Communications of the ACM
Stopping Stealthy Downloads
SRI International and Georgia Tech researchers have developed Block All Drive-By Download Exploits (BLADE), free software that can stop Internet attacks brought on by visiting a Web site. BLADE acts by halting downloads that are initiated without the user's consent.
In 2009's fourth quarter, about 5.5 million Web pages contained software designed to install unwanted malware on visitors, according to Dasient. The researchers tested BLADE and found that it blocked all of the more than 5,150 malicious programs unleashed by the 1,205 drive-by URLs they tested. Adobe's PDF Reader accounted for more than half of the applications targeted by the drive-by exploits and Sun Microsystems' Java platform attracted about 25 percent of all drive-by attacks, with most of the remaining exploits being aimed at Adobe Flash and Internet Explorer.
Experts say that BLADE still needs to be tested in real-world settings, and SRI's Phil Porras notes that it cannot stop all Web-based malware, such as social-engineering attacks.
From Technology Review
View Full Article
Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA 
No entries found