Detecting malicious code received from malicious client side injection vectors

Abstract

There are disclosed devices, system and methods for detecting malicious scripts received from malicious client side vectors. First, a script received from a client side injection vector and being displayed to a user in a published webpage is detected. The script may have malicious code configured to cause a browser unwanted action without user action. The script is wrapped in a java script (JS) closure and / or stripped of hyper-text markup language (HTML). The script is then executed in a browser sandbox that is capable of activating the unwanted action, displaying execution of the script, and stopping execution of the unwanted action if a security error resulting from the unwanted action is detected. When a security error results from this execution in the sandbox, executing the malicious code is discontinued, displaying the malicious code is discontinued, and execution of the unwanted action is stopped.

Description

NOTICE OF COPYRIGHTS AND TRADE DRESS[0001]A portion of the disclosure of this patent document contains material which is subject to copyright protection. This patent document may show and / or describe matter which is or may become trade dress of the owner. The copyright and trade dress owner has no objection to the facsimile reproduction by anyone of the patent disclosure as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright and trade dress rights whatsoever.RELATED APPLICATION INFORMATION[0002]This patent is a continuation-in-part of and claims the priority benefit from co-pending patent application Ser. No. 16 / 409,514, filed May 10, 2019, titled DETECTING MALICIOUS CODE EXISTING IN INTERNET ADVERTISEMENTS, which is incorporated herein by reference, and which will issue on Mar. 24, 2020 as U.S. Pat. No. 10,599,834.BACKGROUNDField[0003]This disclosure relates to detecting malicious code received from malicious client side vecto...

AI Technical Summary

Benefits of technology

The patent text discusses the problem of malicious code, such as malicious code in advertisements, that can harm users and cause damage to electronic commerce entities. The text describes various methods for detecting and preventing such malicious code, but there is still a need for effective control over what ads and scripts can do on a user's device. The technical effect of the patent is to provide a solution for securely detecting and managing malicious code in advertisements and other forms of advertisements.

Problems solved by technology

However, the vectors may also be malicious client side injection vectors that high jack the device or browser to send malicious computer scripts as the links, advertisements, emails, texts, coupons, etc.

The malicious scripts incorporate malicious code that performs unwanted browser actions, such as non-user-initiated redirects of the user's browser.

However, the downloaded ads access to the computing device may not be secure because the ad may not be sufficiently vetted or reviewed to ensure it does not include malware (e.g., malicious code).

This can be a problem, at least for the users because the ads themselves are a piece of HTML+JavaScript+cascading style sheets (CSS), which runs in the trusted scope of the user browsing session (often times having access to a first party domain which the user is viewing the ad from).

This means that many ads, coming from anywhere, actually have full access to what a user does, types or sees on the site because they have access to the first party domain, and malware in those ads can do a lot of damage, with redirects being one of the types of this kind of damage.

Some ads will not have full access because they do not have access to the first party domain.

Users do not realize that the ads on a website may have access to their shopping cart or details they enter on the site.

However, there is little control of that in the browser, and while some things can be set using browser sandbox attributes, cryptographic service provider (CSP), etc., this does not stop sophisticated malicious actors or malware.

In some cases, a malicious client side injection vector may download or inject a malicious script to the computing device that has access to the computing device browser.

This is also a problem, because the script can be a piece of HTML+JavaScript+cascading style sheets (CSS), which also runs in the trusted scope of the user browsing session and has full access to what a user does, types or sees on the site.

The script may execute unwanted actions on the computing device or browser.

Thus, malware in that script can do a lot of damage, such as with redirects.

Consequently, there is a problem when a malicious vector sends malicious script that incorporates malicious code to perform unwanted browser actions (such as non-user-initiated redirects), and / or forcing redirects to legitimate sites (e.g., so that an advertiser effectively gets a “100% click-through rate” and can make money on this).

When this malware is rendered by the browser it exposes the user's computing device to harmful unwanted actions such as unwanted data access, cryptocurrency mining, “trick” webpages that attempt to force users to do unwanted actions, or to the automatic or near-automatic downloading of unwanted applications, harmful content such as viruses, or unpaid for advertising images.

Images