browser Analysis of Web-based Malware Niels Provos Dean McNamee Panayiotis Mavrommatis Ke Wang and Nagendra Modadugu Google Inc. niels deanm panayiotis kewang ngm @ Abstract As more users are connected to the Internet and conduct their daily activities electronically computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user s applications and force the download a multitude of malware binaries. Frequently this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread we identify the four prevalent mechanisms used to inject malicious content on popular web sites web server security user contributed content advertising and third-party widgets. For each of these areas we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat. 1. INTRODUCTION Internet services are increasingly becoming an essential part of our everyday life. We rely more and more on the convenience and flexibility of Internet-connected devices to shop communicate and in general perform tasks that would otherwise require our physical presence. Although very beneficial Internet transactions can expose user sensitive information. Banking and medical records authorization passwords and personal communication records can easily become known to an adversary who can successfully compromise any of

• Quản trị mạng
• Medical and Scientific
• Scientific Applications
• Bioengineered Skin
• Skin Biopsy
• Environmental Research
• measure Fish Coloration
• statements and documents scientific reports
• medical reports
• medical knowledge
• medical research
• clinical trials
• medical management
• health care
• medical transfer
• the developing countries
• medical report
• Scientific reports
• scientific research
• analysis of cytoplasmic