• DocumentCode
    1592574
  • Title

    Drive-by downloads from the trenches

  • Author

    Harley, David ; Bureau, Pierre-Marc

  • Author_Institution
    Res. Dept., ESET, San Diego, CA
  • fYear
    2008
  • Firstpage
    98
  • Lastpage
    103
  • Abstract
    Drive-by download is a term used to describe a download that happens without the knowledge or conscious intervention of the computer user. In computer security terms, a drive-by download is usually triggered by the exploitation of a vulnerability in an Internet browser. The file that is downloaded is usually a malicious program that installs itself on the victims computer, or is an installer for another malicious program. In this paper, we describe the problem posed by drive-by downloads from different perspectives. We also explain the difficulties of dealing with drive-by infections and propose various approaches that could solve part of the problem. Drive-by downloads are a prime example of the exponential rate at which malware infection can increase on the Internet. The primary purpose of this paper is to bring the drive-by download problem to the attention of the research community, in an effort to inspire further research initiatives in this area.
  • Keywords
    Internet; security of data; user interfaces; Internet browser; computer security; drive-by download; malicious program; Advertising; Ash; Computer bugs; Computer security; Distributed computing; Error correction codes; Internet; Research initiatives; Software safety; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on
  • Conference_Location
    Fairfax, VI
  • Print_ISBN
    978-1-4244-3288-2
  • Electronic_ISBN
    978-1-4244-3289-9
  • Type

    conf

  • DOI
    10.1109/MALWARE.2008.4690864
  • Filename
    4690864