Sources Contact Advanced Search Tutorials

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

November 3, 2019 01:34 am

Study Estimates 50% of WebAssembly Sites Are Using It For Malicious Purposes

InfoQ reports on surprising results from research sponsored by the Institutes for Application Security and System Security at Germany's Technische UniversitÃt Braunschweig:A study published in June 2019 reveals that in the Alexa Top 1 million websites, one out of 600 sites executes WebAssembly (Wasm) code. The study moreover finds that over 50% of those sites using WebAssembly apply it for malicious deeds, such as cryptocurrency mining and malware code obfuscation....BR>The team examined the websites in the Alexa sample over a time span of four days, and successfully studied 947,704 websites, eventually visiting 3,465,320 web pages... 1,950 Wasm modules were found on 1,639 sites... The research team manually categorized the Wasm modules in 6 categories, reflecting the purpose behind the use of WebAssembly: Custom, Game, Library, Mining, Obfuscation, and Test. Of these six categories, two (Mining -- 55.6% of website sample, and Obfuscation -- 0.2% of websites sample) represent malicious usage of WebAssembly. The study details, "The largest observed category implements a cryptocurrency miner in WebAssembly, for which we found 48 unique samples on 913 sites in the Alexa Top 1 Million.... "[The study] suggests that we are currently only seeing the tip of the iceberg of a new generation of malware.... In consequence, incorporating the analysis of WebAssembly code hence is going to be of essence for effective future defense mechanisms."

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot