By Topic

Drive-by downloads from the trenches

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
David Harley ; ESET, Research Department, 610 West Ash Street suite 1900, San Diego, California, United States of America, 92101 ; Pierre-Marc Bureau

Drive-by download is a term used to describe a download that happens without the knowledge or conscious intervention of the computer user. In computer security terms, a drive-by download is usually triggered by the exploitation of a vulnerability in an Internet browser. The file that is downloaded is usually a malicious program that installs itself on the victims computer, or is an installer for another malicious program. In this paper, we describe the problem posed by drive-by downloads from different perspectives. We also explain the difficulties of dealing with drive-by infections and propose various approaches that could solve part of the problem. Drive-by downloads are a prime example of the exponential rate at which malware infection can increase on the Internet. The primary purpose of this paper is to bring the drive-by download problem to the attention of the research community, in an effort to inspire further research initiatives in this area.

Published in:

Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on

Date of Conference:

7-8 Oct. 2008