Drive-by-Downloads
Abstract: Drive-by-downloads are malware that push, and then execute, malicious code on a client system without the user's consent. The purpose of this paper is to introduce a discussion of the usefulness of antivirus software for detecting the installation of such malware, providing groundwork for future studies. Client honeypots collected drive-by malware which was then evaluated using common antivirus products. Initial analysis showed that most of such antivirus products identified less than 70% of these highly polymorphic malware programs. Also, it was observed that the antivirus products tested, even when successfully detecting this malware, often failed to classify it, leading to the conclusion that further work could involve not only developing new behavioral detection technologies, but also empirical studies that improve general understanding of these threats. Toward that end, one example of malicious code was analyzed behaviorally to provide insight into next steps for the future direction of this research.
- Research Organization:
- Pacific Northwest National Laboratory (PNNL), Richland, WA (US)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 983423
- Report Number(s):
- PNNL-SA-73582
- Country of Publication:
- United States
- Language:
- English
Similar Records
Justifying the need for forensically ready protocols: A case study of identifying malicious web servers using client honeypots
Deep PDF parsing to extract features for detecting embedded malware.