A new tool developed by researchers at Georgia Tech and SRI International could provide an effective countermeasure against drive-by download attacks. The researchers claim that the software, BLADE
("Block All Drive-by Download Exploits), provides cross-browser protection against a wide range of real threats.
Drive-by attacks, in which an attacker exploits flaws in a browser or its plugins to silently download and install malicious software, are increasingly common, with many millions of hostile pages found on the Internet. With drive-by attacks sometimes being distributed by advertising networks, even careful Web users can find their browsers at risk of infection by this kind of malware.
The BLADE system works by blocking access to any executable program that a Web browser makes, if that access was not preceded by a user's explicit authorization for the download. Most browsers give users the opportunity to confirm or deny downloads; drive-bys, however, use security flaws to bypass this user intervention. BLADE tracks user actions—clicking a button to permit a download—and uses this information to selectively prevent access to downloaded files. The software also records both the URL and downloaded file, allowing further analysis by security professionals.