Niels Provos Panayiotis Mavrommatis
Google Inc.
{niels, panayiotis}@google.com
Moheeb Abu Rajab Fabian Monrose
Johns Hopkins University
{moheeb, fabian}@cs.jhu.edu
As the web continues to play an ever increasing role in information
exchange, so too is it becoming the prevailing platform for
infecting vulnerable hosts. In this paper, we provide a detailed
study of the pervasiveness of so-called drive-by downloads on
the Internet. Drive-by downloads are caused by URLs that
attempt to exploit their visitors and cause malware to be installed
and run automatically. Over a period of 
months we processed
billions of URLs, and our results shows that a non-trivial
amount, of over 
million malicious URLs, initiate drive-by
downloads. An even more troubling finding is that approximately
of the incoming search queries to Google's search engine
returned at least one URL labeled as malicious in the results
page. We also explore several aspects of the drive-by downloads
problem. Specifically, we study the relationship between the user
browsing habits and exposure to malware, the techniques used to lure
the user into the malware distribution networks, and the different
properties of these networks.
