Computer Sciences Dept.

Computer Security and Cryptography Reading Group
March 2006 List

Date &
Location
Reading
Friday, March 17, 2006
11 AM - 12 PM
7331 CS

Y.-M. Yang

X. Jiang

C. Verbowski

S. Chen
Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, S. King
MSR / Purdue / Florida Tech
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities
NDSS'06

URL: http://www.isoc.org/.../papers/honeymonkeys.pdf

Internet attacks that use malicious web sites to install malware programs by exploiting browser vulnerabilities are a serious emerging threat. In response, we have developed an automated web patrol system to automatically identify and monitor these malicious sites. We describe the design and implementation of the Strider HoneyMonkey Exploit Detection System, which consists of a pipeline of "monkey programs" running possibly vulnerable browsers on virtual machines with different patch levels and patrolling the Web to seek out and classify web sites that exploit browser vulnerabilities.

Within the first month of utilizing this system, we identified 752 unique URLs hosted on 288 web sites that could successfully exploit unpatched Windows XP machines. The system automatically constructed topology graphs based on traffic redirection to capture the relationship between the exploit sites. This allowed us to identify several major players who are responsible for a large number of exploit pages. By monitoring these 752 exploit-URLs on a daily basis, we discovered a malicious web site that was performing zero-day exploits of the unpatched javaprxy.dll vulnerability and was operating behind 25 exploit-URLs. It was confirmed as the first "in-the-wild", zero-day exploit of this vulnerability that was reported to the Microsoft Security Response Center. Additionally, by scanning the most popular one million URLs as classified by a search engine, we found over seven hundred exploit-URLs, many of which serve popular content related to celebrities, song lyrics, wallpapers, video game cheats, and wrestling.


< Back to the Sec & Crypto reading group page
Created and maintained by Mihai Christodorescu (http://www.cs.wisc.edu/~mihai)
Created: Fri Jan 27 11:58:07 2006
Last modified: Fri Jan 27 11:59:05 Central Standard Time 2006
 
Computer Science | UW Home