Empirical Study Of Drive-By-Download Spyware
Loading...
Authors
Barwinski, Mark
Irvine, Cynthia E.
Levin, Tim E.
Subjects
analysis of three kernel-based multilevel security
Advisors
Date of Issue
2006-00-00
Date
Publisher
International Common Criteria Conference
Language
Abstract
The ability of spyware to circumvent common security practices, surreptitiously exporting confidential information to remote parties and illicitly consuming system resources, is a rising security concern in government, corporate, and home computing environments. While it is the common perception that spyware infection is the result of high risk Internet surfing behavior, our research shows main-stream web sites listed in popular search engines contribute to spyware infection irrespective of patch levels and despite �safe� Internet surfing practices. Experiments conducted in July of 2005 revealed the presence of spyware in several main-stream Internet sectors as
evidenced in the considerable infection of both patched and unpatched Windows XP test beds. Although the experiment emulated conservative web surfing practices by not interacting with web page links, images, or banner advertisements, pyware infection of Internet Explorer based test beds occurred swiftly through cross-domain scripting and ActiveX exploits. As many as 71 different spyware programs were identified among 6 Internet sectors. Real estate and online ed web sites infected the test beds with, as many as 14 different spyware programs and one bank-related web site appeared to be the source of a resource consuming dialing program.Empirical analysis suggests that spyware infection via drive-by-download attacks has thus far been unabated by security patches or even prudent web surfing behavior. At least for the moment, it appears the choice of web browser applications is the single most effective measure in preventing spyware infection via drive-by-downloads
Type
Article
Description
Series/Report No
Department
Computer Science (CS)
Organization
Center for Information Systems Security Studies and Research (CISR)
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Proc. International Conference on i- Warfare and Security, Eastern Shore Maryland, 15-16 March 2006 pp.1-12
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.