A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

Slides:



Advertisements
Similar presentations
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Advertisements

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Lesson 4: Web Browsing.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
Intelligent Detection of Malicious Script Code CS194, Benson Luk Eyal Reuveni Kamron Farrokh Advisor: Adnan Darwiche.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
WEB SCIENCE: SEARCHING THE WEB. Basic Terms Search engine Software that finds information on the Internet or World Wide Web Web crawler An automated program.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
Norman SecureSurf Protect your users when surfing the Internet.
1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.
Protecting Your Computer & Your Information
Dynamic Web Pages (Flash, JavaScript)
Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.
1 Spyware, Adware, and Browser Hijacking. ECE Agenda What is Spyware? What is Adware? What is Browser Hijacking? Security concerns and risks Prevention,
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
A Crawler-based Study of Spyware on the Web A.Moshchuk, T.Bragin, D.Gribble, M.Levy NDSS, 2006 * Presented by Justin Miller on 3/6/07.
How to remove spyware from your PC using Spybot S&D? A SeniorNet Workshop SeniorNet is a service program of the Lutheran Service Society of Western Pennsylvania.
Spyware Steven Gribble Department of Computer Science and Engineering University of Washington.
A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.
The Microsoft Baseline Security Analyzer A practical look….
Zscaler New Interface and Reporting From Saturday 8 th June 2013.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Downloading defined: Downloading is the process of copying a file (such as a game or utility) from one computer to another across the internet. When you.
Return to the PC Security web page Lesson 5: Dealing with Malware.
A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Module 5: Configuring Internet Explorer and Supporting Applications.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
1 Lab 12: Spyware A Window’s User’s Worst Nightmare.
Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.
1 Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
WEB SERVER SOFTWARE FEATURE SETS
Shasta Console Operations February 2010 Tony Caleb.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.
SpyProxy SpyProxy Execution-based Detection of MaliciousWeb Content Execution-based Detection of MaliciousWeb Content Hongjin, Lee.
Erica Larnerd COSC Spyware...  What is it?  What does it do?  How does it get on my computer?  How can I tell if it’s on my computer?  What.
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Web Programming Language
Managing Windows Security
Lesson 4: Web Browsing.
Software Applications for end-users
ICT Communications Lesson 1: Using the Internet and the World Wide Web
Web Caching? Web Caching:.
Dynamic Web Pages (Flash, JavaScript)
Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Lesson 4: Web Browsing.
Windows Vista Inside Out
Exploring DOM-Based Cross Site Attacks
Presentation transcript:

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared By: Amit Shrivastava

Overview User visits website Web spyware infects computer Computer is unhappy vs.

Introduction Spyware study Infected 80% of AOL users 93 spyware components (known) Goals Locate spyware on the internet Gather Internet spyware statistics Quantitative analysis of spyware-laden content on the web

Introduction cont. What is spyware? Crawling the web Web executables Drive-by downloads Results Improvements

Definition Spyware – software that collects personal information about users No user knowledge Spyware techniques: Log keystrokes Collect web history Scan documents on hard disk

Types of Spyware Spyware-infected executables Content-type header URL extension Drive-by downloads Malicious web content Produce event triggers

Executable files Finding executables Content-type (HTTP header) contains.exe URL contains.exe,.cab, or.msi Hidden executables Embedded file (.zip) URL hidden in JavaScript Missed executables Hidden URL on dynamic page

Executable files DL, install, run in a clean VM Tool to automate installer framework EULA agreements Radio buttons and check boxes Analyze file Ad-Aware software Log identifies spyware program

Web Crawling Heritrix public domain Web crawler Search 2,500+ web sites Different categories 1) Celebrity sites 2) Games sites 3) Music sites 4) Adult sites 5) Online news sites 6) Wallpaper sites 7) Pirate sites

Changing Spyware Environment 2 separate program crawls May, October 2005 Most recent anti-spyware program used October crawl detect mores vulnerabilities

Executable Results 2 separate program crawls May 2005 – 18 million URLs Oct 2005 – 22 million URLs No appreciable change in spyware

Infected Executables   MAY 2005

Infected Executables October 2005

Web Categories Web categories infected with spyware

Spyware Functions Spyware-infected executables Contain various spyware functions Executables may have multiple functions

Spyware Upgrades Spyware-infected executables May have multiple spyware functions 1,294 infected.exe found in Oct detected 414 new one

Blacklisting Spyware Block clients from accessing listed sites Done by firewall or proxy Blacklisting is ineffective

Drive-by Downloads Spyware from visiting a web page Javascript embedded in HTML Modifies system files Modifies registry entries.

Event Triggers Event occurs that matches a trigger Trigger Conditions Process creation File activity (creation) Suspicious process (file modification) Registry file modified Browser/OS crash

IE Browser Configuration Security-related IE dialog boxes

Drive-by Results 3 web crawls May 2005 – 45,000 URLs Oct 2005 – Same URLs Oct 2005 – New URLs Decrease in infectious URLs Increase in unique spyware programs

Origin of Drive-by DLs Top 6 web categories (IE): Pirate sites Celebrity Music Adult Games Wallpaper

Spyware Top 10 Top 6 web categories (IE): Pirate sites Celebrity Music Adult Games Wallpaper MAY 2005 OCTOBER 2005

Spyware Top 10 May 2005October 2005

Spyware Trends Decline in total # of spyware programs Increase of anti-spyware tools Automated patch installations Lawsuits against spyware distributors

Firefox Security

Strengths Analysis method Studies density of spyware on the Web Produces spyware trends over time Calculated frequency of spyware on web Distinguished security prompts (y/n) Found 14% of spyware is malicious Density of spyware is substantial

Weaknesses  URL hidden in JavaScript, dynamic page  Limited by what Ad-Aware is able to detect  Different anti-spyware programs (May/Oct)  Did not crawl entire web

Improvements Test multiple browsers Additional anti-spyware programs Crawl more URLs

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.