Presentation is loading. Please wait.

Presentation is loading. Please wait.

Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots.

Published byHoratio Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots."— Presentation transcript:

1 Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots ‘07), Usenix, 9 pp., 2007. Presentation by Yuk Hin (Edwin) Chan

2 The Paper  By Google  Analyse large webpage repository for malware – “drive-by downloads”  A pull-based approach, which defeats network defences such as proxies and NAT  Outlines methods used by adversary  How exploits appear  What mechanisms they use  Discuss trends in malware

3 The Experiment

4 In Detail  Heuristics prune unlikely URLs  Much less URLs to analyse  Runs Internet Explorer in virtual machine  New processes created by visiting webpage  Classifies Malware  Voting by different anti-virus software  Relies on anti-virus companies  Difficult to be accurate  Analysis of malware distribution across hosts

5 Good  Google has access to huge dataset  Gives comprehensive results  Provided statistical data on  Malware types  Malware distribution  Malware lifetime

6 Limits 1  Many methods used are not exact or detailed  “We detect malicious pages based on abnormalities such as heavy obfuscation”  Abnormalities are not well defined  “To detect pages … we examine the interpreted Javascript included on each web page.”  What about exploits that does not relate to Javascript?

7 Limits 2  Limited browsers tested  Tests only Internet Explorer  Which version of IE is tested?  Not all malware target Internet Explorer  Other Browsers?  Firefox, Opera, Safari  It would be interesting to see the proportion of malware that targets browsers with smaller market share.

8 Thank You / Thoughts This study shows that malware is a common threat to users “About 10% of the URLs we analyzed were malicious” And the methods they use are varied and constantly evolving. How can we best combat this threat?

9 MapReduce Heuristics Page URL Exploit Link MapReduce Exploit Link

Download ppt "Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu – Google First Workshop on Hot Topics in Understanding Botnets (HotBots."

Similar presentations

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Qualys Vulnerabilities, Statistics and… Malware ?

Qualys Vulnerabilities, Statistics and… Malware ?
Popular Web client and server programs This work is licensed under a Creative Commons Attribution-Noncommercial- Share Alike 3.0 License. Skills: none.

Popular Web client and server programs This work is licensed under a Creative Commons Attribution-Noncommercial- Share Alike 3.0 License. Skills: none.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Electronic Proposal Development and Submission Module 1 Desktop Readiness Research Suite Product Support m.

Electronic Proposal Development and Submission Module 1 Desktop Readiness Research Suite Product Support m.
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
© www.teach-ict.com All Rights Reserved Web Browser A software application that enables you to view and interact with pages on the World Wide Web. Examples.

© All Rights Reserved Web Browser A software application that enables you to view and interact with pages on the World Wide Web. Examples.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution Moheeb Abu Rajab, Lucas Ballard, Panayiotis Mavrommatis, Niels Provos, Xin Zhao.

The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution Moheeb Abu Rajab, Lucas Ballard, Panayiotis Mavrommatis, Niels Provos, Xin Zhao.
JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***

JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
U.S. Department of the Interior U.S. Geological Survey Center of Excellence in Geospatial Information Science Web-client Based Distributed Generalization.

U.S. Department of the Interior U.S. Geological Survey Center of Excellence in Geospatial Information Science Web-client Based Distributed Generalization.
Browser Toolbars You Shouldn’t Do Without How the WAT and WDT Can Help You Design Accessible Websites.

Browser Toolbars You Shouldn’t Do Without How the WAT and WDT Can Help You Design Accessible Websites.
Web-Based Malware Jason Ganzhorn 5-12-2010 1. Background A large number of transactions take place over the Internet – Shopping – Communication – Browse.

Web-Based Malware Jason Ganzhorn Background A large number of transactions take place over the Internet – Shopping – Communication – Browse.
In-page traffic distribution display ● Original idea – Allow a website administrator to see the flow of users from current page to all available destinations.

In-page traffic distribution display ● Original idea – Allow a website administrator to see the flow of users from current page to all available destinations.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
What Is Malwarebytes? Malwarebytes is a free anti- malware program. Anti-malware programs are specifically designed to find and remove malware on your.

What Is Malwarebytes? Malwarebytes is a free anti- malware program. Anti-malware programs are specifically designed to find and remove malware on your.
CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Similar presentations

Ads by Google