SlideShare ist ein Scribd-Unternehmen logo

Automated Web Patrol for Detecting Malicious Sites

International Journal of Engineering Inventions www.ijeijournal.com
International Journal of Engineering Inventions www.ijeijournal.com

The document discusses an automated system called HoneyMonkey that detects exploits and malware on websites through the use of client-side honeypots. HoneyMonkey utilizes "monkey programs" that run browsers within virtual machines to mimic human web browsing. Any files created or changes made outside the browser are flagged as potential exploits. The system also tracks redirections and popups to analyze vulnerability exploitation and malware installation chains. Evaluation of HoneyMonkey showed it could successfully classify websites as excellent, bad or okay based on detected exploits and redirection behavior.

1 von 6
Downloaden Sie, um offline zu lesen
International Journal of Engineering Inventions ISSN: 2278-7461, www.ijeijournal.com Volume 1, Issue 8 (October2012) PP: 01-06 AUTOMATED WEB PATROLING WITH EXPLOIT DETECTION OF MALICIOUS SITES Ms. Rajashree C. Sonawane1, Prof. Mrs. S.M.Jaybhaye2 1,2 Department of Information TechnologySinhgad College of Engineering, University of Pune, Pune Abstract:––Client-side attacks are on the rise malicious websites that exploit vulnerabilities in the visitor’s browser are posing a serious threat to client security, compromising innocent users who visit these sites without having a patched web browser. Malicious websites are websites which have any kind of content that could be a threat for the security of the clients requesting particular sites. Currently, there is neither a freely available comprehensive database of threats on the Web nor sufficient freely available tools to build such a database. The purpose of an exploit is almost always to introduce some piece of arbitrary code on the victim machine, as a way to achieve a larger attack goal. It is not uncommon to see a malicious web page attempting to exploit multiple browser vulnerabilities in order to maximize the chance of a successful attack. Hence Honey Monkeys, introduce the Monkey-Spider project. Utilizing it as a client honey pot, the portray the challenge in such an approach and evaluate system as a high-speed, Internet scale analysis tool to build a database of threats found in the wild. Furthermore, it evaluates the system by analysing different crawls performed. I. INTRODUCTION Internet attacks that use a malicious or hacked web site to exploit unpatched client-side vulnerabilities of visiting browsers are on the rise. These attacks allow web servers that host compromised URLs to install malcode on visiting client machines without requiring any user interaction beyond visitation. There have been several manual analyses of these events. Although these analyses provide very useful and detailed information about which vulnerabilities are exploited and which malware programs are installed, such efforts are not scalable, do not provide a comprehensive picture of the problem, and are generally ineffective at efficiently finding new malicious sites. To address these issues, developed a system that uses a pipeline of active, client-side honeypot, called Strider HoneyMonkeys, to perform large-scale, systematic and automated web patrol. The HoneyMonkey Figure 1: Exploit detection at client side system uses monkey programs that run within with OS’s of various patch levels to drive web browsers in an attempt to mimic human web browsing. This approach adopts a state-management methodology to cyber security: instead of directly detecting the acts of vulnerability exploits, the system uses the Strider Tracer to catch unauthorized file creations and configuration changes that are the result of a successful exploit. [1] II. LITERATURE SURVEY Web Patrol: This web page monitoring software makes following hundreds of web sites and blogs as simple and fast as checking your e-mail. It will visit web sites for you, as often as you like, and notify you when it finds a change. Web patrol is used to Checks single pages or entire web sites for changes on the particular page. It is used to Checks normal pages or frame based pages and Monitors PDF files for changes .This web page monitoring software makes monitors web sites, ISSN: 2278-7461 www.ijeijournal.com P a g e |1
AUTOMATED WEB PATROLING WITH EXPLOIT... blogs and text files for changes .It also improves your productivity by working silently and unattended .Web patrol Notifies you of changes by popup, sound and/or email and Shows pages with changes highlighted in the internal browser. Different security issues related to web sites: Website is a broad field, but most websites have common security issues that need to be addressed, regardless of the particular technologies used or functions deployed. 1. Validation of input and output data All data written as output (displayed) needs to be safe to view in a browser, email client or other software and the integrity of any data that is returned must be checked.. 2. Malicious file executions Uploaded files or other data feeds may not be what they seem. Never allow user-supplied input to be used in any file name or path (e.g. URLs or file system references). Uploaded files may also contain a malicious payload so should not be stored in web accessible locations. 3. Authentication and session management Websites rely on identifying users to provide access permissions to data and functions. [10] Existing tools: 1. Online link Scanner: Online Link Scan - Virus, Trojan, Adware and Malware Scanner has come up with. It will save and ultimately protect the computer and the data of the user from getting unethically violated. So if you are worried about constant violation of your personal space while your surf or go to your chosen links by being redirected to harmful threats, at Online Link Scan - Virus, Trojan, Adware and Malware Scanner take the problem off you and offer safeguards like detection of hidden links that are not possible for you to notice. It detect an impending danger to your computer by allowing you to scan for suspicious links that might gets infected with viruses, trojanhorses, spyware and other malware. Although it accept no liability for the accuracy and integrity of all scan results but will do our best to help protect your system as to reduce the possibility of being invaded.[8] 2. Web site pulse: Website Pulse is a leading provider of global, independent and objective monitoring of the availability and performance of web sites, servers and network components, web applications and e-business transactions, web-based and e-mail systems. The advanced web monitoring service ensures reliable early problem and error detection with multi- stage verification process, followed by real-time multimedia alerts. Detailed reports and website diagnostic tools allow web system owners and operators to quickly locate and troubleshoot any problem, minimizing the downtime of their web systems. The Website Pulse monitoring agent - the proprietary platform of Website Pulse - is designed for synchronized 24/7 monitoring through an integrated global network of interconnected and redundant monitoring locations throughout North America, Europe, Asia, Australia, and New Zealand. It constantly measures website accessibility and web-based systems performance, immediately triggers alerts and troubleshooting notifications of detected problems, and provides its customers with real time data charts, graphs and raw data for detailed analysis.[9] III. EXISTING METHODOLOGY FOR EXPLOIT DETECTION (1) Executable files created or modified outside the browser sandbox folders: This is the primary mechanism for exploit detection. It is implemented on top of the Strider Tracer, which uses a file-tracing driver to efficiently record every single file read/write operation. [1] (2) Processes created: Strider Tracer also tracks all child processes created by the browser process. (3) Vulnerability exploited: To provide additional information and to address limitations of the black-box approach, developed and incorporated a Vulnerability-specific detector. This is based on the vulnerability signature of the exploit, rather than on any particular piece of malcode. (4) Redirect-URLs visited: Since malcode is often laundered through other sites, this module allows us to track redirections to determine both the real source of the malcode and those involved in the distribution chain Upon detecting an exploit, the monkey saves its logs and notifies the Monkey Controller on the host machine to destroy the infected VM and re-spawn a clean Honey Monkey, which then continues to visit the remaining URL list. The Monkey Controller then passes the detected exploit-URL to the next monkey in the pipeline to further investigate the strength of the exploit. [1][2] Redirection Analysis Many exploit-URLs do not perform the actual exploits but instead act as front-end content providers that serve “interesting” content such as pornography in order to attract browser traffic. This traffic is then sold and redirected to back- end exploit providers, which specialize in exploiting clients and installing malware.URLs visited through traffic redirection can be tracked with a Browser Helper Object running within each browser process or by intercepting and analysing network packets. When the Honey Monkey runs in its “redirection analysis” mode, any automatically visited URLs are fed back to the system for further checking. [1] ISSN: 2278-7461 www.ijeijournal.com P a g e |2
AUTOMATED WEB PATROLING WITH EXPLOIT... IV. OVERVIEW OF MODULES There is different vulnerability exploits Related to web browser are: Web Site Vulnerability Exploitation: Malicious activities performed by actual web sites exploiting browser vulnerabilities can be divided into four steps: code obfuscation, URL redirection, vulnerability exploitation, and malware installation. MODULE 1 URL Redirection from list of URLs visited : Most malicious web sites automatically redirect browser traffic to additional URLs. Specifically, when a browser visits a primary URL, the response from that URL instructs the browser to automatically visit one or more secondary URLs, which may or may not affect the content that is displayed to the user. Since redirection is commonly used by non-malicious sites to enrich content, simply eliminating redirection from a browser would present significant complications. Figure 2 Report for Redirection analysis MODULE 2 Vulnerability Exploitation due redirections and popups It is not uncommon to see a malicious web page attempting to exploit multiple browser vulnerabilities in order to maximize the chance of a successful attack. HTML fragment that uses various primitives to load multiple files from different URLs on the same server to exploit three vulnerabilities fixed in Microsoft Security Bulletins. Figure 3 Report for popup If any of the exploits succeeds, a Trojan downloader named win32.exe is downloaded and executed. Note that although Internet Explorer is the common target due to its popularity, other browsers can also be attacked. MODULE 3 Malware Installations: The purpose of an exploit is almost always to introduce some piece of arbitrary code on the victim machine, as a way to achieve a larger attack goal, including viruses that infect files, backdoors that open entry points for future unauthorized access, boot programs that allow the attacker to control a whole network of compromised systems, Trojan downloader’s that connect to the Internet and download other programs, Trojan droppers that drop files from themselves without accessing the Internet, and Trojan proxies that redirect network traffic. Some spyware programs and even anti- spyware programs are also installed through exploits.[1] MODULE 4 Result Analysis: Generated report for site Status: Honey Monkey System will display the result of exploitation by displaying result in the report format. Following is the report generated by system for the result of all the contents of URL http://www.google.com. Similarly different Redirections and popup is detected during exploitation detection process are displayed in the results. Finally it will show the status of web page and automatically it will redirect to that web page. ISSN: 2278-7461 www.ijeijournal.com P a g e |3
AUTOMATED WEB PATROLING WITH EXPLOIT... Fig 3 will display final report generated by Honey monkey system. Figure 4: Report for exploit detection V. PROPOSED SYSTEM Exploit Detection: Monkey program that launches a browser instance to visit each input URL and then waits for a few minutes to allow downloading of any code which may have a short time delay. It detects a group of persistent-state changes to signal exploitation. Figure 5: Flow diagram Of HoneyMonkey System Since the monkey is not instructed to click on any dialog box to permit software installation, any executable files or registry entries created outside the browser sandbox indicate an exploit. This approach has the additional important advantage of allowing the detection of known-vulnerability exploits. HoneyMonkey uses a black box system to detect exploits, i.e., it doesn't use a signature of browser exploits to detect exploits. A Monkey Program, a single instance of the HoneyMonkey project, launches Internet Explorer to visit a site. The monkey does not allow pop-ups, nor does it allow installation of software. Any read or write that happens out of Internet Explorer's temporary folder therefore must have used browser exploits. These are then analysed by malware detection programs and then manually analysed. Site redirection is a browser concept that enables a site URL to be redirected from one site to one or more other sites. It is capable of providing modularity on the internet. The redirection may occur without the authorization, or even knowledge, of the user. Especially when the site redirection occurs without the knowledge of the user, redirection may be ISSN: 2278-7461 www.ijeijournal.com P a g e |4
AUTOMATED WEB PATROLING WITH EXPLOIT... more precisely termed a “cross-domain auto-visit”. For most exploit scenarios, the page content stays at the URL to which the user originally directed a browser while the other URL(s) are being auto-visited by the browser under the cover. Although there are legitimate purposes to redirection that benefit web site operators and browser users alike, site redirection can also be used for nefarious purposes. For example, it is often used by exploit providers to hide their identity and/or make exploit detection more difficult to track and prevent. The exploit “experts” pay provider sites to redirect clients to their exploitive sites. Malware development companies then pay exploiters to install their software. VI. RESULT AND ANALYSYS Malware classification of different websites using different existing tools and our system Honeymokey is done in given chart below: Graph 1: Malware classification The above graph shows comparison between different tools used for scanning URLs and no of sites detected good, bad or ok are shown in graph up to 10 URLs are scanned using different tools and depend upon result graph is displayed. Comparison between different types of sites is shown by line chart, chart shows comparison depend on result given by Honey monkey system. 10 URLs of each type of websites are scanned and result of no. of sites comparison is shown by line chart Depend upon values stored in table. Table 1: Comparisons of different types of URLs using HoneyMonkey System Graph 2: Comparison of different types of URLs ISSN: 2278-7461 www.ijeijournal.com P a g e |5
AUTOMATED WEB PATROLING WITH EXPLOIT... Above Line chart shows the URLs Scanned depend on their types such as Commercial, Entertainment, Shopping related sites. After scanned different results are displayed about exploitation of different sites depend on no of redirections, popup and malicious files found in database of Webpage. VII. CONCLUSION “Automated web patrolling and exploit detection of malicious sites” is systematic approach for the automated web patrol in finding for malicious web sites that exploits browser vulnerabilities at client side. Honey monkey uses web crawler as application automatic web patrol. It is used as a general tool but modified application of web crawlers for web patrol. Design and Implementation of Strider Honey Monkeys as the first systematic method for automated web patrol to hunt for malicious web sites that exploit browser vulnerabilities. Web sites can adopt Honey Monkeys detection which motivates to incorporate additional vulnerability-specific exploit detection. An easy way of avoiding the threat of malicious websites has to be the automatic avoidance of these dangerous parts of the Web in an easy to use and error-free manner. Monkey-Spider can also be used to collect information that can in turn be used to protect the Internet community. Analysis of four sets of data showed that the densities of malicious URLs such as for educational sites 50% excellent and 10% bad similarly for Entertainment sites 60% excellent 30% bad, for commercial sites 40% excellent,20% ok and 40% gives Bad status . It quantifies the nature of spyware web centric point of view. REFERENCES 1. “Strider HoneyMonkeys: Active, Client-Side Honeypots for Finding Malicious Websites”Yi-Min Wang, Yuan Niu, Hao Chen, Doug Beck, Xuxian Jiang, Roussi Roussev,Chad Verbowski, Shuo Chen, and Sam King,2009 2. Strider Honey Monkey Exploit Detection, http://research.microsoft.com/HoneyMonkey. 3. T. Holz and F. Raynal, “Detecting Honeypots and other suspicious environments,” in Proc. IEEE Workshop on Information Assurance and Security, 2005. 4. Yi-Min Wang, Doug Beck, Xuxian Jiang, and Roussi Roussev, “Automated Web Patrol with Strider HoneyMonkeys: Finding Web sites That Exploit Browser Vulnerabilities,” Microsoft Research technical Report MSR-TR-2005-72, July 2008 5. S. Anderson and V. Abella,”Data execution Prevention changes to Functionality in Microsoft Windows XP Service Pack 2,”Memmory Protection Technology”Aug. 2006 6. Niels Provos ,”A virtual Honeypot Framework” in proc. USENIX security Symposium, Aug 2004. 7. “Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients”, Ali Ikinci Thorsten Holz Felix Freiling,University of Mannheim, Germany 8. http://www.onlinelinkscan.com 9. http://www.websitepulse.com/ 10. https://www.watsonhall.com/resourses/dowmloads/to p10-wesite-security-issues.pdf ISSN: 2278-7461 www.ijeijournal.com P a g e |6

Empfohlen

Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...UltraUploader
 
Spyware-A online threat to privacy
Spyware-A online threat to privacySpyware-A online threat to privacy
Spyware-A online threat to privacyVikas Patel
 
Spyware by Sahibe Alam
Spyware by Sahibe AlamSpyware by Sahibe Alam
Spyware by Sahibe Alamsahibe alam
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksDiane M. Metcalf
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Spyware
SpywareSpyware
SpywareBabur Rahmadi
 
Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Joel May
 

Empfohlen

Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...UltraUploader
 
Spyware-A online threat to privacy
Spyware-A online threat to privacySpyware-A online threat to privacy
Spyware-A online threat to privacyVikas Patel
 
Spyware by Sahibe Alam
Spyware by Sahibe AlamSpyware by Sahibe Alam
Spyware by Sahibe Alamsahibe alam
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksDiane M. Metcalf
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Spyware
SpywareSpyware
SpywareBabur Rahmadi
 
Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Joel May
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Spyware and key loggers
Spyware and key loggersSpyware and key loggers
Spyware and key loggersGaneshdev Chavhan
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
spyware
spywarespyware
spywareNamanKikani
 
Spyware Adware
Spyware AdwareSpyware Adware
Spyware Adwarehaldia institute of technology
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From MalwareINFONAUTICS GmbH
 
Spyware report
Spyware reportSpyware report
Spyware reportMatthew Deonon
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPESdaniyalqureshi712
 
Computer virus
Computer virusComputer virus
Computer virusFlora Runyenje
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0 Arjunsinh Sindhav
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware surveyeSAT Journals
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attackBhavesh soni
 
Spyware and adware
Spyware and adwareSpyware and adware
Spyware and adwareRaja Kiran
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 

Weitere ähnliche Inhalte

Was ist angesagt?

virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From MalwareINFONAUTICS GmbH
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0 Arjunsinh Sindhav
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware surveyeSAT Journals
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attackBhavesh soni
 
Spyware and adware
Spyware and adwareSpyware and adware
Spyware and adwareRaja Kiran
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 

Was ist angesagt? (20)

virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Spyware and key loggers
Spyware and key loggersSpyware and key loggers
Spyware and key loggers
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
spyware
spywarespyware
spyware
 
Spyware Adware
Spyware AdwareSpyware Adware
Spyware Adware
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
 
Spyware report
Spyware reportSpyware report
Spyware report
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Computer virus
Computer virusComputer virus
Computer virus
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attack
 
Spyware and adware
Spyware and adwareSpyware and adware
Spyware and adware
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
 

Andere mochten auch

La amistad en el adolescente
La amistad en el adolescente La amistad en el adolescente
La amistad en el adolescente estrellitac
 

Andere mochten auch (20)

International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Time Truncated Chain Sampling Plans for Inverse Rayleigh Distribution
Time Truncated Chain Sampling Plans for Inverse Rayleigh Distribution Time Truncated Chain Sampling Plans for Inverse Rayleigh Distribution
Time Truncated Chain Sampling Plans for Inverse Rayleigh Distribution
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
International Journal of Engineering Inventions (IJEI), www.ijeijournal.com,c...
International Journal of Engineering Inventions (IJEI), www.ijeijournal.com,c...International Journal of Engineering Inventions (IJEI), www.ijeijournal.com,c...
International Journal of Engineering Inventions (IJEI), www.ijeijournal.com,c...
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
La amistad en el adolescente
La amistad en el adolescente La amistad en el adolescente
La amistad en el adolescente
 

Ähnlich wie Automated Web Patrol for Detecting Malicious Sites

vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting toolBhagyashri Chalakh
 
State of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsState of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsIOSRjournaljce
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Cq3210191021
Cq3210191021Cq3210191021
Cq3210191021IJMER
 
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
Understanding the web browser threat
Understanding the web browser threatUnderstanding the web browser threat
Understanding the web browser threatTola Odugbesan
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and DiscussionWeb Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and DiscussionEECJOURNAL
 
Bug Bounty Guide Tools and Resource.pdf
Bug Bounty Guide Tools and Resource.pdfBug Bounty Guide Tools and Resource.pdf
Bug Bounty Guide Tools and Resource.pdfhacktube5
 
HP WebInspect
HP WebInspectHP WebInspect
HP WebInspectrohit_ta
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Anti phishing web browser
Anti phishing web browserAnti phishing web browser
Anti phishing web browserSujal Chawala
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 

Ähnlich wie Automated Web Patrol for Detecting Malicious Sites (20)

vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting tool
 
State of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsState of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLs
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Cq3210191021
Cq3210191021Cq3210191021
Cq3210191021
 
4
44
4
 
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
T04505103106
T04505103106T04505103106
T04505103106
 
Understanding the web browser threat
Understanding the web browser threatUnderstanding the web browser threat
Understanding the web browser threat
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application Environment
 
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and DiscussionWeb Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
 
Bug Bounty Guide Tools and Resource.pdf
Bug Bounty Guide Tools and Resource.pdfBug Bounty Guide Tools and Resource.pdf
Bug Bounty Guide Tools and Resource.pdf
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
HP WebInspect
HP WebInspectHP WebInspect
HP WebInspect
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Anti phishing web browser
Anti phishing web browserAnti phishing web browser
Anti phishing web browser
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 

Mehr von International Journal of Engineering Inventions www.ijeijournal.com

Mehr von International Journal of Engineering Inventions www.ijeijournal.com (20)

H04124548
H04124548H04124548
H04124548
 
G04123844
G04123844G04123844
G04123844
 
F04123137
F04123137F04123137
F04123137
 
E04122330
E04122330E04122330
E04122330
 
C04121115
C04121115C04121115
C04121115
 
B04120610
B04120610B04120610
B04120610
 
A04120105
A04120105A04120105
A04120105
 
F04113640
F04113640F04113640
F04113640
 
E04112135
E04112135E04112135
E04112135
 
D04111520
D04111520D04111520
D04111520
 
C04111114
C04111114C04111114
C04111114
 
B04110710
B04110710B04110710
B04110710
 
A04110106
A04110106A04110106
A04110106
 
I04105358
I04105358I04105358
I04105358
 
H04104952
H04104952H04104952
H04104952
 
G04103948
G04103948G04103948
G04103948
 
F04103138
F04103138F04103138
F04103138
 
E04102330
E04102330E04102330
E04102330
 
D04101822
D04101822D04101822
D04101822
 
C04101217
C04101217C04101217
C04101217
 

Automated Web Patrol for Detecting Malicious Sites

  • 1. International Journal of Engineering Inventions ISSN: 2278-7461, www.ijeijournal.com Volume 1, Issue 8 (October2012) PP: 01-06 AUTOMATED WEB PATROLING WITH EXPLOIT DETECTION OF MALICIOUS SITES Ms. Rajashree C. Sonawane1, Prof. Mrs. S.M.Jaybhaye2 1,2 Department of Information TechnologySinhgad College of Engineering, University of Pune, Pune Abstract:––Client-side attacks are on the rise malicious websites that exploit vulnerabilities in the visitor’s browser are posing a serious threat to client security, compromising innocent users who visit these sites without having a patched web browser. Malicious websites are websites which have any kind of content that could be a threat for the security of the clients requesting particular sites. Currently, there is neither a freely available comprehensive database of threats on the Web nor sufficient freely available tools to build such a database. The purpose of an exploit is almost always to introduce some piece of arbitrary code on the victim machine, as a way to achieve a larger attack goal. It is not uncommon to see a malicious web page attempting to exploit multiple browser vulnerabilities in order to maximize the chance of a successful attack. Hence Honey Monkeys, introduce the Monkey-Spider project. Utilizing it as a client honey pot, the portray the challenge in such an approach and evaluate system as a high-speed, Internet scale analysis tool to build a database of threats found in the wild. Furthermore, it evaluates the system by analysing different crawls performed. I. INTRODUCTION Internet attacks that use a malicious or hacked web site to exploit unpatched client-side vulnerabilities of visiting browsers are on the rise. These attacks allow web servers that host compromised URLs to install malcode on visiting client machines without requiring any user interaction beyond visitation. There have been several manual analyses of these events. Although these analyses provide very useful and detailed information about which vulnerabilities are exploited and which malware programs are installed, such efforts are not scalable, do not provide a comprehensive picture of the problem, and are generally ineffective at efficiently finding new malicious sites. To address these issues, developed a system that uses a pipeline of active, client-side honeypot, called Strider HoneyMonkeys, to perform large-scale, systematic and automated web patrol. The HoneyMonkey Figure 1: Exploit detection at client side system uses monkey programs that run within with OS’s of various patch levels to drive web browsers in an attempt to mimic human web browsing. This approach adopts a state-management methodology to cyber security: instead of directly detecting the acts of vulnerability exploits, the system uses the Strider Tracer to catch unauthorized file creations and configuration changes that are the result of a successful exploit. [1] II. LITERATURE SURVEY Web Patrol: This web page monitoring software makes following hundreds of web sites and blogs as simple and fast as checking your e-mail. It will visit web sites for you, as often as you like, and notify you when it finds a change. Web patrol is used to Checks single pages or entire web sites for changes on the particular page. It is used to Checks normal pages or frame based pages and Monitors PDF files for changes .This web page monitoring software makes monitors web sites, ISSN: 2278-7461 www.ijeijournal.com P a g e |1
  • 2. AUTOMATED WEB PATROLING WITH EXPLOIT... blogs and text files for changes .It also improves your productivity by working silently and unattended .Web patrol Notifies you of changes by popup, sound and/or email and Shows pages with changes highlighted in the internal browser. Different security issues related to web sites: Website is a broad field, but most websites have common security issues that need to be addressed, regardless of the particular technologies used or functions deployed. 1. Validation of input and output data All data written as output (displayed) needs to be safe to view in a browser, email client or other software and the integrity of any data that is returned must be checked.. 2. Malicious file executions Uploaded files or other data feeds may not be what they seem. Never allow user-supplied input to be used in any file name or path (e.g. URLs or file system references). Uploaded files may also contain a malicious payload so should not be stored in web accessible locations. 3. Authentication and session management Websites rely on identifying users to provide access permissions to data and functions. [10] Existing tools: 1. Online link Scanner: Online Link Scan - Virus, Trojan, Adware and Malware Scanner has come up with. It will save and ultimately protect the computer and the data of the user from getting unethically violated. So if you are worried about constant violation of your personal space while your surf or go to your chosen links by being redirected to harmful threats, at Online Link Scan - Virus, Trojan, Adware and Malware Scanner take the problem off you and offer safeguards like detection of hidden links that are not possible for you to notice. It detect an impending danger to your computer by allowing you to scan for suspicious links that might gets infected with viruses, trojanhorses, spyware and other malware. Although it accept no liability for the accuracy and integrity of all scan results but will do our best to help protect your system as to reduce the possibility of being invaded.[8] 2. Web site pulse: Website Pulse is a leading provider of global, independent and objective monitoring of the availability and performance of web sites, servers and network components, web applications and e-business transactions, web-based and e-mail systems. The advanced web monitoring service ensures reliable early problem and error detection with multi- stage verification process, followed by real-time multimedia alerts. Detailed reports and website diagnostic tools allow web system owners and operators to quickly locate and troubleshoot any problem, minimizing the downtime of their web systems. The Website Pulse monitoring agent - the proprietary platform of Website Pulse - is designed for synchronized 24/7 monitoring through an integrated global network of interconnected and redundant monitoring locations throughout North America, Europe, Asia, Australia, and New Zealand. It constantly measures website accessibility and web-based systems performance, immediately triggers alerts and troubleshooting notifications of detected problems, and provides its customers with real time data charts, graphs and raw data for detailed analysis.[9] III. EXISTING METHODOLOGY FOR EXPLOIT DETECTION (1) Executable files created or modified outside the browser sandbox folders: This is the primary mechanism for exploit detection. It is implemented on top of the Strider Tracer, which uses a file-tracing driver to efficiently record every single file read/write operation. [1] (2) Processes created: Strider Tracer also tracks all child processes created by the browser process. (3) Vulnerability exploited: To provide additional information and to address limitations of the black-box approach, developed and incorporated a Vulnerability-specific detector. This is based on the vulnerability signature of the exploit, rather than on any particular piece of malcode. (4) Redirect-URLs visited: Since malcode is often laundered through other sites, this module allows us to track redirections to determine both the real source of the malcode and those involved in the distribution chain Upon detecting an exploit, the monkey saves its logs and notifies the Monkey Controller on the host machine to destroy the infected VM and re-spawn a clean Honey Monkey, which then continues to visit the remaining URL list. The Monkey Controller then passes the detected exploit-URL to the next monkey in the pipeline to further investigate the strength of the exploit. [1][2] Redirection Analysis Many exploit-URLs do not perform the actual exploits but instead act as front-end content providers that serve “interesting” content such as pornography in order to attract browser traffic. This traffic is then sold and redirected to back- end exploit providers, which specialize in exploiting clients and installing malware.URLs visited through traffic redirection can be tracked with a Browser Helper Object running within each browser process or by intercepting and analysing network packets. When the Honey Monkey runs in its “redirection analysis” mode, any automatically visited URLs are fed back to the system for further checking. [1] ISSN: 2278-7461 www.ijeijournal.com P a g e |2
  • 3. AUTOMATED WEB PATROLING WITH EXPLOIT... IV. OVERVIEW OF MODULES There is different vulnerability exploits Related to web browser are: Web Site Vulnerability Exploitation: Malicious activities performed by actual web sites exploiting browser vulnerabilities can be divided into four steps: code obfuscation, URL redirection, vulnerability exploitation, and malware installation. MODULE 1 URL Redirection from list of URLs visited : Most malicious web sites automatically redirect browser traffic to additional URLs. Specifically, when a browser visits a primary URL, the response from that URL instructs the browser to automatically visit one or more secondary URLs, which may or may not affect the content that is displayed to the user. Since redirection is commonly used by non-malicious sites to enrich content, simply eliminating redirection from a browser would present significant complications. Figure 2 Report for Redirection analysis MODULE 2 Vulnerability Exploitation due redirections and popups It is not uncommon to see a malicious web page attempting to exploit multiple browser vulnerabilities in order to maximize the chance of a successful attack. HTML fragment that uses various primitives to load multiple files from different URLs on the same server to exploit three vulnerabilities fixed in Microsoft Security Bulletins. Figure 3 Report for popup If any of the exploits succeeds, a Trojan downloader named win32.exe is downloaded and executed. Note that although Internet Explorer is the common target due to its popularity, other browsers can also be attacked. MODULE 3 Malware Installations: The purpose of an exploit is almost always to introduce some piece of arbitrary code on the victim machine, as a way to achieve a larger attack goal, including viruses that infect files, backdoors that open entry points for future unauthorized access, boot programs that allow the attacker to control a whole network of compromised systems, Trojan downloader’s that connect to the Internet and download other programs, Trojan droppers that drop files from themselves without accessing the Internet, and Trojan proxies that redirect network traffic. Some spyware programs and even anti- spyware programs are also installed through exploits.[1] MODULE 4 Result Analysis: Generated report for site Status: Honey Monkey System will display the result of exploitation by displaying result in the report format. Following is the report generated by system for the result of all the contents of URL http://www.google.com. Similarly different Redirections and popup is detected during exploitation detection process are displayed in the results. Finally it will show the status of web page and automatically it will redirect to that web page. ISSN: 2278-7461 www.ijeijournal.com P a g e |3
  • 4. AUTOMATED WEB PATROLING WITH EXPLOIT... Fig 3 will display final report generated by Honey monkey system. Figure 4: Report for exploit detection V. PROPOSED SYSTEM Exploit Detection: Monkey program that launches a browser instance to visit each input URL and then waits for a few minutes to allow downloading of any code which may have a short time delay. It detects a group of persistent-state changes to signal exploitation. Figure 5: Flow diagram Of HoneyMonkey System Since the monkey is not instructed to click on any dialog box to permit software installation, any executable files or registry entries created outside the browser sandbox indicate an exploit. This approach has the additional important advantage of allowing the detection of known-vulnerability exploits. HoneyMonkey uses a black box system to detect exploits, i.e., it doesn't use a signature of browser exploits to detect exploits. A Monkey Program, a single instance of the HoneyMonkey project, launches Internet Explorer to visit a site. The monkey does not allow pop-ups, nor does it allow installation of software. Any read or write that happens out of Internet Explorer's temporary folder therefore must have used browser exploits. These are then analysed by malware detection programs and then manually analysed. Site redirection is a browser concept that enables a site URL to be redirected from one site to one or more other sites. It is capable of providing modularity on the internet. The redirection may occur without the authorization, or even knowledge, of the user. Especially when the site redirection occurs without the knowledge of the user, redirection may be ISSN: 2278-7461 www.ijeijournal.com P a g e |4
  • 5. AUTOMATED WEB PATROLING WITH EXPLOIT... more precisely termed a “cross-domain auto-visit”. For most exploit scenarios, the page content stays at the URL to which the user originally directed a browser while the other URL(s) are being auto-visited by the browser under the cover. Although there are legitimate purposes to redirection that benefit web site operators and browser users alike, site redirection can also be used for nefarious purposes. For example, it is often used by exploit providers to hide their identity and/or make exploit detection more difficult to track and prevent. The exploit “experts” pay provider sites to redirect clients to their exploitive sites. Malware development companies then pay exploiters to install their software. VI. RESULT AND ANALYSYS Malware classification of different websites using different existing tools and our system Honeymokey is done in given chart below: Graph 1: Malware classification The above graph shows comparison between different tools used for scanning URLs and no of sites detected good, bad or ok are shown in graph up to 10 URLs are scanned using different tools and depend upon result graph is displayed. Comparison between different types of sites is shown by line chart, chart shows comparison depend on result given by Honey monkey system. 10 URLs of each type of websites are scanned and result of no. of sites comparison is shown by line chart Depend upon values stored in table. Table 1: Comparisons of different types of URLs using HoneyMonkey System Graph 2: Comparison of different types of URLs ISSN: 2278-7461 www.ijeijournal.com P a g e |5
  • 6. AUTOMATED WEB PATROLING WITH EXPLOIT... Above Line chart shows the URLs Scanned depend on their types such as Commercial, Entertainment, Shopping related sites. After scanned different results are displayed about exploitation of different sites depend on no of redirections, popup and malicious files found in database of Webpage. VII. CONCLUSION “Automated web patrolling and exploit detection of malicious sites” is systematic approach for the automated web patrol in finding for malicious web sites that exploits browser vulnerabilities at client side. Honey monkey uses web crawler as application automatic web patrol. It is used as a general tool but modified application of web crawlers for web patrol. Design and Implementation of Strider Honey Monkeys as the first systematic method for automated web patrol to hunt for malicious web sites that exploit browser vulnerabilities. Web sites can adopt Honey Monkeys detection which motivates to incorporate additional vulnerability-specific exploit detection. An easy way of avoiding the threat of malicious websites has to be the automatic avoidance of these dangerous parts of the Web in an easy to use and error-free manner. Monkey-Spider can also be used to collect information that can in turn be used to protect the Internet community. Analysis of four sets of data showed that the densities of malicious URLs such as for educational sites 50% excellent and 10% bad similarly for Entertainment sites 60% excellent 30% bad, for commercial sites 40% excellent,20% ok and 40% gives Bad status . It quantifies the nature of spyware web centric point of view. REFERENCES 1. “Strider HoneyMonkeys: Active, Client-Side Honeypots for Finding Malicious Websites”Yi-Min Wang, Yuan Niu, Hao Chen, Doug Beck, Xuxian Jiang, Roussi Roussev,Chad Verbowski, Shuo Chen, and Sam King,2009 2. Strider Honey Monkey Exploit Detection, http://research.microsoft.com/HoneyMonkey. 3. T. Holz and F. Raynal, “Detecting Honeypots and other suspicious environments,” in Proc. IEEE Workshop on Information Assurance and Security, 2005. 4. Yi-Min Wang, Doug Beck, Xuxian Jiang, and Roussi Roussev, “Automated Web Patrol with Strider HoneyMonkeys: Finding Web sites That Exploit Browser Vulnerabilities,” Microsoft Research technical Report MSR-TR-2005-72, July 2008 5. S. Anderson and V. Abella,”Data execution Prevention changes to Functionality in Microsoft Windows XP Service Pack 2,”Memmory Protection Technology”Aug. 2006 6. Niels Provos ,”A virtual Honeypot Framework” in proc. USENIX security Symposium, Aug 2004. 7. “Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients”, Ali Ikinci Thorsten Holz Felix Freiling,University of Mannheim, Germany 8. http://www.onlinelinkscan.com 9. http://www.websitepulse.com/ 10. https://www.watsonhall.com/resourses/dowmloads/to p10-wesite-security-issues.pdf ISSN: 2278-7461 www.ijeijournal.com P a g e |6