Workshops‎ > ‎cs-ga-2010‎ > ‎

Kah-Kin Ho

Cisco Systems


Hacked While Browsing. Using the Web to Spread Malware

The use of malware to create infected hosts or ´bots´ in enterprise and consumer networks underpins virtually all online crime. These bots are used in sophisticated business models including spam, illegal drug sales, bank fraud, illegitimate software sales, click fraud, adware and data theft. Combating these global organized crime gangs and their attacks has been a major focus for the last ten years.The modern web ecosystem enables instant access to rich content and applications. However, these evolving tools have created new vectors for criminals attacks. Insecure web applications can allow access to back-end databases. The modern web browser integrates dozens of applications to interpret documents, audio and video as part of a rich web experience. The browser offers unprecedented access to these applications which are frequently accessed and exploited by criminals. Most of the infections that create the bots and feed the online crime engine are occurring through the browser, often assisted via insecure web applications. These exploits and vulnerabilities are one of the top concerns of financial, healthcare and government computer security professionals around the world. 

This session begins with by illustrating criminals´ successful exploitation of web attacks to make millions in illicit profits. We will then dive into the fundamental weaknesses in HTTP, the web browser ecosystem, DNS and web servers that enable these criminal-enriching attacks. We will show real-world examples of browser ecosystem exploits delivered via a SQL injected US website. This session will conclude with a discussion of solutions including user training, client security, gateway solutions and monitoring.