 |
 |
 |
 |
 |
 |
|
| |
|
|
| |
| Abstract |
| |
|
Paper
Title
|
Propagation of Malware Through Compromised
Websites: Attack Trends and Countermeasures
|
|
Author(s)
|
S.S. Sarma (India), Scientist ‘D’, CERT-In.
|
|
Time
|
11 December, Thursday, 16:10 - 16:50.
|
|
|
|
|
The
Information infrastructure is subjected to continuous attacks
over Internet. The malicious software (malware) has been a major
threat to information assets.
While significant changes are observed in the complexity of
malware and motives of malware authors, Current trend indicates
phenomenal changes in the way the malware are being propagated.
Apart from traditional ways of propagation through email
attachments and SPAM, websites are being used for propagation of
malware.
This paper attempts to examine the current trends in malware
propagation and functionalities of large scale botnets such as
operating Fast Flux DNS, hosting of malicious websites and
injecting malicous links on legitimate websites. Various types
of attacks on Indian websites, observed by CERT-In are examined.
Typical attack scenarios will be discussed in detail.
Examples cases that are discussed are 1. Remote File Inclusion
through malicious scripts on PHP based websites, 2. SQL
Injection attacks on ASP based websites. Technical solutions to
the specific web based attacks are examined.
The mitigation of these threats demands greater cooperation
among various agencies such as CERTs, Security vendors, ISPs,
Domain Registrars. Ways and means of such cooperation are
explored. |
| |
|
| |
|
