Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

Slides:



Advertisements
Similar presentations
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Advertisements

By Hiranmayi Pai Neeraj Jain
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Understanding and Detecting Malicious Web Advertising
What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar
The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution Moheeb Abu Rajab, Lucas Ballard, Panayiotis Mavrommatis, Niels Provos, Xin Zhao.
For Removal Info: visit
Lesson 4: Web Browsing.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Maintaining and Updating Windows Server 2008
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Norman SecureSurf Protect your users when surfing the Internet.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
資安新聞簡報 報告者:劉旭哲、曾家雄. Spam down, but malware up 報告者:劉旭哲.
The Ghost In The Browser Analysis of Web-based Malware Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu Google, Inc. The.
John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy.
All Your iFRAMEs Point to Us Niels provos,Panayiotis mavrommatis - Google Inc Moheeb Abu Rajab, Fabian Monrose - Johns Hopkins University Google Technical.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
A Crawler-based Study of Spyware on the Web A.Moshchuk, T.Bragin, D.Gribble, M.Levy NDSS, 2006 * Presented by Justin Miller on 3/6/07.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.
Web Application Firewall (WAF) RSA ® Conference 2013.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. WEB.
2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.
Fostering worldwide interoperabilityGeneva, July 2009 How to counter web-based attacks on the Internet in Korea Heung Youl YOUM Chairman of Korea.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.
Return to the PC Security web page Lesson 5: Dealing with Malware.
Defending Browsers against Drive-by Downloads:Mitigating Heap-Spraying Code Injection Attacks Authors:Manuel Egele, Peter Wurzinger, Christopher Kruegel,
A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.
All Your iFRAMEs Point to Us Cheng Wei. Acknowledgement This presentation is extended and modified from The presentation by Bruno Virlet All Your iFRAMEs.
A MULTIFACETED APPROACH TO UNDERSTANDING THE BOTNET PHENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose & Andreas Terzis IMC’06.
Spamscatter: Characterizing Internet Scam Hosting Infrastructure By D. Anderson, C. Fleizach, S. Savage, and G. Voelker Presented by Mishari Almishari.
Microsoft Management Seminar Series SMS 2003 Change Management.
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
Trends in Circumventing Web-Malware Detection UTSA Moheeb Abu Rajab, Lucas Ballard, Nav Jagpal, Panayiotis Mavrommatis, Daisuke Nojiri, Niels Provos, Ludwig.
Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots.
0wning the koobface botnet. intro web 2.0 botnet spreads through social networks –facebook –myspace –twitter, etc.
Trends and Lessons from Three Years Fighting Malicious Extensions Nav Jagpal, Eric Dingle, Jean-Philippe, Gravel Panayiotis, Mavrommatis Niels, Provos.
A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
The hidden part of TDSS Sergey (k1k) Golovanov, Malware Expert Global Research and Analysis Team Kaspersky Lab.
SpyProxy SpyProxy Execution-based Detection of MaliciousWeb Content Execution-based Detection of MaliciousWeb Content Hongjin, Lee.
2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist.
Testing Exploits and Malware in an isolated environment Luca Allodi – Fabio Massacci – Vadim Kotov
Erica Larnerd COSC Spyware...  What is it?  What does it do?  How does it get on my computer?  How can I tell if it’s on my computer?  What.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA
Maintaining and Updating Windows Server 2008 Lesson 8.
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
Lesson 4: Web Browsing.
Lesson 4: Web Browsing.
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Recitation on AdFisher
Exploring DOM-Based Cross Site Attacks
Presentation transcript:

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium 1 / 22

Introduction [1/3]  The WWW is a criminal’s preferred pathway for spreading malware.  Two kinds of delivering web-malware  Social engineering  Drive-by download  URLs that attempt to exploit their visitors and cause malware to be installed and run automatically. 2 / 22

Introduction [2/3]  Drive-by download Via iFRAMEs Scripts exploits browser and triggers downloads 3 / 22

Introduction [3/3]  Drive-by download Landing site cafe.naver.com Distribution site 4 / 22

Infrastructure and Methodology [1/4]  Workflow 5 / 22

Infrastructure and Methodology [2/4]  Pre-processing phase  Inspect URLs from repository and identify the ones that trigger drive-by downloads  Mapreduce and machine-learning framework  Pre-process a billion of pages daily  Choose 1 million URLs for verification phase 6 / 22

Infrastructure and Methodology [3/4]  Verification phase  Large scale web-honeynet  Runs a large number of MS Windows images in VM  Unpatched version of Internet Explorer  Multiple anti-virus engines  Loads a clean Windows image then visit the candidate URL  Monitor the system behavior for abnormal state chnages 7 / 22

Infrastructure and Methodology [4/4]  Malware distribution networks  The set of malware delivery trees from all the landing site that lead to a particular malware distribution site.  Inspecting the Referer header and HTTP request  In some case, URLs contain randomly generated strings, apply heuristics based algorithm. 8 / 22

Prevalence of drive-by downloads [1/3]  Summary of collected data 9 / 22

Prevalence of drive-by downloads [2/3]  Geographic locality  The correlation between the location of a distribution site and the landing sties 10 / 22

Prevalence of drive-by downloads [3/3]  Impact on the end-users  Average 1.3% 11 / 22

Malicious content injection [1/2]  Web server software  A significant fraction were running outdate versions of software. 12 / 22

Malicious content injection [2/2]  Drive-by download via AD 13 / 22

 The rate of landing site per distribution site Malicious distribution infrastructure [1/3] 14 / 22

 Property of malware distribution sites IP Malicious distribution infrastructure [2/3] 58.* * 209.* * 15 / 22

 The number of unique binaries downloaded from each malware distribution site Malicious distribution infrastructure [3/3] 16 / 22

 The number of downloaded executable as a result of visiting a malicious URL Post Infection Impact [1/4] Average 8 17 / 22

 The number of processes started after visiting a malicious URL Post Infection Impact [2/4] 18 / 22

 Registry changes after visiting 57.5% of the landing page Post Infection Impact [3/4] 19 / 22

 Network activity of the virtual machine post infection Post Infection Impact [4/4] 20 / 22

 Network activity of the virtual machine post infection Anti-virus engine detection rates 21 / 22

 Large web scale data collection infrastructure  In-depth analysis of over 66 million URLs  Reveals that the scope of the problem is significant  Anti-virus engines are lacking in their ability to protect against drive-by downloads Conclusion 22 / 22

Extra-Authors  Niels Provos  Senior staff engineer, Google inc  Web-based malware  DDOS  Panayiotis Mavrommatis  Software engineer, Google inc  Security  Distributed computing 23 / 18

 Drive-by download via AD  Malware delivered via Ads exhibits longer delivery chain Extra-Malicious content injection [2/5] 24 / 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.