• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1121-1129
• /
• 2013

Recent malware distribution causes severe and nation-wide problems such as 3 20 cyber attack in Korea. In particular, Drive-by download attack, which is one of attack types to distribute malware through the web, becomes the most prevalent and serious threat. To prevent Drive-by download attacks, it is necessary to analyze MDN(Malware Distribution Networks) of Drive-by download attacks. Effective analysis of MDN requires a detection of obfuscated and/or encapsulated JavaScript in a web page. In this paper, we propose the scheme called Multi-level emulation to analyze the process of malware distribution. The proposed scheme analyzes web links used for malware distribution to support the efficient analysis of MDN.

• Journal of KIISE
• /
• v.45 no.1
• /
• pp.1-8
• /
• 2018

Recently, distribution of malicious codes using the Internet has been one of the most serious cyber threats. Technology of malicious code distribution with detection bypass techniques has been also developing and the research has focused on how to detect and analyze them. However, obfuscated malicious JavaScript is almost impossible to detect, because the existing malicious code distributed web page detection system is based on signature and another limitation is that it requires constant updates of the detection patterns. We propose to overcome these limitations by means of an intelligent malicious code distributed web page detection system using a real browser that can analyze and detect intelligent malicious code distributed web sites effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.93-103
• /
• 2019

Recently, malicious code distribution of ransomware through a web site based on a drive-by-download attack has resulted in service disruptions to the web site and damage to PC files for end users. Therefore, analyzing the characteristics of the target web site industry, distribution time, application type, and type of malicious code that is being exploited can predict and respond to the attacker's attack activities by analyzing the status and trend of malicious code sites. In this paper, we will examine the distribution of malicious codes to 3.43 million websites in Korea to draw out the characteristics of each detected landing site, exploit site, and distribution site, and discuss countermeasures.