Date: 25 May 2012
Click here for printable version
Periodically, AusCERT opens its doors to students, from institutions far and wide, who seek to augment their education with experience in a functioning CERT. Papers published here are the direct result of this experience and are provided on an "as is" basis as a contribution to the information security community body of knowledge.
Papers sponsored by AusCERT remain the intellectual property of their individual authors and any enquiries about content should be directed to them. AusCERT is not responsible for content and errors and omissions may remain uncorrected.
Web-based Malware. Browser Based Malware Infection - a paper by James Harland as a work experience student at AusCERT
Malicious programs are evolving quickly in terms of the complexity and capabilities used when subverting computer systems. Becoming more popular are attacks initiated via the internet, known as drive-by-downloads, which leverage exploits in popular browsers and plug-ins to download a plethora of malware to the victimís computer. Compromised websites can unwittingly play host to malicious code redirecting visitors to this malicious content. The complexity of modern browsers is the enabling fact that allows adversaries to infect their victims by simply visiting a legitimate website. These attacks are commonly carried out through compromised websites that redirect the victim through a network of domains that lead to the malware download. Once the victim reaches the attack site, the malware is downloaded and executed using vulnerabilities found in the browser or its plug-ins. To gain an understanding of this threat we examine different techniques commonly used in these attacks and provide examples collected from malware found on the internet. We aim to present the background knowledge required to identify this threat and provide basic steps for investigating web-based malware...Click here to download the full PDF version of this paper