Thursday, May 24, 2007

Analysis of Web-based Malware

This looks like an interesting paper:

The Ghost In The Browser: Analysis of Web-based Malware


Abstract:

As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.

Friday, May 18, 2007

[USAToday] Phones studied as attack detector

This is an interesting idea, related to the Hitchhiking work we've done in the past for detecting how busy a place is, and to my Worldspotting blog entry a while back.


Homeland Security officials are looking into outfitting cellphones with detectors that would alert emergency responders to radiological isotopes, toxic chemicals and biological agents such as anthrax.

...

The Homeland Security Department says the program, called Cell-All, might work this way: Detectors would be placed in cellphones, most of which are already linked to the Global Positioning System. If a detector recorded a hit, the GPS would transmit the location and time to local emergency responders and Homeland Security's operations center.


Of course, there's the question of too many false positives, as well as the very serious privacy concerns involved, especially since there is little direct benefit to end-users.

Monday, May 14, 2007

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites

Our paper entitled CANTINA: A Content-Based Approach to Detecting Phishing Web Sites was presented at WWW2007.


Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of CANTINA, a novel, content-based approach to detecting phishing web sites, based on the TF-IDF information retrieval algorithm. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.


Paper: PDF
Presentation: PPT

Tuesday, May 08, 2007

Is J2ME going to fail for Mobiles too?

While at CHI2007 this past week, I got into a discussion with some old friends about how difficult it was to program Java on mobile phones. In fact, some students working with me have decided to switch from J2ME to FlashLite, because it was faster to do prototypes and because the GUI looked so much better.

I can't help but wonder if Java is making the same mistake it did with desktop GUIs and web browsers. It's hard for me to name compelling Java applets that run in the browser (perhaps the best one I know of is GoProblems). The fundamental problem with Java is that it makes it hard to create attractive GUIs. It just doesn't make easy things easy. Unless J2ME developers get their act together, my prediction is that J2ME will fail on mobiles too.