Browsing the deeps - a look into malware in the web
Sami Rautiainen Stonesoft
In today's world, more and more applications are moving into the web. In the networked world, the complex online
services make users and businesses dependant on the Internet and one particular application - the web browser.
A modern web browser is a complex piece of software which, instead of just viewing static web pages, must be able to
provide a powerful platform for the advanced interactive programs available online - via scripting.
Authors of malware have realized the power of scripts embedded to web pages, too. Nowadays malicious programs commonly
seen in the field exploit browser vulnerabilities combined with script-based obfuscation techniques to get executed
while keeping their activity hidden in the background.
In addition of the direct attacks against the browser, the modern online applications themselves provide additional
layer of complex functionality that can and is abused by malware.
This paper will look into how web-based scripting is used by malware encountered in the field, and examines techniques
as well as tools available to help their analysis. Also the challenges that complicated scripts present to a
detection engine are discussed.
This month VB's test team put 26 products to the test on
Windows Server 2008. John Hawes has the full results.