Title: Geotracking of webpage sources: a defence against drive-by-download attacks
Authors: A. Naumov; N. Vlajic; H. Roumani
Addresses: Department of Computer Science and Engineering, York University, 4700 Keele St., Toronto, M3J 1P3, Canada ' Department of Computer Science and Engineering, York University, 4700 Keele St., Toronto, M3J 1P3, Canada ' Department of Computer Science and Engineering, York University, 4700 Keele St., Toronto, M3J 1P3, Canada
Abstract: Currently, numerous freeware URL screening tools are available online. While these tools exhibit various levels of sophistication in dealing with traditional web-based exploits, most of them are quite ineffective in detecting some more subtle forms of infection. In particular, most of these tools omit to detect and/or alert against drive-by-download injections that do not result in the download and/or execution of a malware, but instead (only) aim to tarnish the credibility of the compromised website or intrude on the privacy of its users. In this paper, we present our new visual location-based URL screening tool, named VLUS. We demonstrate that with this tool, various forms of drive-by-download injection (leading to redirection) can be easily spotted, irrespective of the nature of the injected content. The tool is also useful for the purposes of general webpage content analysis. We close the paper by outlining an alternative implementation of VLUS in the form of a browser (Chrome) extension. By a simple monitoring of the application-level traffic calls performed by the browser, this implementation offers several unique advantages over the standard VLUS implementation.
Keywords: drive-by-download infection; URL screening; novel security tools; geotracking; webpage sources; drive-by-download attacks; visual screening; location-based screening; webpage content analysis.
DOI: 10.1504/IJITST.2012.054061
International Journal of Internet Technology and Secured Transactions, 2012 Vol.4 No.4, pp.312 - 326
Published online: 09 Aug 2014 *
Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article