Sciweavers

DIMVA
2009

Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks

14 years 21 days ago
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
Drive-by download attacks are among the most common methods for spreading malware today. These attacks typically exploit memory corruption vulnerabilities in web browsers and browser plug-ins to execute shellcode, and in consequence, gain control of a victim's computer. Compromised machines are then used to carry out various malicious activities, such as joining botnets, sending spam emails, or participating in distributed denial of service attacks. To counter drive-by downloads, we propose a technique that relies on x86 instruction emulation to identify JavaScript string buffers that contain shellcode. Our detection is integrated into the browser, and performed before control is transfered to the shellcode, thus, effectively thwarting the attack. The solution maintains fair performance by avoiding unnecessary invocations of the emulator, while ensuring that every buffer with potential shellcode is checked. We have implemented a prototype of our system, and evaluated it over thous...
Manuel Egele, Peter Wurzinger, Christopher Kruegel
Added 09 Nov 2010
Updated 09 Nov 2010
Type Conference
Year 2009
Where DIMVA
Authors Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda
Comments (0)