MaliceScript: A Novel Browser-Based Intranet Threat

Recently, we have seen a sharp increase in browser-based threats that are specifically designed to attack intranet, especially in APT. In response to such attacks, it is both important to deal with the existing attacks and predict potential attacks from attacker's perspective. In this paper, we propose a new browser-based Web attack model that allows a browser to collect intranet topology and further to infiltrate a website from the intranet instead of from the extranet, leveraging some features of browsers. To verify the effectiveness of the proposed attack model, we design and implement a project named MaliceScript, and we systemically describe the technical details of the MaliceScript as well. Moreover, we demonstrate the MaliceScript in controlled experiments, and the related results prove that the MaliceScript can detect the intranet topology correctly and infiltrate intranet website secretly. Both the theory and experiment indicate that the proposed threat will probably become a reality in the near future, because it is easy to launch but difficult to be detected. In order to prevent the proposed threat, we give some practical suggestions at the end of this paper.