Defending Browsers Against Drive-By Downloads: Mitigating Heap-Spraying Code Injection Attacks

Free registration required

Executive Summary

Drive-by download attacks are among the most common methods for spreading malware today. These attacks typically exploit memory corruption vulnerabilities in web browsers and browser plug-ins to execute shellcode, and in consequence, gain control of a victim's computer. Compromised machines are then used to carry out various malicious activities, such as joining botnets, sending spam emails, or participating in distributed denial of service attacks. To counter drive-by downloads, the authors propose a technique that relies on x86 instruction emulation to identify JavaScript string buffers that contain shellcode. Their detection is integrated into the browser, and performed before control is transferred to the shellcode, thus, effectively thwarting the attack.

  • Format: PDF
  • Size: 365 KB