Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions

Browser extension systems risk exposing APIs, which are too permissive and cohesive with the browser’s internal structure, leaving a hole for malicious developers to exploit security critical functionality. We present a botnet framework based on malicious browser extensions and provide an exhaustive range of attacks that can be launched in this framework.

[1]  Lei Liu,et al.  Chrome Extensions: Threat Analysis and Countermeasures , 2012, NDSS.

[2]  Lei Liu,et al.  Botnet with Browser Extensions , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[3]  Thomas C. Schmidt,et al.  Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics , 2015, WOOT.

[4]  Vitor Monte Afonso,et al.  Toward a Taxonomy of Malware Behaviors , 2015, Comput. J..

[5]  V. N. Venkatakrishnan,et al.  Enhancing web browser security against malware extensions , 2007, Journal in Computer Virology.

[6]  Christopher Krügel,et al.  Hulk: Eliciting Malicious Behavior in Browser Extensions , 2014, USENIX Security Symposium.

[7]  David A. Wagner,et al.  An Evaluation of the Google Chrome Extension Security Architecture , 2012, USENIX Security Symposium.

[8]  Franco Callegati,et al.  Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.

[9]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[10]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[11]  CallegatiFranco,et al.  Man-in-the-Middle Attack to the HTTPS Protocol , 2009, S&P 2009.

[12]  David A. Wagner,et al.  The Effectiveness of Application Permissions , 2011, WebApps.

[13]  Vijay Laxmi,et al.  The darker side of Firefox extension , 2013, SIN.

[14]  Zhenkai Liang,et al.  An Empirical Study of Dangerous Behaviors in Firefox Extensions , 2012, ISC.

[15]  Nattakant Utakrit Review of Browser Extensions, a Man-in-the-Browser Phishing Techniques Targeting Bank Customers , 2009 .

[16]  Marianne Winslett,et al.  Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.

[17]  Mohammad Zulkernine,et al.  On evaluating and securing firefox for Android browser extensions , 2014, MOBILESoft 2014.

[18]  Niels Provos,et al.  Trends and Lessons from Three Years Fighting Malicious Extensions , 2015, USENIX Security Symposium.

[19]  Adam Barth,et al.  Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.

[20]  Bong-Nam Noh,et al.  The Activity Analysis of Malicious HTTP-Based Botnets Using Degree of Periodic Repeatability , 2008, 2008 International Conference on Security Technology.

[21]  Wei Meng,et al.  Understanding Malvertising Through Ad-Injecting Browser Extensions , 2015, WWW.

[22]  Pern Hui Chia,et al.  Is this app safe?: a large scale study on application permissions and risk signals , 2012, WWW.

[23]  Wouter Joosen,et al.  Monkey-in-the-browser: malware and vulnerabilities in augmented browsing script markets , 2014, AsiaCCS.

[24]  Vinod Ganapathy,et al.  Analyzing Information Flow in JavaScript-Based Browser Extensions , 2009, 2009 Annual Computer Security Applications Conference.