• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Annual Conference on Privacy, Security and Trust >ZARATHUSTRA: Extracting Webinject signatures from banking trojans
【24h】

ZARATHUSTRA: Extracting Webinject signatures from banking trojans

机译:ZARATHUSTRA:从银行木马中提取Webinject签名

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Modern trojans are equipped with a functionality, called WebInject, that can be used to silently modify a web page on the infected end host. Given its flexibility, WebInject-based malware is becoming a popular information-stealing mechanism. In addition, the structured and well-organized malware-as-a-service model makes revenue out of customization kits, which in turns leads to high volumes of binary variants. Analysis approaches based on memory carving to extract the decrypted webinject.txt and config.bin files at runtime make the strong assumption that the malware will never change the way such files are handled internally, and therefore are not future proof by design. In addition, developers of sensitive web applications (e.g., online banking) have no tools that they can possibly use to even mitigate the effect of WebInjects.
机译:现代木马配备了称为WebInject的功能,可用于静默修改受感染的最终主机上的网页。鉴于其灵活性,基于WebInject的恶意软件正在成为一种流行的信息窃取机制。此外,结构化和组织良好的恶意软件即服务模型使定制工具包产生了收益,进而导致大量的二进制变体。基于内存雕刻的分析方法可以在运行时提取解密的webinject.txt和config.bin文件,因此有一个很强的假设,即该恶意软件将永远不会改变内部处理此类文件的方式,因此在设计上无法证明未来。另外,敏感的Web应用程序(例如,在线银行)的开发人员没有可以用来减轻WebInjects影响的工具。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号