BLADE: Slashing the Invisible Channel of Drive-By Download Malware


Lu, L., Yegneswaran, V., Porras, P., & Lee, W. (2009, September). BLADE: Slashing the Invisible Channel of Drive-by Download Malware. In International Workshop on Recent Advances in Intrusion Detection (pp. 350-352). Springer, Berlin, Heidelberg.


Drive-by downloads, which result in the unauthorized installation of code through the browser and into the victim host, have become one of the dominant means through which mass infections now occur. We present BLADE (Block All Drive-by download Exploits), a browser-independent system that seeks to eliminate the drive-by threat. BLADE prudently assumes that the legitimate download of any executable must result from explicit user consent. BLADE transparently redirects every browser download into a non-executable safe zone on disk, unless it is associated with a programmatically inferred user-consent event. BLADE thwarts the necessary underlying transaction on which all drive-by downloads rely, therefore it requires no prior knowledge of the exploit methods, and is not subject to circumvention by obfuscations or zero-day threats.

Keywords: User Interface Element, Safe Zone, Mouse Click, User Interface Browser, Mass Infection

Read more from SRI