Malicious Javascript : An Important Attack Vector For Software Exploitation Attacks

765 Words Jul 6th, 2016 4 Pages
Malicious JavaScript has become an important attack vector for software exploitation attacks. Attacks in browsers, as well as JavaScript embedded within malicious PDFs and Flash documents, are common examples of how attackers launch attacks using JavaScript. Interactive nature of JavaScript allows malicious JavaScript to take advantage of binary vulnerabilities (e.g., use-after-free, heap/buffer overflow) that are otherwise difficult to exploit. In 2014, 639 browser vulnerabilities were discovered and the number was increased by 8% over 2013 reported by Symantec [5]. This provides the attacker a broad attack space.

Previously unknown, or “zero-day”, exploits are of particular interest to the security community. Once a malicious JavaScript attack is captured, it must be analyzed and its inner-workings understood quickly so that proper defenses can be deployed to protect against it or similar attacks in the future. Unfortunately, this analysis process is tedious, painstaking, and time-consuming. From an analysis perspective, an analyst seeks to answer two key questions: (1) Which
JavaScript statements uniquely characterize the exploit? and (2) Where is the payload located within the exploit? The answer to the first question results in the generation of an exploit signature, which can then be deployed via an intrusion detection system (IDS) to discover and prevent the exploit. The answer to the second question allows an analyst to replace the malicious payload with an

Related Documents