Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.

Published byProsper Black Modified over 9 years ago

Similar presentations

Presentation on theme: "A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13."— Presentation transcript:

1 A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13 th Annual Network and Distributed System Security Symposium (NDSS 2006) Presented by Hao Cheng, 2006.03

2 What is Spyware? Spyware (wiki): “a broad category of malicious software designed to intercept or take partial control of a computer’s operation without the informed consent of that machine’s owner or legitimate user”. no self-replica keylogging, dialer, Trojan downloader, browser hijacker, adware.

3 from wiki Two types of spyware: –spyware-infected executables: piggy-backed spyware code attached. –drive-by download: exploit vulnerability in user’s browser.

4 Contribution A quantitative analysis of the extent of spyware content in the Web. Internet point of view, study websites. have answers to below questions:

5 . Crawl webpages –May 2005, 18.2 millions URL –Oct 2005, 21.8 millions URL Virtual Machine (VM) to sandbox and analyze malicious content spyware-infected executables: commercial anti-spyware tools Drive-by download: heuristic triggers

6 Spyware-Infected automated solution –determine whether a web object has executable software –download, install, and execute in VM –analyze, identify..

7 steps Finding executables in web –HTTP header content-type = application/octet-stream –URL has extension (.exe,.cab,.msi) –After downloading, the beginning bits in a file to identify file type. Automatic Install –use heuristic to simulate common user interaction during the process of installation.

8 steps The last step- Analyze –Lavasoft AdAware anti-spyware tool. (use signature within its detection database). –script to launch the installed software and collect the logs generated by the anti-spyware tool. –identify functions of those spywares..

9 Drive-by Download automated solution –visit potential malicious webpage in unmodified browser in a clean VM –any attempt to break out of security sandbox of browser- suspicious –perform AdAware scan to detect installed spyaware..

10 Complex web content Complex web content (JavaScript) Time bomb code (occur in some future): accelerate OS wall-clock 15 times Page-close code, simulate page-close by fetching a clear webpage to cause code insurgence. Pop-up code, wait for all pop-up window to finish loading and then closed them in order to trigger any potential codes.

11 Browser Configuration IE 6.0 on unpatched XP. cfg_y, when IE ask for permission, all approved. cfg_n, refuse all requests for permission. most malicious, simple visit a webpage will cause infection. also study Firefox, basically more secure.

12 System 10-node cluster dual-processor, 4GB RAM, 80GB disk one VM per processor

13 Performance 92 second- 1 st type spyware –1-2 second creating a VM –55 seconds installing and running executables –35 seconds AdAware Sweep –Analyze 18,782 spywares per day 11.7 second- 2 nd type spyware –6.3 second- restart a browser and load a single webpage. –108 second- AdAware pages with trigger (5%) –Analyze 14,768 pages per CPU per day

14 Executable over 2,500 web sites 8 different categories for each web site, crawl to a depth = 3 from the top page. Average 6,577 pages per site. Also crawl “random selected” web sites.

15 .

16 . some spyware has multiple functions. Summary –around 90 distinct executable spyware. –instances spread 4% of domains. –1 out of 20 executables in web are spyware. –2 new executable spywares come out per month.

17 Drive-by Download webpages selected from different categories,

18 .

19 limitation heavily rely on commercial anti-spyware software. Many computers are patched, and now less vulnerabilities.

20 Questions?

Download ppt "A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
Spyware and other annoying Pop-ups. What are we going to learn? What is spyware What is the threat Where does it come from Why does spyware exist How.

Spyware and other annoying Pop-ups. What are we going to learn? What is spyware What is the threat Where does it come from Why does spyware exist How.
For Removal Info: visit

For Removal Info: visit
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of.

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.

Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
 Meaning of spyware Spyware is a program that can be installed on computers, and which collects small pieces of information about users without their.

 Meaning of spyware Spyware is a program that can be installed on computers, and which collects small pieces of information about users without their.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Adware Spyware Anti-Virus Presented by: Forrest Fosheim Network Coordinator Southwest Telecommunications Coop.

Adware Spyware Anti-Virus Presented by: Forrest Fosheim Network Coordinator Southwest Telecommunications Coop.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Similar presentations

Ads by Google