Malicious web pages: what if hosting providers could actually do something...
Malicious web pages: what if hosting providers could actually do something...
The ability of cyber criminals to compromise networked computer systems through the spread of malware allows the creation of significant criminal information technologies (IT) infrastructures or ‘botnets’. The systems compromising such infrastructures can be used to harvest credentials, typically through keylogging malware, or provide a cover for illegal activities by making victim computers perform criminal acts initiated by others, such as distributed denial of service (DDoS) attacks. A single compromise may result in an infected system that is used in multiple criminal activities, and the cumulative effect of these activities and the resources dedicated to prevention can be considerable . This paper explains how the phenomenon of drive-by downloads has evolved to become a significant threat to both Internet users and third party systems.
To effect a compromise via a drive-by, a criminal will create a malicious Web page which, when visited, attempts to exploit vulnerabilities on the user’s computer automatically. In contrast to email or worm-based malware propagation, such drive-by attacks are stealthy as they are ‘invisible’ to the user when doing general Web browsing. They also increase the potential victim base for attackers since they allow a way through the user's firewall, since the user initiates the connection to the Web page from within their own network. The phenomenon of drive-by downloads is not a new one, but remains one of the significant threats to the security of the Web, with the prominent malware variants being distributed in this way .
The perception that malware only resides on ‘suspect’ sites such as file sharing sites, or those carrying pornography is now far from reality. Commonly, an attacker will seek to compromise an otherwise legitimate website and use that to distribute malware. They may also attempt to place malware on a cheap throwaway domain name, but it is harder for ISPs or authorities to take measures against a legitimate website, and it also increases the probability of a potential victim visiting it. Where the target is a website on a trending topic, the risk of exposure is even greater. With the rise of blogging and similar content creation, there is also a significant risk of vulnerabilities in common blogging platforms, such as WordPress, exposing visitors to such sites to potential drive-by malware.
This article provides a review of the existing strategies being used to mitigate this problem, and explains why they are not enough. We suggest that simple actions by Web intermediaries, in particular companies providing hosting services, could significantly impact upon the amount of malicious web pages, and force the criminals to use a smaller, more readily identifiable set of platforms to spread their malware. We conclude that laws excluding liability for intermediaries such as the E-commerce Directive in the European Union do not necessarily give an incentive to hosting providers to engage in such security practices and legitimate use of the Web suffers as a result.
490-505
Fryer, Huw
d2ae04ee-dba8-4393-9562-832ae279f6fb
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Chown, Tim
ec204b89-ace4-4cba-94a9-38e7649e9dee
2015
Fryer, Huw
d2ae04ee-dba8-4393-9562-832ae279f6fb
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Chown, Tim
ec204b89-ace4-4cba-94a9-38e7649e9dee
Fryer, Huw, Stalla-Bourdillon, Sophie and Chown, Tim
(2015)
Malicious web pages: what if hosting providers could actually do something...
Computer Law and Security Review: The International Journal of Technology Law and Practice, 31, .
(doi:10.1016/j.clsr.2015.05.011).
Abstract
The ability of cyber criminals to compromise networked computer systems through the spread of malware allows the creation of significant criminal information technologies (IT) infrastructures or ‘botnets’. The systems compromising such infrastructures can be used to harvest credentials, typically through keylogging malware, or provide a cover for illegal activities by making victim computers perform criminal acts initiated by others, such as distributed denial of service (DDoS) attacks. A single compromise may result in an infected system that is used in multiple criminal activities, and the cumulative effect of these activities and the resources dedicated to prevention can be considerable . This paper explains how the phenomenon of drive-by downloads has evolved to become a significant threat to both Internet users and third party systems.
To effect a compromise via a drive-by, a criminal will create a malicious Web page which, when visited, attempts to exploit vulnerabilities on the user’s computer automatically. In contrast to email or worm-based malware propagation, such drive-by attacks are stealthy as they are ‘invisible’ to the user when doing general Web browsing. They also increase the potential victim base for attackers since they allow a way through the user's firewall, since the user initiates the connection to the Web page from within their own network. The phenomenon of drive-by downloads is not a new one, but remains one of the significant threats to the security of the Web, with the prominent malware variants being distributed in this way .
The perception that malware only resides on ‘suspect’ sites such as file sharing sites, or those carrying pornography is now far from reality. Commonly, an attacker will seek to compromise an otherwise legitimate website and use that to distribute malware. They may also attempt to place malware on a cheap throwaway domain name, but it is harder for ISPs or authorities to take measures against a legitimate website, and it also increases the probability of a potential victim visiting it. Where the target is a website on a trending topic, the risk of exposure is even greater. With the rise of blogging and similar content creation, there is also a significant risk of vulnerabilities in common blogging platforms, such as WordPress, exposing visitors to such sites to potential drive-by malware.
This article provides a review of the existing strategies being used to mitigate this problem, and explains why they are not enough. We suggest that simple actions by Web intermediaries, in particular companies providing hosting services, could significantly impact upon the amount of malicious web pages, and force the criminals to use a smaller, more readily identifiable set of platforms to spread their malware. We conclude that laws excluding liability for intermediaries such as the E-commerce Directive in the European Union do not necessarily give an incentive to hosting providers to engage in such security practices and legitimate use of the Web suffers as a result.
This record has no associated files available for download.
More information
Published date: 2015
Organisations:
Southampton Law School
Identifiers
Local EPrints ID: 372707
URI: http://eprints.soton.ac.uk/id/eprint/372707
ISSN: 2212-4748
PURE UUID: a1d9cc3f-b95f-4459-8b7e-835e066c4efc
Catalogue record
Date deposited: 18 Dec 2014 11:43
Last modified: 15 Mar 2024 03:37
Export record
Altmetrics
Contributors
Author:
Huw Fryer
Author:
Tim Chown
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics