BLADE: Slashing the Invisible Channel of Drive-by Download Malware

Authors:
Long Lu;Vinod Yegneswaran;Phillip Porras;Wenke Lee
Affiliations:
School of Computer Science, Georgia Tech, Atlanta, USA 30332;SRI International, Menlo Park, USA 94025;SRI International, Menlo Park, USA 94025;School of Computer Science, Georgia Tech, Atlanta, USA 30332
Venue:
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Year:
2009

Citing 1
Cited 0

All your iFRAMEs point to Us

SS'08 Proceedings of the 17th conference on Security symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

Drive-by downloads, which result in the unauthorized installation of code through the browser and into the victim host, have become one of the dominant means through which mass infections now occur. We present BLADE (B lock A ll D rive-by download E xploits), a browserindependent system that seeks to eliminate the drive-by threat. BLADE prudently assumes that the legitimate download of any executable must result from explicit user consent. BLADE transparently redirects every browser download into a non-executable safe zone on disk, unless it is associated with a programmatically inferred user-consent event. BLADE thwarts the necessary underlying transaction on which all drive-by downloads rely, therefore it requires no prior knowledge of the exploit methods, and is not subject to circumvention by obfuscations or zero-day threats.