- Volume 20 Issue 7
Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.
Malware;Malicious Code;Drive-by Download;Injection Site;Social Engineering Attack;Hacking
- The Register' article. [Internet]. Available : http://www.theregister.co.uk/2016/03/09/trend_micro_ransomware_iot_threat_rise/
- Boan news's article [Internet]. Available: http://www.boannews.com/media/view.asp?idx=46385.
- M. Antonakakis, et al., "Detecting Malware Domains at the Upper DNS Hierarchy," In USENIX Security, vol. 11. pp. 1-16, 2011.
- P. Vadrevum et al., "Measuring and detecting malware downloads in live network traffic," In ESORICS. pp. 556-573, 2013.
- J. Nazario, et al., "A virtual client honeypot," In Proceedings of the 2nd USENIX Conference on LEET., vol 9, pp 911-919, 2009.
- N. Provos, et al., "The ghost in the browser analysis of webbased malware," In Proceedings of the First Conference on First Workshop on HotBots, vol 7, pp 4-13, 2007.
- H. Mekky, et al., "Detecting malicious http redirections using trees of user browsing activity," In INFOCOM, pp. 1159-1167, 2014.
- S. Lee, et al., "A near real-time detection system for suspicious urls in twitter stream," IEEE Trans. Dependable Secur. Comput. vol. 10, no. 3, pp. 183-195, May 2013. https://doi.org/10.1109/TDSC.2013.3
- N. Terry, et al,. "WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths," In USENIX Security 15, pp. 1025-1040, 2015.
- malware domains list. [Internet]. Available : http://mirror1.malwaredomains.com/files/immortal_domains.txt
- sample malicious domain list. [Internet]. Available : https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist