Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots.

Slides:

Advertisements

Similar presentations

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Advertisements

Qualys Vulnerabilities, Statistics and… Malware ?

Popular Web client and server programs This work is licensed under a Creative Commons Attribution-Noncommercial- Share Alike 3.0 License. Skills: none.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Electronic Proposal Development and Submission Module 1 Desktop Readiness Research Suite Product Support m.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.

© All Rights Reserved Web Browser A software application that enables you to view and interact with pages on the World Wide Web. Examples.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

The Nocebo Eﬀect on the Web: An Analysis of Fake Anti-Virus Distribution Moheeb Abu Rajab, Lucas Ballard, Panayiotis Mavrommatis, Niels Provos, Xin Zhao.

JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

U.S. Department of the Interior U.S. Geological Survey Center of Excellence in Geospatial Information Science Web-client Based Distributed Generalization.

Browser Toolbars You Shouldn’t Do Without How the WAT and WDT Can Help You Design Accessible Websites.

Web-Based Malware Jason Ganzhorn Background A large number of transactions take place over the Internet – Shopping – Communication – Browse.

In-page traffic distribution display ● Original idea – Allow a website administrator to see the flow of users from current page to all available destinations.

LittleOrange Internet Security an Endpoint Security Appliance.

What Is Malwarebytes? Malwarebytes is a free anti- malware program. Anti-malware programs are specifically designed to find and remove malware on your.

CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

The Ghost In The Browser Analysis of Web-based Malware Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu Google, Inc. The.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy.

All Your iFRAMEs Point to Us Niels provos,Panayiotis mavrommatis - Google Inc Moheeb Abu Rajab, Fabian Monrose - Johns Hopkins University Google Technical.

A Crawler-based Study of Spyware on the Web A.Moshchuk, T.Bragin, D.Gribble, M.Levy NDSS, 2006 * Presented by Justin Miller on 3/6/07.

Separate your corporate environment from unknown threats of the WEB. Define trusted WEB policy. Enforce the use of WEB browsers. Automatically distribute.

A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

Objective Understand concepts used to web-based digital media. Course Weight : 5%

Return to the PC Security web page Lesson 5: Dealing with Malware.

A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.

All Your iFRAMEs Point to Us Cheng Wei. Acknowledgement This presentation is extended and modified from The presentation by Bruno Virlet All Your iFRAMEs.

Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.

Larry Howard Sr. Research Scientist Eric Imsand 1, Larry Howard 2, Ken Pence 2, Mike Byers 3, Dipankar Dasgupta.

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

Studying Spamming Botnets Using Botlab

Trends in Circumventing Web-Malware Detection UTSA Moheeb Abu Rajab, Lucas Ballard, Nav Jagpal, Panayiotis Mavrommatis, Daisuke Nojiri, Niels Provos, Ludwig.

Browser Wars (Click on the logo to see the performance)

Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.

Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma

Safe browsing - is an ad-blocker extension enough? AIMILIOS TSOUVELEKAKIS IT-DI-CSO IT LIGHTNING TALK – 12/

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

Lecture 2- Internet, Basic Search, Advanced Search COE 201- Computer Proficiency.

Trends and Lessons from Three Years Fighting Malicious Extensions Nav Jagpal, Eric Dingle, Jean-Philippe, Gravel Panayiotis, Mavrommatis Niels, Provos.

Presented by Luke St Jack!.  Web browsers a type of application that are capable of translating html data from websites and other sources into a readable.

THE INTERNET INTRODUCTION TO BUSINESS TECHNOLOGY.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Computers Are Your Future Eleventh Edition Chapter 6: The Internet and the World Wide Web Copyright © 2011 Pearson Education, Inc. Publishing as Prentice.

INTERNET VOCAB. WEB BROWSER An app for finding info on the web.

NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

+ CIW LESSON 4 Web Browsers. + Basic Functions of Web Browsers Provide a way for users to access and navigate Web pages Display Web pages properly Provide.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

Visit:- internet-explorer.htmlhttp:// internet-explorer.html.

A lustrum of malware network communication: Evolution & insights

Software Applications for end-users

Some Common Terms The Internet is a network of computers spanning the globe. It is also called the World Wide Web. World Wide Web It is a collection of.

NetSpy: Automatic Generation of Spyware Signatures for NIDS

Cayuse 424 Desktop Readiness.

Browser Engine How it works…..

Research Lesson 1 URLs & Hyperlinks How to access the World Wide Web.

By: Lim An Guan Marc Chern Miao Sen Raphael Low Lim Jian Ling

Research Lesson 1 URLs & Hyperlinks How to access the World Wide Web.

Lesson 3 Web Browsers.

Presentation transcript:

Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots ‘07), Usenix, 9 pp., Presentation by Yuk Hin (Edwin) Chan

The Paper  By Google  Analyse large webpage repository for malware – “drive-by downloads”  A pull-based approach, which defeats network defences such as proxies and NAT  Outlines methods used by adversary  How exploits appear  What mechanisms they use  Discuss trends in malware

The Experiment

In Detail  Heuristics prune unlikely URLs  Much less URLs to analyse  Runs Internet Explorer in virtual machine  New processes created by visiting webpage  Classifies Malware  Voting by different anti-virus software  Relies on anti-virus companies  Difficult to be accurate  Analysis of malware distribution across hosts

Good  Google has access to huge dataset  Gives comprehensive results  Provided statistical data on  Malware types  Malware distribution  Malware lifetime

Limits 1  Many methods used are not exact or detailed  “We detect malicious pages based on abnormalities such as heavy obfuscation”  Abnormalities are not well defined  “To detect pages … we examine the interpreted Javascript included on each web page.”  What about exploits that does not relate to Javascript?

Limits 2  Limited browsers tested  Tests only Internet Explorer  Which version of IE is tested?  Not all malware target Internet Explorer  Other Browsers?  Firefox, Opera, Safari  It would be interesting to see the proportion of malware that targets browsers with smaller market share.

Thank You / Thoughts This study shows that malware is a common threat to users “About 10% of the URLs we analyzed were malicious” And the methods they use are varied and constantly evolving. How can we best combat this threat?

MapReduce Heuristics Page URL Exploit Link MapReduce Exploit Link