In this paper we present a light-weight and effective tool to protect against a type of repurposing attack vector, which exploits weaknesses in Web applications, referred to as the Gifar. A Gifar-based attack relies on a form of steganography, combining images or any other file types (such as word file or flash etc) with Jar files. The modified file is used to carry the payloads of various attacks, that can be triggered when posted on Web portals. In the paper, we explore the capabilities of Gifar-based attacks, expose the efficacy and the state of the art of the existing protection mechanisms against these type of attacks. We show that despite some initial steps taken by many Web portals to prevent from similar attacks, Gifar attacks can be launched from any sites, and can be used as carriers of a variety of disruptive attacks, such as denial of service, command and control, and data theft. We present the AntiGifar, a lightweight system that addresses this deficiency by detecting and stopping these attacks at the client end. As demonstrated by our test results, our solution promptly detects a number of possible Gifar-based attacks launched by any Web site. The AntiGifar provides an effective solution to this subtle threat while adding no overhead to the users local machine or browser where it resides, and it does not invasively monitor the user interactions with the browser.
|Published - 2010
|7th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2010 - Redmond, WA, United States
Duration: Jul 13 2010 → Jul 14 2010
|7th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2010
|7/13/10 → 7/14/10
All Science Journal Classification (ASJC) codes