Niels Provos Panayiotis Mavrommatis
Moheeb Abu Rajab Fabian Monrose
Johns Hopkins University
As the web continues to play an ever increasing role in information exchange, so too is it becoming the prevailing platform for infecting vulnerable hosts. In this paper, we provide a detailed study of the pervasiveness of so-called drive-by downloads on the Internet. Drive-by downloads are caused by URLs that attempt to exploit their visitors and cause malware to be installed and run automatically. Over a period of months we processed billions of URLs, and our results shows that a non-trivial amount, of over million malicious URLs, initiate drive-by downloads. An even more troubling finding is that approximately of the incoming search queries to Google's search engine returned at least one URL labeled as malicious in the results page. We also explore several aspects of the drive-by downloads problem. Specifically, we study the relationship between the user browsing habits and exposure to malware, the techniques used to lure the user into the malware distribution networks, and the different properties of these networks.