• DocumentCode
    1737022
  • Title

    Drive-by-Downloads

  • Author

    Narvaez, Julia ; Endicott-Popovsky, Barbara ; Seifert, Christian ; Aval, Chiraag ; Frincke, Deborah A.

  • Author_Institution
    Univ. of Washington, Seattle, WA, USA
  • fYear
    2010
  • Firstpage
    1
  • Lastpage
    10
  • Abstract
    Drive-by-downloads are malware that push, and then execute, malicious code on a client system without the user´s consent. The purpose of this paper is to introduce a discussion of the usefulness of antivirus software for detecting the installation of such malware, providing groundwork for future studies. Client honey-pots collected drive-by malware which was then evaluated using common antivirus products. Initial analysis showed that most of such antivirus products identi-fied less than 70% of these highly polymorphic malware programs. Also, it was observed that the antivirus products tested, even when successfully detecting this malware, often failed to classify it, leading to the conclusion that further work could involve not only developing new behavioral detection technologies, but also empirical studies that improve general understanding of these threats. Toward that end, one example of malicious code was analyzed behaviorally to provide insight into next steps for the future direction of this research.
  • Keywords
    invasive software; program testing; security of data; antivirus software; behavioral detection technologies; drive-by-downloads; malicious code; malware; Data mining; Gain control; Laboratories; Large-scale systems; Payloads; Performance analysis; Protection; Testing; Web pages; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2010 43rd Hawaii International Conference on
  • Conference_Location
    Honolulu, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-1-4244-5509-6
  • Electronic_ISBN
    1530-1605
  • Type

    conf

  • DOI
    10.1109/HICSS.2010.160
  • Filename
    5428413