Analyis of Screen Capture Malware

Abstract

Over the years, the number of websites, domains and Internet users has increased rapidly. Advancement in technology is a necessity of time, but as new technologies come into being, new security vulnerabilities are discovered and exploited in practice. Hackers and malware creators make use of advanced methods to plant malware on victim’s system. Browser is the main channel used by malware writers to route their malicious software to the victim’s computer, and browser vulnerabilities are exploited for the same. Browser security is the main aim of this project. It focuses on three major areas – screen capture malware, security of Mozilla Firefox extensions and threat owing to malicious JavaScript content on the web. Firstly, we studied the current state of affairs of screen capture malware - a threat to user privacy and security. A new approach to defeat virtual keyboards using a new method for capturing parts of a browser screen is illustrated. A Firefox extension was created for the same and tested on several Indian Banks. It gave rise to two major issues – need for anti-screen capture virtual keyboards and security of Firefox extensions. A study was carried out to examine the Firefox extensions and a solution is discussed for the same. In the second phase, another topic of current importance is accentuated – malicious JavaScript on the Web. JavaScript is injected into web pages to exploit vulnerabilities in various browser plugins and Operating Systems, to download malware silently without user’s consent. An extension was created for Firefox which will check every Iframe for properties usually possessed by malicious Iframes, and block them based on a set of rules. Moreover a basic framework for detection of Malicious JavaScript based on characteristics of obfuscation has been implemented.

Technical Guidance

Project Member:

Tanusha Nadkarni

tanusha_nadkarni@yahoo.co.in


Downloads:
  • Software        

  •            






    Content with URLs that have the current URL as a prefix has been hosted in accordance with fair use principles, for academic and non-profit purposes. By downloading the contents of this page, you agree to bring possible violation of fair use to my notice before taking legal recourse.