Sunday, July 27, 2008

Browser Based Malware

For some time now, I have been interested in browser based malware attacks and even more so after reading Armando Romeo's Posts about Backdoors in Firefox Extensions.

I've spent some time researching the topic and the various attack vectors and opportunities that are available through browser based malware. Consequently, I submitted a paper for the Avar 2008 Conference on Browser Based Malware Attacks which will detail the research I've conducted.

Avar is the largest Asia-Pacific conference for anti-malware technologies that is being brought to Delhi, India by QuickHeal in December 08.

I have been exploring the various attack vectors through which browser based malware could exist and analyzing their impact as compared to traditional malware.

Browser-based malware use the user’s browser to disrupt computer functions. This type of malware is typically unleashed when someone visits a web page that appears harmless, but actually contains hidden malicious code intended to sabotage a computer or compromise the user's privacy. The result of the attack may be as simple as a crashed browser; or as serious as the theft of personal information or the loss of confidential proprietary data.

Before the days of Web 2.0, browser based malware was fairly limited to drive-by-downloads, however since the discovery of JavaScript Attacks, CSS attacks etc the field has opened up. Some of the currently seen browser-based malware techniques are as follows:
  • Drive-By Downloads
  • JavaScript Worms and Viruses
  • CSS Attacks
  • Browser Add-ons Viruses and Worms
In the current state of the internet, much of a user’s life runs through their browser. With browser-based technologies such as: OSs, Storage/Backup systems, E-mails, Social Networking Web-sites, CRMs, Intranets etc. For an attacker, controlling a user's browser has suddenly become as fruitful as gaining access to their system.

Also considering that System based viruses and worms have are being comparitively well covered by Anti-Virus, Anti-Malware and Internet Security Products, it leaves the door wide-open for Browser Based Malware Attacks.

Through this research paper I intend to carry out a detailed analysis of browser-based malware threats and hope to dissect each threat and determine the following:
  • How they work?
  • What is the threat posed and possible impact?
  • How they can be remediated?
  • Will any current security products thwart this attack?
Also: If anyone is going to be attending AVAR 08, drop me an e-mail or leave a comment.