Using Client-Side JavaScript to Mitigate Drive-by-Downloads

The prevalence of web-based malware distribution has exploded in recent years, with malicious enterprises continuously devising new ways of exploiting vulnerabilities. Security professionals have found themselves in an arms race in an attempt to contain the spread of malware. Drive-bydownloads, as coined by Google in 2007, is a particularly insidious form of malware distribution that uses browser exploits to automatically install malware on unsuspecting enduser machines. To gain maximum exposure, developers of drive-by-download malware have continuously infiltrated unsuspecting websites that are trusted by many users, and have recruited these websites into their malware distribution network without the consent or knowledge of the website owners. Websites that have been hacked in this manner often go unnoticed for long periods of time by their owners who are oblivious to the malware that their websites are serving. Often, website developers will include third-party widgets, or other features that introduce vulnerabilities to their website that often lead to these types of attacks on their websites. There are many server-side solutions that scan and protect websites from such attacks. In this paper, we propose a JavaScript solution that could be applied directly into the website code in an effort to add security enhancements from the client-side perspective.