• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Botnets   »   The Reality of Browser-Based Botnets

The Reality of Browser-Based Botnets

  • Posted on:August 7, 2013 at 10:08 am
  • Posted in:Botnets
  • Author:
    Robert McArdle (Senior Threat Researcher)
0

The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack.

In their briefing, Jeremiah Grossman and Matt Johansen showed that it is possible to initiate a massive distributed denial of service (DDoS) attack via a browser-based botnet. To create the botnet itself, the potential attackers need only to invest on fake online ads which are inexpensive. Because networks serving ads on websites allow the execution of JavaScript, the attackers craft the JavaScript to make hundreds or thousands of users connect to a targeted site simultaneously, which may be enough to make the victim site inaccessible. Unfortunately, this scenario is likely to come to fruition, given that ads are staple on sites and basically a driving force behind the Web.

In 2011, we’ve looked into similar threat scenario, wherein we researched on the possibility of browser-based botnets by way of HTML5. In the said paper, we cited the developments done in HTML5 and how attackers could harness these improvements to their advantage. In particular, with HTML, attackers can create a botnet that will include systems of different operating systems, even mobile devices. The botnet will be memory-based, thus it will be difficult to detect by traditional anti-malware software.

Below are some important points that I raised in the research, specifically on how attackers can use HTML5 for their attacks.

  • Compared to traditional botnets, browser-based ones are not deemed as persistent. The malicious code will stop running once users close the browser tab. With this in mind, attackers can instead use persistent XSS and site compromise or a combination of clickjacking and tabnabbing or disguise the malicious page as an interactive game.
  • Besides DDoS attacks, this abuse of HTML5 can lead to spamming, bitcoin generation, phishing, internal network reconnaissance, proxy network usage, and spreading of worm via XSS attacks or SQL injections.

This misuse of HTML5 represents a method by which an attacker can infiltrate or initiate an attack against their targets. As browsers and apps (essentially stripped-down browsers) are the likely default way to connect online in this age of consumerization and increasing Internet-connected devices and appliances (Internet of everything), the idea of browser-botnet is an alarming prospect. With the use of HTML5 expected to take off in mobile apps as recently exemplified by Amazon, we can expect this threat to be an increasing reality anytime soon.

For users, the best way to prevent this attack is to study and understand the risks involved. User education, in particular for companies, can come along way in protecting the organizations’ business operations and important information. For more information about the research and how Trend Micro can help users combat this attack, you may refer to the paper HTML5 Overview: A Look At HTML5 Attack Scenarios.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: blackhat 2013browser-based botnetsDDoShtml 5

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
  • Windows App Runs on Mac, Downloads Info Stealer and Adware
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures

Popular Posts

  • Going In-depth with Emotet: Multilayer Operating Mechanisms
  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.