(Press-News.org) Insecure Web browsers and the growing number of complex applets and browser plug-in applications are allowing malicious software to spread faster than ever on the Internet. Some websites are installing malicious code, such as spyware, on computers without the user's knowledge or consent.
These so-called "drive-by downloads" signal a shift away from using spam and malicious e-mail attachments to infect computers. Approximately 560,000 websites -- and 5.5 million Web pages on those sites -- were infected with malware during the fourth quarter of 2009.
A new tool that eliminates drive-by download threats has been developed by researchers at the Georgia Institute of Technology and California-based SRI International. BLADE -- short for Block All Drive-By Download Exploits -- is browser-independent and designed to eliminate all drive-by malware installation threats. Details about BLADE will be presented today at the Association for Computing Machinery's Conference on Computer and Communications Security.
"By simply visiting a website, malware can be silently installed on a computer to steal a user's identity and other personal information, launch denial-of-service attacks, or participate in botnet activity," said Wenke Lee, a professor in the School of Computer Science in Georgia Tech's College of Computing. "BLADE is an effective countermeasure against all forms of drive-by download malware installs because it is vulnerability and exploit agnostic."
The BLADE development team includes Lee, Georgia Tech graduate student Long Lu, and Vinod Yegneswaran and Phillip Porras from SRI International. Funding for the BLADE tool was provided by the National Science Foundation, U.S. Army Research Office and U.S. Office of Naval Research.
The researchers evaluated the tool on multiple versions and configurations of Internet Explorer and Firefox. BLADE successfully blocked all drive-by malware installation attempts from the more than 1,900 malicious websites tested. The software produced no false positives and required minimal resources from the computer. Major antivirus software programs caught less than 30 percent of the more than 7,000 drive-by download attempts from the same websites.
"BLADE monitors and analyzes everything that is downloaded to a user's hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive," explained Lu.
Because drive-by downloads bypass the prompts users typically receive when a browser is downloading an unsupported file type, BLADE tracks how users interact with their browsers to distinguish downloads that received user authorization from those that do not. To do this, the tool captures on-screen consent-to-download dialog boxes and tracks the user's physical interactions with these windows. In addition, all downloads are saved to a secure zone on a user's hard drive so that BLADE can assess the content and prevent any malicious software from executing.
"Other research groups have tried to stop drive-by downloads, but they typically build a system that defends against a subset of the threats," explained Lee. "We identified the one point that all drive-by downloads have to pass through -- downloading and executing a file on the computer -- and we decided to use that as our chokepoint to prevent the installs."
The BLADE testing showed that the applications most frequently targeted by drive-by download exploits included Adobe Reader, Sun Java and Adobe Flash -- with Adobe Reader attracting almost three times as many attempts as the other programs. Computers using Microsoft's Internet Explorer 6 became infected by more drive-by-downloads than those using versions 7 or 8, while Firefox 3 had a lower browser infection rate than all versions of Internet Explorer. Among the more than 1,900 active malicious websites tested, the Ukraine, United Kingdom and United States were the top three countries serving active drive-by download exploits.
Legitimate Web addresses that should be allowed to download content to a user's computer without explicit permission, such as a browser or plug-in auto-updates, can be easily white-listed by the user so that their functionality is not affected by BLADE.
The researchers have also developed countermeasures so that malware publishers cannot circumvent BLADE by installing the malware outside the secure zone or executing it while it is being quarantined.
While BLADE is highly successful in thwarting drive-by download attempts, the development team admits that BLADE will not prevent social engineering attacks. Internet users are still the weakest link in the security chain, they note.
"BLADE requires a user's browser to be configured to require explicit consent before executable files are downloaded, so if this option is disabled by the user, then BLADE will not be able to protect that user's Web surfing activities," added Lee.
INFORMATION:
To see a demonstration of how BLADE defends against drive-by downloads, watch this video: http://www.youtube.com/watch?v=9emHejh8hWE .
BLADE software eliminates 'drive-by downloads' from malicious websites
2010-10-07
ELSE PRESS RELEASES FROM THIS DATE:
Psychologist finds 'shocking' impact on name recall
2010-10-07
It's an experience shared by everyone: You run into someone you know, but his or her name escapes you.
Now, Temple psychologist Ingrid Olson has found a way to improve the recall of proper names.
Olson dedicates her research to understanding human memory. In a recent study, she found that electric stimulation of the right anterior temporal lobe of the brain improved the recall of proper names in young adults by 11 percent. Her study appears this month in the journal Neuropsychologia.
"We know a lot about how to make people's memory worse, but we don't know very ...
New fish feeds made from fish byproducts
2010-10-07
Fish byproducts may be a new source of fish feed, thanks to research by U.S. Department of Agriculture (USDA)-funded scientists in Hawaii.
Research scientist Dong-Fang Deng and her colleagues with the Oceanic Institute in Waimanalo, Hawaii, are collaborating with USDA food technologist Peter Bechtel to develop the new fish feeds. Bechtel is with the USDA Agricultural Research Service (ARS) Subarctic Agricultural Research Unit in Kodiak, Alaska. ARS is the USDA's principal intramural scientific research agency.
The scientists are taking fish parts that would normally ...
One lock, many keys
2010-10-07
In order to track down pathogens and render them harmless, the immune system must be able to recognize myriad different foreign substances and react to them. Scientists at the Max Planck Institute of Immunobiology and the Centre for Biological Signalling Studies BIOSS at the University of Freiburg have discovered how the immune system's B-cells can be activated by numerous substances from our environment. The receptor molecules on the surface of the B-cells are only activated when the receptor subunits separate following the binding of foreign substances. These findings ...
$5 million NSF grant will upgrade and expand NJIT radio telescope array
2010-10-07
A $5 million National Science Foundation (NSF) grant to upgrade and expand a set of radio frequency antennas at Owens Valley Solar Array (OVSA) http://www.ovsa.njit.edu/ has been awarded to NJIT. The new facility is expected to help scientists better understand the nature of solar flares which greatly interest government, industry and the military.
"Space weather incidents such as coronal mass ejections and solar flares can cause problems with cell phone reception, GPS systems, power grids and other technologies," said NJIT Distinguished Professor Dale Gary, a world-renowned ...
Experts advocate realigning type 2 diabetes treatments with disease's natural history
2010-10-07
Chevy Chase, MD— A new consensus statement published in the September, 2010, issue of The Endocrine Society's Journal of Clinical Endocrinology & Metabolism (JCEM) finds that the increasing recognition that beta-cell failure occurs much earlier and severely than commonly believed suggests that regular glycemia screening, early identification of patients at metabolic risk and prompt and aggressive intervention deserves greater emphasis.
The consensus statement is based on the findings of a working group of basic researchers, clinical endocrinologists and primary care ...
New findings pull back curtain on relationship between iron and Alzheimer's disease
2010-10-07
BETHESDA, Md., Oct. 6, 2010 – Massachusetts General Hospital researchers say they have determined how iron contributes to the production of brain-destroying plaques found in Alzheimer's patients.
The team, whose study results appear in this week's Journal of Biological Chemistry, report that there is a very close link between elevated levels of iron in the brain and the enhanced production of the amyloid precursor protein, which in Alzheimer's disease breaks down into a peptide that makes up the destructive plaques.
Dr. Jack T. Rogers, the head of the hospital's neurochemistry ...
Long-extinct passenger pigeon finds a place in the family tree
2010-10-07
CHAMPAIGN, Ill. — With bits of DNA extracted from century-old museum specimens, researchers have found a place for the extinct passenger pigeon in the family tree of pigeons and doves, identifying for the first time this unique bird's closest living avian relatives.
The new analysis, which appears this month in Molecular Phylogenetics and Evolution, reveals that the passenger pigeon was most closely related to other North and South American pigeons, and not to the mourning dove, as was once suspected.
Naturalists have long lamented that one of North America's most ...
Wistar researchers discover new class of objects encoded within the genome
2010-10-07
Despite progress in decoding the genome, scientists estimate that fully 95 percent of our DNA represents dark, unknown territory. In the October 1 issue of the journal Cell researchers at The Wistar Institute shed new light on the genetic unknown with the discovery of the ability of long non-coding RNA (ncRNA) to promote gene expression. The researchers believe these long ncRNA molecules may represent so-called gene enhancer elements—short regions of DNA that can increase gene transcription. While scientists have known about gene enhancers for decades, there has been no ...
UF study: Emotional effects of heavy combat can be lifelong for veterans
2010-10-07
GAINESVILLE, Fla. — The trauma from hard combat can devastate veterans until old age, even as it influences others to be wiser, gentler and more accepting in their twilight years, a new University of Florida study finds.
The findings are ominous with the exposure of today's men and women to heavy combat in the ongoing Iraq and Afghanistan wars on terror at a rate that probably exceeds the length of time for U.S. veterans during World War II, said UF sociologist Monika Ardelt.
"The study shows that we really need to take care of our veterans when they arrive home, because ...
New soy-based natural S-equol supplement reduces menopausal hot flashes, muscle and joint pain in first study among US women
2010-10-07
CHICAGO, IL (Oct. 6, 2010) – A new women’s health, whole soy germ-based nutritional supplement containing Natural S-equol reduced the frequency of moderate to severe hot flashes and reduced muscle and joint pain in the first study of its kind among postmenopausal U.S. women, according to peer-reviewed data presented as a poster presentation at the North American Menopause Society (NAMS) Annual Meeting. Also, the first study to report Natural S-equol contributions to bone health and a study of Natural S-equol safety were presented at NAMS.
“These data from U.S. women ...