SurfGuard JavaScript instrumentation-based defense against Drive-by downloads

Delivering malware via the web is now the cybercriminal´s favorite means of attack. Advances in the malware distribution has increased to such an extent that today merely visiting a website causes a script to execute and thus download malicious executables on to your system. Exploits use the very flexible and dynamic natured javascript to employ a wide variety of attacks on the browsers. JavaScript is the core component of interactive and dynamic web pages of today. Its tight integration with the browser environment is often taken advantage to exploit different kinds of vulnerabilities. A malicious JavaScript can be embedded in a web page and will run without warning when the page is viewed in any ordinary browser. It also successfully bypasses the firewalls because the victim himself has chosen to view the page. A successful exploit results in series of malware downloads on to the system. The dangers of these attacks have created a need for some protection mechanism to safeguard the users who are exposed to such threats. Traditional techniques to counter this problem are either a performance overhead or work offline or are too much complicated to be used by novice user. The proposed project is a light-weight javascript instrumentation that enables static and dynamic analysis of the visited webpage to detect the attempts of attack on the page. Furthermore the product mitigates detected attacks by changing suspicious elements, so they do not cause harm anymore, thus actually protecting users from such attacks. In this paper, we briefly discuss the causes and impact of these attacks on a system. We show how these attacks can be detected and mitigated with minimal or no interaction with the user. We also discuss on the issues we came across while designing the product and how they were tackled. Finally, we report on the progress of the project so far and the planned future work.