I've spent some time researching the topic and the various attack vectors and opportunities that are available through browser based malware. Consequently, I submitted a paper for the Avar 2008 Conference on Browser Based Malware Attacks which will detail the research I've conducted.
Avar is the largest Asia-Pacific conference for anti-malware technologies that is being brought to Delhi, India by QuickHeal in December 08.
I have been exploring the various attack vectors through which browser based malware could exist and analyzing their impact as compared to traditional malware.
Browser-based malware use the user’s browser to disrupt computer functions. This type of malware is typically unleashed when someone visits a web page that appears harmless, but actually contains hidden malicious code intended to sabotage a computer or compromise the user's privacy. The result of the attack may be as simple as a crashed browser; or as serious as the theft of personal information or the loss of confidential proprietary data.Before the days of Web 2.0, browser based malware was fairly limited to drive-by-downloads, however since the discovery of JavaScript Attacks, CSS attacks etc the field has opened up. Some of the currently seen browser-based malware techniques are as follows:
- Drive-By Downloads
- JavaScript Worms and Viruses
- CSS Attacks
- Browser Add-ons Viruses and Worms
Also considering that System based viruses and worms have are being comparitively well covered by Anti-Virus, Anti-Malware and Internet Security Products, it leaves the door wide-open for Browser Based Malware Attacks.
Through this research paper I intend to carry out a detailed analysis of browser-based malware threats and hope to dissect each threat and determine the following:
- How they work?
- What is the threat posed and possible impact?
- How they can be remediated?
- Will any current security products thwart this attack?
Posts
0 comments:
Post a Comment