Sciweavers

CCS
2006
ACM

Puppetnets: misusing web browsers as a distributed attack infrastructure

14 years 3 months ago
Puppetnets: misusing web browsers as a distributed attack infrastructure
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser's host machine and user. In this paper we attempt to quantify the threat of browsers being indirectly misused for attacking third parties. Specifically, we look at how the existing Web infrastructure (e.g., the languages, protocols, and security policies) can be exploited by malicious Web sites to remotely instruct browsers to orchestrate actions including denial of service attacks, worm propagation and reconnaissance scans. We show that, depending mostly on the popularity of a malicious Web site and user browsing patterns, attackers are able to create powerful botnet-like infrastructures that can cause significant damage. We explore the effectiveness of countermeasures including anomaly detection and more fine-grained browser security policies. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection--Invasive software General Terms Security, Measurem...
V. T. Lam, Spyros Antonatos, Periklis Akritidis, K
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CCS
Authors V. T. Lam, Spyros Antonatos, Periklis Akritidis, Kostas G. Anagnostakis
Comments (0)