web-based malware from Rachna Dhamija on 2007-06-27 (public-wsc-wg@w3.org from June 2007)

From: Rachna Dhamija <rachna.w3c@gmail.com>
Date: Wed, 27 Jun 2007 15:47:12 -0700
To: public-wsc-wg@w3.org
Message-ID: <20abbc510706271547i725418b4l92c405668c6e92ef@mail.gmail.com>

As a follow up to our conversation today about malware and phishing, I
thought I'd send out this Google paper on web-based malware.  It presents a
good overview of the problem and categorizes how exploits are placed on web
pages (through compromised web servers, user contributed content,
advertising and third party widgets) and how malware is installed (by luring
a user to visit a website and then exploiting browser vulnerabilities or
tricking the user to give their permission).

The Ghost In The Browser: Analysis of Web-based Malware
Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra
Modadugu
http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf

Received on Wednesday, 27 June 2007 22:47:23 UTC