SS'08 Proceedings of the 17th conference on Security symposium
| Hi-index | 0.00 |
Currently, numerous freeware URL screening tools are available online. While these tools exhibit various levels of sophistication in dealing with traditional web-based exploits, most of them are quite ineffective in detecting some more subtle forms of infection. In particular, most of these tools omit to detect and/or alert against drive-by-download injections that do not result in the download and/or execution of a malware, but instead only aim to tarnish the credibility of the compromised website or intrude on the privacy of its users. In this paper, we present our new visual location-based URL screening tool, named VLUS. We demonstrate that with this tool, various forms of drive-by-download injection leading to redirection can be easily spotted, irrespective of the nature of the injected content. The tool is also useful for the purposes of general webpage content analysis. We close the paper by outlining an alternative implementation of VLUS in the form of a browser Chrome extension. By a simple monitoring of the application-level traffic calls performed by the browser, this implementation offers several unique advantages over the standard VLUS implementation.