Browsing the deeps - a look into malware in the web

Sami Rautiainen Stonesoft

In today's world, more and more applications are moving into the web. In the networked world, the complex online services make users and businesses dependant on the Internet and one particular application - the web browser.

A modern web browser is a complex piece of software which, instead of just viewing static web pages, must be able to provide a powerful platform for the advanced interactive programs available online - via scripting.

Authors of malware have realized the power of scripts embedded to web pages, too. Nowadays malicious programs commonly seen in the field exploit browser vulnerabilities combined with script-based obfuscation techniques to get executed while keeping their activity hidden in the background.

In addition of the direct attacks against the browser, the modern online applications themselves provide additional layer of complex functionality that can and is abused by malware.

This paper will look into how web-based scripting is used by malware encountered in the field, and examines techniques as well as tools available to help their analysis. Also the challenges that complicated scripts present to a detection engine are discussed.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.