Communications of the Korean Institute of Information Scientists and Engineers (정보과학회지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Technical Trends and Response Methods of Drive-by Download

Drive-by Download 기술 동향 및 대응 방안

  • Published : 2010.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Keywords

References

  1. Empirical study of drive-by-download spyware. http://cisr.nps.navy.mil/downloads/06paper_spyware.pdf
  2. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, "The ghost in the browser analysis of web-based malware", HotBots'07, pages 4-10, 2007
  3. Sina dloader class activex control's downloadandinstall' method arbirary file download vulnerability, http://www.securityfocus.com/bid/30223/info
  4. MS IE daxctle.ocx KeyFrame 메소드 힙 오버플로우 취약점 분석 보고서, http://pds.nprotect.co.kr/pds/virusinfo_img/INCA_Alert%5BMS_IE_daxctle.ocx_KeyFrame_Method_Heap_Overflow%5D.pdf
  5. ActiveX 취약성 공격시의 Unicode Shellcode, http://hkpco.kr/paper/ActiveX_Shellcode.pdf
  6. W.G.J. Halfond and A. Orso, "Amnesia: analysis and monitoring for neutralizing sql-injection attacks", Proceedings of the 20th IEEE/ACM international Conference on Automated software engineeringm, page 174-183, 2005
  7. S. Bandhakavi, P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan, "Candid: preventing sql injection attacks using dynamic candidate evaluations", In CCS' 07: Proceedings of the 14th ACM conference on Computer and communications security, pages 12-24, 2007
  8. MS Internet Explorer (IFRAME Tag) Buffer Overflow Exploit, http://milw0rm.com/exploits/612