• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1049-1058
• /
• 2017

The rapid evolution of mobile technologies and proliferation of mobile devices have created a new channel for marketing by mobile advertising. As mobile advertising is a close relative to online advertising, it also has similar problems such as advertisement injections (Ad injections). Users are exposed to unwanted advertisements and redundant web traffic by injected ads can cause additional charges of mobile devices. Although mobile ad injection can cause many problems it has been merely studied. In this paper, we analyze ad injection activities by mobile applications that exploit a legitimate application (Naver mobile application). We reverse-engineered 2 mobile applications and find out characteristics of mobile ad injections. We compare mobile ad injections with online ad injections and suggest feasible mitigations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.213-222
• /
• 2017

Online advertisement has many benefits comparing to offline advertisement but it also has many challenging problems by online ad abuses. Advertisement injection (Ad injection) is one of the threats that surreptitiously inserts advertisements without a permission of site owners. Users are exposed to additional ads and redundant web traffic by injected ads can cause a service quality problem. Moreover, advertisers can have economic loss when injected ads are different from original ones. Although ad injection leads to these problems it has not been fully studied yet. A few ad injection researches are done by online advertising providers such as Google. In this paper, we analyze ad injection activities to Korean major portal, Naver. We classify 6 types of ad injections and describe their characteristics by analyzing 27 downloaders and 199 installed programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.283-293
• /
• 2012

A new type of malware that extracts personal and account data over an extended period of time and that apparently is resistant to detection by vaccines has been identified. Generally, a malware is installed on a computer through network-to-network connections by utilizing Web vulnerabilities that contain injection, XSS, broken authentication and session management, or insecure direct-object references, among others. After the malware executes registration of an arbitrary service and an arbitrary process on a computer, it then periodically communicates the collected confidential information to a hacker. This paper is a systematic approach to analyzing a new type of malware called "winweng," a kind of worm that frequently made appearances during the first half of 2011. The research describes how the malware came to be in circulation, how it infects computers, how its operations expose its existence and suggests improvements in responses and countermeasures. Keywords: Malware, Worm, Winweng, SNORT.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.