Top

Published in:

2019 | OriginalPaper | Chapter

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild

Authors : Marius Musch, Christian Wressnegger, Martin Johns, Konrad Rieck

Published in: Detection of Intrusions and Malware, and Vulnerability Assessment

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

WebAssembly, or Wasm for short, is a new, low-level language that allows for near-native execution performance and is supported by all major browsers as of today. In comparison to JavaScript it offers faster transmission, parsing, and execution times. Up until now it has, however, been largely unclear what WebAssembly is used for in the wild. In this paper, we thus conduct the first large-scale study on the Web. For this, we examine the prevalence of WebAssembly in the Alexa Top 1 million websites and find that as many as 1 out of 600 sites execute Wasm code. Moreover, we perform several secondary analyses, including an evaluation of code characteristics and the assessment of a Wasm module’s field of application. Based on this, we find that over 50 % of all sites using WebAssembly apply it for malicious deeds, such as mining and obfuscation.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions

next chapter Morellian Analysis for Browsers: Making Web Authentication Stronger with Canvas Fingerprinting

Statistics from http://caniuse.com in January 2019.

http://s3.amazonaws.com/alexa-static/top-1m.csv.zip (from 21. December 2018).

A lower rank means a more popular site, e.g. google.com has rank 1.

https://github.com/mnater/Hyphenopoly/issues/13.

AdGuard Research. Cryptocurrency mining affects over 500 million people. And they have no idea it is happening, October 2017. https://adguard.com/en/blog/crypto-mining-fever/

Adobe Corporate Communications. Flash & the future of interactive content (2017). https://theblog.adobe.com/adobe-flash-update/

Ali, S.T., Clarke, D., McCorry, P.: Bitcoin: perils of an unregulated global P2P currency. In: Christianson, B., Švenda, P., Matyáš, V., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 283–293. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26096-9_29CrossRef

ASM.js. Frequently asked questions, February 2019. http://asmjs.org/faq.html

Barabási, A.-L., Freeh, V.W., Jeong, H., Brockman, J.B.: Parasitic computing. Nature 412, 894–897 (2001)CrossRef

ChromeDevTools. Chrome DevTools Protocol Viewer, May 2018. https://chromedevtools.github.io/devtools-protocol/

Chromium Blog. Goodbye pnacl, hello webassembly! May 2017. https://blog.chromium.org/2017/05/goodbye-pnacl-hello-webassembly.html

Clark, L.: What makes webassembly fast? February 2017. https://hacks.mozilla.org/2017/02/what-makes-webassembly-fast/

CoinHive Documentation. JavaScript Miner, February 2019. https://coinhive.com/documentation/miner

10.

Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the International World Wide Web Conference (WWW) (2010)

11.

Curtsinger, C., Livshits, B., Zorn, B.G., Seifert, C.: Zozzle: Fast and precise in-browser javascript malware detection. In: Proceedings of USENIX Security Symposium (2011)

12.

Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking. In: Proceedings of IEEE Security and Privacy on the Blockchain Workshop (2018)

13.

Haas, A., et al.: Bringing the web up to speed with WebAssembly. In: Proceedings of ACM SIGPLAN International Conference on Programming Languages Design and Implementation (PLDI), pp. 185–200 (2017)

14.

Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), October 2018

15.

Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: Proceedings of Network and Distributed System Security Symposium (NDSS) (2014)

16.

Kapravelos, A., Shoshitaishvili, Y., Cova, M., Kruegel, C., Vigna, G.: Revolver: an automated approach to the detection of evasive web-based malware. In: Proceedings of USENIX Security Symposium (2013)

17.

Kim, K., et al.: J-force: forced execution on javascript. In: Proceedings of the International World Wide Web Conference (WWW) (2017)

18.

Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: de-cloaking internet malware. In: Proceedings of IEEE Symposium on Security and Privacy (2012)

19.

Konoth, R.K., et al.: An in-depth look into drive-by mining and its defense. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), October 2018

20.

Krebs, B.: Who and What Is Coinhive? March 2018. https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive

21.

Maisuradze, G., Backes, M., Rossow, C.: Dachshund: digging for and securing against (non-) blinded constants in JIT code. In: Proceedings of Network and Distributed System Security Symposium (NDSS) (2017)

22.

McConnell, J.: Webassembly support now shipping in all major browsers, November 2017. https://blog.mozilla.org/blog/2017/11/13/webassembly-in-browsers/

23.

MDN Web Docs. Proxy, February 2019. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy

24.

Microsoft Windows Blogs. A break from the past, part 2: saying goodbye to activex, vbscript, attachevent, May 2015. https://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-part-2-saying-goodbye-to-activex-vbscript-attachevent/

25.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, May 2009. http://www.bitcoin.org/bitcoin.pdf

26.

Özkan, S.: CVE Details. http://www.cvedetails.com

27.

Rieck, K., Krueger, T., Dewald, A.: Cujo: efficient detection and prevention of drive-by-download attacks. In: Proceedings of Annual Computer Security Applications Conference (ACSAC) (2010)

28.

Rodriguez, J.D.P., Posegga, J.: CSP & Co., Can Save Us from a Rogue Cross-Origin Storage Browser Network! But for How Long? In: Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY) (2018)

29.

Rodriguez, J.D.P., Posegga, J.: Rapid: resource and api-based detection against in-browser miners. In: Proceedings of Annual Computer Security Applications Conference (ACSAC) (2018)

30.

Rossberg, A.: Webassembly core specification. W3C First Public Working Draft, February 2018. https://www.w3.org/TR/2018/WD-wasm-core-1-20180215

31.

Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld O.: Digging into browser-based crypto mining. In: Proceeings of Internet Measurement Conference (IMC) (2018)

32.

Salton, G., McGill, M.J.: Introduction to Modern Information Retrieval. McGraw-Hill (1986)

33.

“Seigen”, Jameson, M., Nieminen, T., “Neocortex”, Juarez, A.M.: Cryptonight hash function. CryptoNote Standard 008, March 2008. https://cryptonote.org/cns/cns008.txt

34.

Stock, B., Livshits, B., Zorn, B.: Kizzle: a signature compiler for detecting exploit kits. In: Proceedings of Conference on Dependable Systems and Networks (DSN) (2016)

35.

Tahir, R., et al.: Mining on someone else’s dime: mitigating covert mining operations in clouds and enterprises. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 287–310. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_13CrossRef

36.

van Saberhagen, N.: Cryptonote v2.0. Technical report, CryptoNote, October 2013

37.

W3C WebAssembly Community Group. Webassembly design documents, January 2019. https://webassembly.org

38.

Wang, W., Ferrell, B., Xu, X., Hamlen, K.W., Hao, S.: SEISMIC: secure in-lined script monitors for interrupting cryptojacks. In: Proceedings of European Symposium on Research in Computer Security (ESORICS) (2018)CrossRef

39.

Wasabi. Dynamic Analysis Framework, February 2019. http://wasabi.software-lab.org

40.

Wressnegger, C., Yamaguchi, F., Arp, D., Rieck, K.: Comprehensive analysis and detection of flash-based malware. In: Caballero, J., Zurutuza, U., Rodríguez, R. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 101–121. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_6CrossRef

41.

Xu, W., Zhang, F., Zhu, S.: JStill: mostly static detection of obfuscated malicious javascript code. In: Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY) (2013)

42.

Zakai, A.: Why webassembly is faster than asm.js, March 2017. https://hacks.mozilla.org/2017/03/why-webassembly-is-faster-than-asm-js/

Title: New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild
Authors: Marius Musch
Christian Wressnegger
Martin Johns
Konrad Rieck
Publisher: Springer International Publishing
Book: Detection of Intrusions and Malware, and Vulnerability Assessment
Print ISBN: 978-3-030-22037-2

Electronic ISBN: 978-3-030-22038-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-22038-9_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner