Internet attacks that use Web servers to exploit browser vulnerabilities to install malware programs are on the rise [D04,R04,B04,S05]. Several recent reports suggested that some companies may actually be building a business model around such attacks [IF05,R05]. Expensive, manual analyses for individually discovered malicious Web sites have recently emerged [F04,G05]. In this paper, we introduc...

We study and document an important development in how attackers are using Internet resources: the creation of malicious DNS resolution paths. In this growing form of attack, victims are forced to use rogue DNS servers for all resolution. To document the rise of this “second secret authority” on the Internet, we studied instances of aberrant DNS resolution on a university campus. We found dozens...

The paper compares the characteristics of URLs cited in Indian LIS conference proceedings papers.A total of 15,745 references appended to 1,700 articles published in three Indian LIS conference proceedings published during 2001-2010 were selected. From these references we extracted a total of 5698 URLs and were further classified according to their top level domains, file formats and path depth...

For years security machine learning research has promised to obviate the need for signature based detection by automatically learning to detect indicators of attack. Unfortunately, this vision hasn’t come to fruition: in fact, developing and maintaining today’s security machine learning systems can require engineering resources that are comparable to that of signature-based detection systems, d...

This case study studies in great detail a recent breach of a shared webserver running Microsoft IIS. We describe how to detect the intrusion on a particular GoDaddy-hosted webserver controlled by the authors. We review a recent mass compromise of IIS shared hosting to provide context for the case study. We describe how the attackers have used the compromise as part of a larger blackhat search e...

Malicious spyware poses a significant threat to desktop security and integrity. This paper examines that threat from an Internet perspective. Using a crawler, we performed a large-scale, longitudinal study of the Web, sampling both executables and conventional Web pages for malicious objects. Our results show the extent of spyware content. For example, in a May 2005 crawl of 18 million URLs, we...

More and more web applications rely on server-side requests (SSRs) to fetch resources (such as images or even entire webpages) from user-provided URLs. As for many other web-related technologies, developers were very quick to adopt SSRs, even before their consequences for security were fully understood. In fact, while SSRs are simple to add from an engineering point of view, in this paper we sh...

Tinder is a popular dating app that allows users to discover potential dating partners with close geographical proximity. Tinder is the first dating app in several countries and has more than 50 million users. However, many of these users are bots with malicious intent. The first step in dealing with this issue is understanding the characteristics of Tinder bots. Toward this aim, we have propos...

Emerging web applications demand considerable network resources and, especially in science and engineering, considerable computational resources. The use of agents can eliminate bottlenecks in both areas, provided that their methods of computation and communication are not overly restricted. WebVector is an agent system that combines a flexible communication model with URL-based agent identific...

One of the key sources of spreading malware are malicious web sites – either tricking user to install malware imitating legitimate software or, in the case of various exploit kits, initiating malware installation even without any user action. The most common technique against such web sites is blacklisting. However, it provides little to no information about new sites never seen before. Therefo...