| 摘要: | 網絡安全威脅的興起,使用瀏覽器偽裝作業系統更新的出現,凸顯了網路環境中存在的詐欺行為。這些偽造的更新頁面模仿微軟作業系統的更新界面,欺騙用戶點擊並下載,進而使用戶無意中安裝惡意軟體。
本論文關注的是與Cookie Banner相關的潛在風險,特別是由Cookie Banner的供應者提供惡意引導的可能性。如果當任意網站部署了這樣的惡意腳本,造受欺騙的用戶將面臨重大風險。
通過全面的分析,本研究探討了各種攻擊機制,包括使用可執行文件、腳本和巨集,模仿Cookie Banner的行為樣態來欺騙使用者下載。評估了不同文件類型的攻擊樣態以及瀏覽器、Windows Defender和防病毒軟件等防禦機制的有效性。結果顯示現有安全措施的局限性,壓縮文件可以成功滲透到用戶端環境中,逃避檢測,增加用戶的風險。
最終,本論文旨在為網站所有者、開發人員和用戶提供所需的知識,以減輕與惡意Cookie Banner和drive-by download攻擊相關的風險。通過采取主動措施並實施適當的安全協議,可以提高在線環境的整體安全性,保護用戶免受潛在威脅。;The rise of security threats, particularly the occurrence of fake in-browser windows updates, has highlighted the vulnerabilities present in online environments. These fake update pages mimic legitimate interfaces to deceive users into clicking on malicious content, often leading to the inadvertent installation of malware through drive-by-download attacks.
This thesis focuses on the potential risks associated with cookie banners, specifically the possibility of malicious banners being provided by cookie banner providers. If such malicious banners are deployed, the history of deceptive tactics repeats itself, placing users at significant risk.
Through a comprehensive analysis, this research examines various attack mechanisms, including the use of executable files, scripts, and macros, to exploit vulnerabilities in cookie banners. The behavior of different file types and the effectiveness of defense mechanisms, such as browsers, Windows Defender, and anti-virus software, are evaluated. The results reveal the limitations of existing security measures, as compressed files can successfully infiltrate the client-side environment, evading detection and increasing the risk to users.
Ultimately, this thesis seeks to empower website owners, developers, and users with the knowledge needed to mitigate the risks associated with malicious cookie banners and drive-by-download attacks. By adopting proactive measures and implementing appropriate security protocols, it is possible to enhance the overall security posture of online environments and protect users from potential threats. |
