Fall 2011
Note: Previous year's web site
Home
General Information
Schedule
Reference Materials
2010 Class Materials
Creative Commons License

Paper Reading Questions

Please remember to print your answer for each day's paper question on a sheet of paper and hand it in at the beginning of class.

JavaScript malware often uses a variety of environment detection techniques. One such technique is to check the version of the browser, plugins such as Adobe Acrobat or Flash, operating system, etc. before delivering an exploit deliberately designed for that platform and environment configuration, as illustrated by the pseudocode below. 

if(browser-is-ie-6 && adober-flash-version==10.1){
  heap_spray();
}
This leads to more reliable, successful exploits for the attacker. Do you see how this pattern may lead to false negatives in a runtime detector?

Questions or comments regarding 6.858? Send e-mail to the course staff at 6.858-staff@pdos.csail.mit.edu.

Top // 6.858 home // Last updated Friday, 29-Jan-2016 11:49:32 EST