Friday, April 23, 2010


AUTOMATED WEB PATROL WITH
STRIDER HONEYMONKEYS
Abstract

Internet attacks that use Web servers to exploit browser vulnerabilities to install malware programs are on the rise. Such malicious web content poses a serious threat to the Internet, organizations and users. The attacks allow web servers that host compromised URLs to install malcode on visiting client machines without requiring any user interaction beyond visitation. In reverberation to these attacks, an automated web patrol system has been developed which makes use of the strider honey monkey programs which consist of the monkey programs to perform large-scale, systematic and automated web patrol. The Honey Monkey system uses monkey programs that run within virtual machines of various patch levels to drive web browsers in an attempt to simulate human web browsing. The system automatically constructs topology graphs that capture the connections between the exploit sites based on traffic redirection, which leads to the identification of several major players who are responsible for a large number of exploit pages. By scanning the most popular one million URLs as classified by a search engine, over seven hundred exploit-URLs have been found, many of which serve popular content related to celebrities, song lyrics, wallpapers, video game cheats, and wrestling. We demonstrate the effectiveness of our method by discovering a large community of malicious web sites that host exploit pages and by deriving the redirection relationships among them. We describe a real-world experience with identifying a zero-day exploit2 using this system. We show the existence of hundreds of malicious web pagesamongst many popular web sites. Finally, we propose a comprehensive anti-exploit process based on this monitoring system in order to improve Internet safety.





No comments:

Post a Comment