Anatomy of a typical exploit
Here is a typical example of a compromised web page. Due to a bug in a web application like phpBB2, Moveable Type or many others, the adversary was able to insert the following line of HTML into your...
View ArticleDecoding Javascript and Why We Like Our Browser
Exploits are often obfuscated to make it more difficult to detect nefarious activities. The reason that SpyBye is posing as a proxy server is to get your web browser to do all the decoding for us....
View ArticleThe Ghost In The Browser
During HotBots last month, I presented a paper on a systematic approach for detecting malware on the web called "The Ghost In The Browser". The paper enumerates all the different ways in which a web...
View ArticleSQL Injection Redux
During my invited talk on web-based malware at USENIX Security, I mentioned SQL Injection as one of the more popular means of compromising web servers. Although I did not have a chance to post my...
View ArticleUsing htaccess To Distribute Malware
Usually, I get to find compromised web servers, but last week I was asked to fix one. A relative noticed that his web server would try to install a rogue anti-malware product and called me for help....
View ArticleLEET'09: Large Scale Exploits and Emergent Threats
The 2nd USENIX LEET workshop is going to take place on April 21st in Boston next week. The workshop program looks really interesting. There are a number of really interesting talks; here are just a...
View ArticleTop 10 Malware Sites
A list of the top-10 malware sites found by Google's infrastructure over the last two months is available at the Google Online Security Blog. Gumblar and Martuz are among them as well as...
View ArticleCybercrime 2.0: When the Cloud Turns Dark
We recently published an article on web-based malware in ACM's Queue Magazine. It provides a short overview of some of the challenges with detecting malicious web sites such as social engineering and...
View ArticleDirectShow Vulnerability Exploited Everywhere
The DirectShowvulnerabilities are being exploited all over the place now. Unfortunately, the second vulnerability in DirectShow is still unpatched and exploit sites seem to be jumping on this. There...
View ArticleAsk Google's Anti-Malware Team
Google's Anti-Malware team has prepared a moderator page where web masters and users can ask questions and vote which questions they would like to see answered. The voting period ends on Friday,...
View ArticleLEET '10 Call for Papers
The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010 in San Jose,...
View ArticleAnatomy of a PDF Exploit
PDF has become the de-facto standard for formatting print documents. Over the years, it has evolved into a feature rich and very complex system. PDF supports embedded Javascript that can be used for...
View ArticleAdobe PDF Vulnerability: Stack overflow in Font File parsing
Metasploit has a great write up on new vulnerability in PDF. The basic problem is a stack overflow when parsing OpenType fonts. In particular, SING Glyphlet tables contain a 27 byte long unique name...
View ArticleLizamoon SQL Injection Campaign Compared
Malware infections such as SQL injection are a well known security problem. Over the past two years we have seen several large-scale infections on the web, e.g. Gumblar.cn and Martuz.cn. Recently, a...
View ArticleAnatomy of a typical exploit
Here is a typical example of a compromised web page. Due to a bug in a web application like phpBB2, Moveable Type or many others, the adversary was able to insert the following line of HTML into your...
View ArticleDecoding Javascript and Why We Like Our Browser
Exploits are often obfuscated to make it more difficult to detect nefarious activities. The reason that SpyBye is posing as a proxy server is to get your web browser to do all the decoding for us....
View ArticleThe Ghost In The Browser
During HotBots last month, I presented a paper on a systematic approach for detecting malware on the web called "The Ghost In The Browser". The paper enumerates all the different ways in which a web...
View ArticleSQL Injection Redux
During my invited talk on web-based malware at USENIX Security, I mentioned SQL Injection as one of the more popular means of compromising web servers. Although I did not have a chance to post my...
View ArticleUsing htaccess To Distribute Malware
Usually, I get to find compromised web servers, but last week I was asked to fix one. A relative noticed that his web server would try to install a rogue anti-malware product and called me for help....
View ArticleLEET'09: Large Scale Exploits and Emergent Threats
The 2nd USENIX LEET workshop is going to take place on April 21st in Boston next week. The workshop program looks really interesting. There are a number of really interesting talks; here are just a...
View Article
More Pages to Explore .....