Sami Rautiainen Stonesoft
In today's world, more and more applications are moving into the web. In the networked world, the complex online services make users and businesses dependant on the Internet and one particular application - the web browser.
A modern web browser is a complex piece of software which, instead of just viewing static web pages, must be able to provide a powerful platform for the advanced interactive programs available online - via scripting.
Authors of malware have realized the power of scripts embedded to web pages, too. Nowadays malicious programs commonly seen in the field exploit browser vulnerabilities combined with script-based obfuscation techniques to get executed while keeping their activity hidden in the background.
In addition of the direct attacks against the browser, the modern online applications themselves provide additional layer of complex functionality that can and is abused by malware.
This paper will look into how web-based scripting is used by malware encountered in the field, and examines techniques as well as tools available to help their analysis. Also the challenges that complicated scripts present to a detection engine are discussed.
