Automatic Drive-By-Download – detection in a virtualized environment by Thomas Müller, Benjamin Mack, Mehmet Arziman
AUTHORS' DESCRIPTION
We focus on internet browsers here because of two key problems. First of all, browsers are the primary user interfaces to the World Wide Web. As the rendering engine transforms hypertext into a visual presentation for human, all parts of a webpage have to be interpreted and processed further by the browser—which leads to a complex and error-prone architecture, especially in regard to mobile code(JavaScript, Java, ActiveX, XUL etc.). Secondly, the browser is arguably the most frequently used program in the family of potentially vulnerable software. In contrast to server-based software, a browser is often used by non-technical users, many of whom neither understand the risks or know possible counteractive measures. And even experts are often exposed to the risk of an attack.
In view of this, our goal was to develop a system that automatically detects and identifies malicious websites.
In addition, this system would also be able to serve as a platform for other security and sandbox-tests. One usecase is to automatically analyze various kinds of malware in a secure and easy maintainable virtualized environment. Read the full article
by Thomas Müller, Benjamin Mack, Mehmet Arziman
AUTHORS' DESCRIPTIONWe focus on internet browsers here because of two key problems. First of all, browsers are the primary user interfaces to the World Wide Web. As the rendering engine transforms hypertext into a visual presentation for human, all parts of a webpage have to be interpreted and processed further by the browser—which leads to a complex and error-prone architecture, especially in regard to mobile code(JavaScript, Java, ActiveX, XUL etc.). Secondly, the browser is arguably the most frequently used program in the family of potentially vulnerable software. In contrast to server-based software, a browser is often used by non-technical users, many of whom neither understand the risks or know possible counteractive measures. And even experts are often exposed to the risk of an attack.
In view of this, our goal was to develop a system that automatically detects and identifies malicious websites.
In addition, this system would also be able to serve as a platform for other security and sandbox-tests. One usecase is to automatically analyze various kinds of malware in a secure and easy maintainable virtualized environment.