BLADE software eliminates threats of ‘drive-by downloads’ from InternetOctober 7th, 2010 - 2:55 pm ICT by ANI
Washington, Oct 7 (ANI): Researchers at the Georgia Institute of Technology and California-based SRI International have developed a new tool that eliminates drive-by download threats.
Malicious software is spreading faster than ever on the Internet, thanks to insecure Web browsers and the growing number of complex applets and browser plug-in applications.
Some websites are installing malicious code, such as spyware, on computers without the user’s knowledge or consent.
These so-called “drive-by downloads” signal a shift away from using spam and malicious e-mail attachments to infect computers.
Approximately 560,000 websites — and 5.5 million Web pages on those sites — were infected with malware during the fourth quarter of 2009.
And, the new software, BLADE — short for Block All Drive-By Download Exploits — is browser-independent and designed to eliminate all drive-by malware installation threats.
“By simply visiting a website, malware can be silently installed on a computer to steal a user’s identity and other personal information, launch denial-of-service attacks, or participate in botnet activity,” said Wenke Lee, at Georgia.
“BLADE is an effective countermeasure against all forms of drive-by download malware installs because it is vulnerability and exploit agnostic,” added Lee.
The researchers evaluated the tool on multiple versions and configurations of Internet Explorer and Firefox.
BLADE successfully blocked all drive-by malware installation attempts from the more than 1,900 malicious websites tested.
The software produced no false positives and required minimal resources from the computer.
Major antivirus software programs caught less than 30 percent of the more than 7,000 drive-by download attempts from the same websites.
“BLADE monitors and analyzes everything that is downloaded to a user’s hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive,” explained Lu.
Because drive-by downloads bypass the prompts users typically receive when a browser is downloading an unsupported file type, BLADE tracks how users interact with their browsers to distinguish downloads that received user authorization from those that do not.
To do this, the tool captures on-screen consent-to-download dialog boxes and tracks the user’s physical interactions with these windows.
In addition, all downloads are saved to a secure zone on a user’s hard drive so that BLADE can assess the content and prevent any malicious software from executing.
“Other research groups have tried to stop drive-by downloads, but they typically build a system that defends against a subset of the threats. We identified the one point that all drive-by downloads have to pass through — downloading and executing a file on the computer — and we decided to use that as our chokepoint to prevent the installs,” explained Lee.
Legitimate Web addresses that should be allowed to download content to a user’s computer without explicit permission, such as a browser or plug-in auto-updates, can be easily white-listed by the user so that their functionality is not affected by BLADE.
The researchers have also developed countermeasures so that malware publishers cannot circumvent BLADE by installing the malware outside the secure zone or executing it while it is being quarantined.
While BLADE is highly successful in thwarting drive-by download attempts, the development team admits that BLADE will not prevent social engineering attacks. Internet users are still the weakest link in the security chain, they note.
Details about BLADE will be presented at the Association for Computing Machinery’s Conference on Computer and Communications Security. (ANI)
- Arrests made in malware fraud case which infected millions of computers worldwide - Nov 10, 2011
- 8 in 10 web browsers vulnerable to hackers, criminals - Feb 19, 2011
- Indian IT experts devise technique to fight deadly bots - May 17, 2012
- Google 3D medical browser maps human body - Dec 17, 2010
- 300,000 computers with deadly virus to lose internet: FBI - Jul 08, 2012
- FBI to block virus-infected computers worldwide - Jul 09, 2012
- Computers with deadly virus to lose web link: FBI - Jul 05, 2012
- India tops in originating spam, phishing in Asia: Report - May 11, 2010
- Yahoo plug-in brings new visual delight - May 24, 2012
- Cyber criminals to target social networks, mobile devices: Security Report - Apr 06, 2011
- Google's new browser can map human body in 3D - Dec 17, 2010
- Indian home ministry computers under virus attack - Aug 16, 2010
- Microsoft announces automatic upgrades for Internet Explorer - Dec 16, 2011
- 'Clickjacking' epidemic spreads across Facebook - Jun 04, 2010
Tags: antivirus software, countermeasure, denial of service, denial of service attacks, e mail, false positives, georgia institute of technology, internet explorer, internet thanks, launch, mail attachments, malicious code, malicious software, malware, minimal resources, oct 7, software programs, sri international, web browsers, wenke lee