Weaknesses in Defenses against Web-Borne Malware

نویسندگان

Saumya Debray

S. Debray

چکیده

Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-borne malware crucial for system security. This paper explores weaknesses in existing approaches to the detection of malicious JavaScript code. These approaches generally fall into two categories: lightweight techniques focusing on syntactic features such as string obfuscation and dynamic code generation; and heavier-weight approaches that look for deeper semantic characteristics such as the presence of shellcode-like strings or execution of exploit code. We show that each of these approaches has its weaknesses, and that state-of-the-art detectors using these techniques can be defeated using cloaking techniques that combine emulation with dynamic anti-analysis checks. Our goal is to promote a discussion in the research community focusing on robust defensive techniques rather than ad-hoc solutions.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Browsers Defenses against Phishing, Spoofing and Malware 1 Ssl-based Logon

Web users are increasingly victims of phishing, spoofing and malware attacks. In this article, we discuss existing and proposed defense mechanisms. We highlight the vulnerabilities of current defenses, and the challenges of validating and adopting new defenses.

متن کامل

WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths

Most modern malware download attacks occur via the browser, typically due to social engineering and driveby downloads. In this paper, we study the “origin” of malware download attacks experienced by real network users, with the objective of improving malware download defenses. Specifically, we study the web paths followed by users who eventually fall victim to different types of malware downloa...

متن کامل

See No Evil: Evasions in Honeymonkey Systems

Client-side attacks have emerged in recent years to become the most popular means of propagating malware. In order to keep up with this new wave of web-based malware, companies such as Google routinely crawl the web, feeding suspicious pages into virtual machines that emulate client systems (known as honeymonkeys or honeyclients). In this paper, we will demonstrate that although this approach h...

متن کامل

Malicious Software

IntroductIon Malicious software (malware) allows an intruder to take over or damage a target host without the owner's consent and often without his or her knowledge. Over the past thirty years, malware has become a more serious worldwide problem as Internet-connected computers have proliferated and operating systems have become more complex. Today, the average PC user must be more cognizant of ...

متن کامل

SpyProxy: Execution-based Detection of Malicious Web Content

This paper explores the use of execution-based Web content analysis to protect users from Internet-borne malware. Many anti-malware tools use signatures to identify malware infections on a user’s PC. In contrast, our approach is to render and observe active Web content in a disposable virtual machine before it reaches the user’s browser, identifying and blocking pages whose behavior is suspicio...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2013

Weaknesses in Defenses against Web-Borne Malware

نویسندگان

چکیده

منابع مشابه

Browsers Defenses against Phishing, Spoofing and Malware 1 Ssl-based Logon

WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths

See No Evil: Evasions in Honeymonkey Systems

Malicious Software

SpyProxy: Execution-based Detection of Malicious Web Content

عنوان ژورنال:

اشتراک گذاری