Friday, April 11, 2008

Whitepapers on IFRAME attacks

One thing I'm learning in this industry/profession is that there is never-ending research. I'm always learning and reading to learn more. The pile of books next to my bed is constantly getting bigger, faster than I can read them. (And it gets in the way of the pleasure reading sometimes. I guess that's what vacations are for. Vacations?) Fortunately, I like to read, and like to broaden my horizons.

Over the past couple of weeks, I've been reading the various reports (Symantic's is here, in pdf, Panda's is here, in pdf) that have been released on the state of the industry and what to expect for the rest of the year or the short-term. Frequently, I have read of IFRAME attacks. I used to be a web application developer, so the term IFRAME was familiar. I had never really used one, so I figured I would learn what they are. A quick Google search turned up a treasure trove of papers; two I'll highlight here.

I believe the two papers belong together, so I'll list them first. These papers are:
All Your IFRAMEs Point to Us
The Ghost In The Browser

I started by reading All Your IFRAMEs Point to us first, but the first citation was to The Ghost In The Browser; so I stopped and read that first. I'm glad I did.

The Ghost In The Browser was a little more technical. While it contained some of the same analysis covered more in depth in the other paper, it laid out definitions and explained how the IFRAME attack in detail. Snippets of code were included to show what you could look for in the source of the attacks. Also included were various attack vectors. This was exactly what I was looking for.

The second paper, All Your IFRAMEs Point To Us, to me, seemed a higher level. While the attack was briefly laid out, the paper discussed the prevalence of the IFRAME attacks and how they are so pervasive across the internet. If I didn't know better, after reading the article, I might never surf the web. It's not just the "grayer" areas of the internet where these attacks live. Ads are just as prevalent. Be advised, there are a couple of sections with some good-sized math included.

Further, for both articles, if I didn't know any better, I would never surf the web again. It really seems pretty grim. If you are not proactive and protective of your system.

From both articles, it is IMPERATIVE that you keep your systems patched; as the IFRAME attacks test for multiple vulnerabilities. Second, you must have some sort of anti-virus on your machine. But, to those of us in the security field, what I've typed is preaching to the choir.

Finally, one last point I would like to make. The references section in the paper All Your IFRAMES Point To Us is phenomenal. Listed are many articles, both in PDF and as web pages, covering all kinds of information. I plan on reading the papers on botnets next.

No comments:

Post a Comment