Preventing Drive-by Download via Inter-Module Communication Monitoring

摘要

Drive-by download attack is one of the most severe threats to Internet users. Typically, only visiting a malicious page will result in comproxnise of the client and infection of malware. By the end of 2008, drive-by download had already become the number one infection vector of malware [5]. The down loaded malware may steal the users' personal identification and password. They may also join botnet to send spams, host phishing site or launch distributed denial of service at tacks. Generally, these attacks rely on successful exploits of the vulnerabilities in web browsers or their plug-ins. There fore, we proposed an inter-module communication monitor ing based technique to detect malicious exploitation of vul nerable components thus preventing the vulnerability being exploited. We have implemented a prototype system that was integrated into the most popular web browser Microsoft Internet Explorer. Experimental results demonstrate that, on our test set, by using vulnerability-based signature, our system could accurately detect all attacks targeting at vul nerabilities in our definitions and produced no false positive. The evaluation also shows the performance penalty is kept low.