Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

Published byMercy Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared."— Presentation transcript:

1 A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared By: Amit Shrivastava

2 Overview User visits website Web spyware infects computer Computer is unhappy vs.

3 Introduction Spyware study Infected 80% of AOL users 93 spyware components (known) Goals Locate spyware on the internet Gather Internet spyware statistics Quantitative analysis of spyware-laden content on the web

4 Introduction cont. What is spyware? Crawling the web Web executables Drive-by downloads Results Improvements

5 Definition Spyware – software that collects personal information about users No user knowledge Spyware techniques: Log keystrokes Collect web history Scan documents on hard disk

6 Types of Spyware Spyware-infected executables Content-type header URL extension Drive-by downloads Malicious web content Produce event triggers

7 Executable files Finding executables Content-type (HTTP header) contains.exe URL contains.exe,.cab, or.msi Hidden executables Embedded file (.zip) URL hidden in JavaScript Missed executables Hidden URL on dynamic page

8 Executable files DL, install, run in a clean VM Tool to automate installer framework EULA agreements Radio buttons and check boxes Analyze file Ad-Aware software Log identifies spyware program

9 Web Crawling Heritrix public domain Web crawler Search 2,500+ web sites Different categories 1) Celebrity sites 2) Games sites 3) Music sites 4) Adult sites 5) Online news sites 6) Wallpaper sites 7) Pirate sites

10 Changing Spyware Environment 2 separate program crawls May, October 2005 Most recent anti-spyware program used October crawl detect mores vulnerabilities

11 Executable Results 2 separate program crawls May 2005 – 18 million URLs Oct 2005 – 22 million URLs No appreciable change in spyware

12 Infected Executables   MAY 2005

13 Infected Executables October 2005

14 Web Categories Web categories infected with spyware

15 Spyware Functions Spyware-infected executables Contain various spyware functions Executables may have multiple functions

16 Spyware Upgrades Spyware-infected executables May have multiple spyware functions 1,294 infected.exe found in Oct 2005 880 detected 414 new one

17 Blacklisting Spyware Block clients from accessing listed sites Done by firewall or proxy Blacklisting is ineffective

18 Drive-by Downloads Spyware from visiting a web page Javascript embedded in HTML Modifies system files Modifies registry entries.

19 Event Triggers Event occurs that matches a trigger Trigger Conditions Process creation File activity (creation) Suspicious process (file modification) Registry file modified Browser/OS crash

20 IE Browser Configuration Security-related IE dialog boxes

21 Drive-by Results 3 web crawls May 2005 – 45,000 URLs Oct 2005 – Same URLs Oct 2005 – New URLs Decrease in infectious URLs Increase in unique spyware programs

22 Origin of Drive-by DLs Top 6 web categories (IE): Pirate sites Celebrity Music Adult Games Wallpaper

23 Spyware Top 10 Top 6 web categories (IE): Pirate sites Celebrity Music Adult Games Wallpaper MAY 2005 OCTOBER 2005

24 Spyware Top 10 May 2005October 2005

25 Spyware Trends Decline in total # of spyware programs Increase of anti-spyware tools Automated patch installations Lawsuits against spyware distributors

26 Firefox Security

27 Strengths Analysis method Studies density of spyware on the Web Produces spyware trends over time Calculated frequency of spyware on web Distinguished security prompts (y/n) Found 14% of spyware is malicious Density of spyware is substantial

28 Weaknesses  URL hidden in JavaScript, dynamic page  Limited by what Ad-Aware is able to detect  Different anti-spyware programs (May/Oct)  Did not crawl entire web

29 Improvements Test multiple browsers Additional anti-spyware programs Crawl more URLs

30 THANK YOU

Download ppt "A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared."

Similar presentations

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
Intelligent Detection of Malicious Script Code CS194, 2007-08 Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche.

Intelligent Detection of Malicious Script Code CS194, Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.

Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
WEB SCIENCE: SEARCHING THE WEB. Basic Terms Search engine Software that finds information on the Internet or World Wide Web Web crawler An automated program.

WEB SCIENCE: SEARCHING THE WEB. Basic Terms Search engine Software that finds information on the Internet or World Wide Web Web crawler An automated program.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
269200 Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.

1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.

Similar presentations

Ads by Google