Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

BLADE Software Eliminates “Drive-By Downloads” from Malicious Websites

07.10.2010
Insecure Web browsers and the growing number of complex applets and browser plug-in applications are allowing malicious software to spread faster than ever on the Internet. Some websites are installing malicious code, such as spyware, on computers without the user’s knowledge or consent.

These so-called “drive-by downloads” signal a shift away from using spam and malicious e-mail attachments to infect computers. Approximately 560,000 websites -- and 5.5 million Web pages on those sites -- were infected with malware during the fourth quarter of 2009.

A new tool that eliminates drive-by download threats has been developed by researchers at the Georgia Institute of Technology and California-based SRI International. BLADE -- short for Block All Drive-By Download Exploits -- is browser-independent and designed to eliminate all drive-by malware installation threats. Details about BLADE were presented today at the Association for Computing Machinery’s Conference on Computer and Communications Security.

“By simply visiting a website, malware can be silently installed on a computer to steal a user’s identity and other personal information, launch denial-of-service attacks, or participate in botnet activity,” said Wenke Lee, a professor in the School of Computer Science in Georgia Tech’s College of Computing. “BLADE is an effective countermeasure against all forms of drive-by download malware installs because it is vulnerability and exploit agnostic.”

The BLADE development team includes Lee, Georgia Tech graduate student Long Lu, and Vinod Yegneswaran and Phillip Porras from SRI International. Funding for the BLADE tool was provided by the National Science Foundation, U.S. Army Research Office and U.S. Office of Naval Research.

The researchers evaluated the tool on multiple versions and configurations of Internet Explorer and Firefox. BLADE successfully blocked all drive-by malware installation attempts from the more than 1,900 malicious websites tested. The software produced no false positives and required minimal resources from the computer. Major antivirus software programs caught less than 30 percent of the more than 7,000 drive-by download attempts from the same websites.

“BLADE monitors and analyzes everything that is downloaded to a user’s hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive,” explained Lu.

Because drive-by downloads bypass the prompts users typically receive when a browser is downloading an unsupported file type, BLADE tracks how users interact with their browsers to distinguish downloads that received user authorization from those that do not. To do this, the tool captures on-screen consent-to-download dialog boxes and tracks the user’s physical interactions with these windows. In addition, all downloads are saved to a secure zone on a user’s hard drive so that BLADE can assess the content and prevent any malicious software from executing.

“Other research groups have tried to stop drive-by downloads, but they typically build a system that defends against a subset of the threats,” explained Lee. “We identified the one point that all drive-by downloads have to pass through -- downloading and executing a file on the computer -- and we decided to use that as our chokepoint to prevent the installs.”

The BLADE testing showed that the applications most frequently targeted by drive-by download exploits included Adobe Reader, Sun Java and Adobe Flash -- with Adobe Reader attracting almost three times as many attempts as the other programs. Computers using Microsoft’s Internet Explorer 6 became infected by more drive-by-downloads than those using versions 7 or 8, while Firefox 3 had a lower browser infection rate than all versions of Internet Explorer. Among the more than 1,900 active malicious websites tested, the Ukraine, United Kingdom and United States were the top three countries serving active drive-by download exploits.

Legitimate Web addresses that should be allowed to download content to a user’s computer without explicit permission, such as a browser or plug-in auto-updates, can be easily white-listed by the user so that their functionality is not affected by BLADE.

The researchers have also developed countermeasures so that malware publishers cannot circumvent BLADE by installing the malware outside the secure zone or executing it while it is being quarantined.

While BLADE is highly successful in thwarting drive-by download attempts, the development team admits that BLADE will not prevent social engineering attacks. Internet users are still the weakest link in the security chain, they note.

“BLADE requires a user’s browser to be configured to require explicit consent before executable files are downloaded, so if this option is disabled by the user, then BLADE will not be able to protect that user’s Web surfing activities,” added Lee.

To see a demonstration of how BLADE defends against drive-by downloads, watch this video: http://www.youtube.com/watch?v=9emHejh8hWE .

This material is based upon work supported by the National Science Foundation (NSF) under Award No. CNS-0716570, U.S. Army under Award No. W911NF-06-1-0316 and U.S. Navy under Award No. N00014-09-1-1042. Any opinions, findings, conclusions or recommendations expressed in this publication are those of the principal investigators and do not necessarily reflect the views of the NSF, U.S. Army or U.S. Navy.

Abby Vogel Robinson | Newswise Science News
Further information:
http://www.gatech.edu

More articles from Information Technology:

nachricht NASA CubeSat to test miniaturized weather satellite technology
10.11.2017 | NASA/Goddard Space Flight Center

nachricht New approach uses light instead of robots to assemble electronic components
08.11.2017 | The Optical Society

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: A “cosmic snake” reveals the structure of remote galaxies

The formation of stars in distant galaxies is still largely unexplored. For the first time, astron-omers at the University of Geneva have now been able to closely observe a star system six billion light-years away. In doing so, they are confirming earlier simulations made by the University of Zurich. One special effect is made possible by the multiple reflections of images that run through the cosmos like a snake.

Today, astronomers have a pretty accurate idea of how stars were formed in the recent cosmic past. But do these laws also apply to older galaxies? For around a...

Im Focus: Visual intelligence is not the same as IQ

Just because someone is smart and well-motivated doesn't mean he or she can learn the visual skills needed to excel at tasks like matching fingerprints, interpreting medical X-rays, keeping track of aircraft on radar displays or forensic face matching.

That is the implication of a new study which shows for the first time that there is a broad range of differences in people's visual ability and that these...

Im Focus: Novel Nano-CT device creates high-resolution 3D-X-rays of tiny velvet worm legs

Computer Tomography (CT) is a standard procedure in hospitals, but so far, the technology has not been suitable for imaging extremely small objects. In PNAS, a team from the Technical University of Munich (TUM) describes a Nano-CT device that creates three-dimensional x-ray images at resolutions up to 100 nanometers. The first test application: Together with colleagues from the University of Kassel and Helmholtz-Zentrum Geesthacht the researchers analyzed the locomotory system of a velvet worm.

During a CT analysis, the object under investigation is x-rayed and a detector measures the respective amount of radiation absorbed from various angles....

Im Focus: Researchers Develop Data Bus for Quantum Computer

The quantum world is fragile; error correction codes are needed to protect the information stored in a quantum object from the deteriorating effects of noise. Quantum physicists in Innsbruck have developed a protocol to pass quantum information between differently encoded building blocks of a future quantum computer, such as processors and memories. Scientists may use this protocol in the future to build a data bus for quantum computers. The researchers have published their work in the journal Nature Communications.

Future quantum computers will be able to solve problems where conventional computers fail today. We are still far away from any large-scale implementation,...

Im Focus: Wrinkles give heat a jolt in pillared graphene

Rice University researchers test 3-D carbon nanostructures' thermal transport abilities

Pillared graphene would transfer heat better if the theoretical material had a few asymmetric junctions that caused wrinkles, according to Rice University...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Ecology Across Borders: International conference brings together 1,500 ecologists

15.11.2017 | Event News

Road into laboratory: Users discuss biaxial fatigue-testing for car and truck wheel

15.11.2017 | Event News

#Berlin5GWeek: The right network for Industry 4.0

30.10.2017 | Event News

 
Latest News

NASA detects solar flare pulses at Sun and Earth

17.11.2017 | Physics and Astronomy

NIST scientists discover how to switch liver cancer cell growth from 2-D to 3-D structures

17.11.2017 | Health and Medicine

The importance of biodiversity in forests could increase due to climate change

17.11.2017 | Studies and Analyses

VideoLinks
B2B-VideoLinks
More VideoLinks >>>