Abstract:
In rst quarter of year 2009 a new kind of self generating bot-
nets got phenomenal prominence amongst top prevailing web
threats; e.g. Gumblar. Originally the malware was served up
via malicious site. Once the infection gets success on victim ma-
chine a number of malwares are loaded to steal FTP credentials
along with many other spying activities. Although few of the
dedicated Gumblar domains have been shut down; yet there still
exist a large collection of domains which use new methodology
to keep their suspicious behavior unnoticed. Other than dedi-
cated source of infection, legitimate websites are stealthier mode
to spread it in fast gear once get infected. It starts by updating
the legitimate contents with malwares, which takes the visiting
user to actual malicious site over a series of redirections through
PHP or java script. Google and Mozilla are using a blacklist ap-
proach to block the infected websites completely. Dealing with
web threats like this could save clients at a moment but ensur-
ing web security without browsing, is not appropriate. Blocking
dedicated malicious websites should not be considered as a -
nal knot; there is a need to safeguard the legitimate websites
and their clients as well even if a site gets compromised. In our
solution we have devised out a methodology with novelty that,
instead of blocking the complete website or any of its page, we
can still keep its availability up and running by sanitizing only
the infected portion from compromised server response before it
is served to client
