< "Know Your Enemy: Web Application Threats" | "Shelia: A Client-side Honeypot for Attack Detection" >

"Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure"

The recent ACM Conference on Computer and Communications Security (CCS'06) had some interesting papers. One of them deals with so called Puppetnets. A puppetnet is created by malicious web sites which exploit a visiting web browser and take control of it. Similar to a botnet, these puppetnets can be used to mount DDoS attacks, reconnaissance probes, or other nefarious purposes. Presumably the threat posed by these networks is way lower than botnets, but nevertheless they could pose a problem in the future due to the prevalance of client-side exploits. The whole paper is entitled "Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure".

Abstract
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser’s host machine and user. In this paper we attempt to quantify the threat of browsers being indirectly misused for attacking third parties. Specifically, we look at how the existing Web infrastructure (e.g., the languages, protocols, and security policies) can be exploited by malicious Web sites to remotely instruct browsers to orchestrate actions including denial of service attacks, worm propagation and reconnaissance scans. We show that, depending mostly on the popularity of a maliciousWeb site and user browsing patterns, attackers are able to create powerful botnet-like infrastructures that can cause significant damage. We explore the effectiveness of countermeasures including anomaly detection and more fine-grained browser security policies.

@inproceedings{DBLP:conf/ccs/LamAAA06,
author = {V. T. Lam and Spyros Antonatos and
P. Akritidis and Kostas G. Anagnostakis},
title = {Puppetnets: Misusing Web Browsers as a
Distributed Attack Infrastructure.},
booktitle = {ACM Conference on Computer and Communications Security (CCS'06)},
year = {2006},
pages = {221-234},
}

This entry was posted by Thorsten Holz on Monday, March 5. 2007 at 12:17. and is filed under paper. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. Elias Athanasopoulos says:
    #1 2007-03-05 20:29 (Reply)

    In a similar fashion, the following paper, from ACNS 2006, misuses a file-sharing system, Gnutella, for DDoS attacks:

    http://www.ics.forth.gr/~elathan/publications/gdos-paper-final.pdf


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.