Authors:Julia Narvaez (University of Washington, Seattle, USA), Barbara Endicott-Popovsky (University of Washington, Seattle, USA), Christian Seifert, Ian Welch, and Peter Komisarczuk
Source: PDF (465kb)
Client-side attacks are an emerging threat on the Internet today. Drive-by-downloads usually occur in which malware is pushed and executed on the client system without consent or notice of the user. An empirical evaluation of the malware with antivirus products is the focus of our research. Client honeypots, security devices that use virtualization to detect malicious web servers that launch these attacks on client system, are used to collect malware and evaluate it with various antivirus products. We show that applications that aim to defraud the victim are the primary malware type identified and show that antivirus products are only able to detect on average approximately 70% of any malware pushed in a drive-by-download attack.
Keywords: Invasive software (viruses, worms, Trojan horses), Client Honeypot, Virtualization, Antivirus