Hackers of India

Malware Detection Tool for Websites: A Proof-Of-Concept

By  Anant Kochhar  on 25 Feb 2010 @ Nullcon


Presentation Material

nullcon 2010 - Signature based Malware Detection PoC for Websites from n|u - The Open Security Community

Abstract

Exploiting the implicit trust in ‘known’ websites has become the de facto method to spread malware. ‘Iframe injection’ has become the most talked about injection for security professionals and ‘badware site’ has become the nightmare tag for site administrators.

Malwares have infected popular web portals, government websites, banking and other financial sites with alarming speed and frequency. Site owners around the world have come to dread the now infamous Google warning : “This site may harm your computer”

This presentation will give a Proof-Of-Concept of a signature-based tool to gauge a website’s health in real time and will explain why the proposed tool is better and more reliable than expensive behaviour analysis malware detection tools.

The tool aims to help site owners avoid loss of website and organization reputation, while ensuring that their website does not become a tool to spread the dreaded malware. This presentation will also include a live demo of the tool in its current state.

Like with any disease, detection is the first step to the cure but prevention is the priceless alternative. The presentation will also enumerate best practises to ensure malware free websites