Researchers slam door on drive-by downloads

 

Gallery

By Stewart Mitchell

Posted on 7 Oct 2010 at 13:34

Researchers at the Georgia Institute of Technology claim they have developed software that can eliminate “drive-by download” threats.

Drive-by attacks are planted on websites, where they automatically install themselves on end-user PCs that visit the site, and they are a growing menace.

Research from security firm Dasient says 1.3 million websites were infected with such malware in Q2 this year, with many more pages within them carrying a payload.

By simply visiting a website, malware can be silently installed on a computer

The Georgia researchers claim their BLADE software - short for Block All Drive-By Download Exploits – blocks malware downloads by checking to see if changes to the user's hard drive have been authorised.

"By simply visiting a website, malware can be silently installed on a computer," said Wenke Lee, a professor in the School of Computer Science in Georgia Tech's College of Computing.

"BLADE monitors and analyses everything that is downloaded to a user's hard drive to cross check whether the user authorised the computer to open, run or store the file on the hard drive.

“If the answer to these questions is 'no', BLADE stops the program from installing or running and removes it from the hard drive.”

The researchers said they evaluated the tool on multiple versions of Internet Explorer and Firefox and claimed it had blocked all drive-by malware installation attempts from nearly 2,000 different websites.

In similar tests, the developers said, major anti-virus software programs caught fewer than 30% of potential infections.

The team plans to release a free internet version of BLADE for consumers in the coming months and a detailed analysis of how the system works is available in the team's report.