Authors
Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M Voelker
Publication date
2012/10/16
Book
Proceedings of the 2012 ACM conference on Computer and communications security
Pages
821-832
Description
We investigate the emergence of the exploit-as-a-service model for driveby browser compromise. In this regime, attackers pay for an exploit kit or service to do the "dirty work" of exploiting a victim's browser, decoupling the complexities of browser and plugin vulnerabilities from the challenges of generating traffic to a website under the attacker's control. Upon a successful exploit, these kits load and execute a binary provided by the attacker, effectively transferring control of a victim's machine to the attacker.
In order to understand the impact of the exploit-as-a-service paradigm on the malware ecosystem, we perform a detailed analysis of the prevalence of exploit kits, the families of malware installed upon a successful exploit, and the volume of traffic that malicious web sites receive. To carry out this study, we analyze 77,000 malicious URLs received from Google Safe Browsing, along with a crowd-sourced feed of …
Total citations
Scholar articles
C Grier, L Ballard, J Caballero, N Chachra, CJ Dietrich… - Proceedings of the 2012 ACM conference on …, 2012
C Grier, L Ballard, J Caballero, N Chachra, CJ Dietrich… - Proceedings of the 2012 ACM conference on …, 2012
C Grier, L Ballard, J Caballero, N Chachra, C Dietrich… - 2012
