Original author(s) | Phillip Porras and Vinod Yegneswaran at SRI International Long Lu and Wenke Lee at the Georgia Institute of Technology |
---|---|
Platform | Cross-platform |
Type | Information security |
Website | www |
BLADE (Block All Drive-by Download Exploits) is a computer program that was developed by Phillip Porras and Vinod Yegneswaran at SRI International; and Long Lu and Wenke Lee at the Georgia Institute of Technology. BLADE is funded by grants from the National Science Foundation, the United States Army Research Laboratory, and the Office of Naval Research. The program is designed to prevent drive-by download malware attacks. [1] [2] [3]
A computer program is a collection of instructions that performs a specific task when executed by a computer. A computer requires programs to function.
Phillip A. Porras is a computer scientist and security researcher known for his work combating the Conficker worm. Porras leads the Internet Security Group in SRI International's Computer Science Laboratory.
SRI International (SRI) is an American nonprofit scientific research institute and organization headquartered in Menlo Park, California. The trustees of Stanford University established SRI in 1946 as a center of innovation to support economic development in the region.
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of executable code, scripts, active content, and other software. The code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug.
SourceForge is a web-based service that offers software developers a centralized online location to control and manage free and open-source software projects. It provides a source code repository, bug tracking, mirroring of downloads for load balancing, a wiki for documentation, developer and user mailing lists, user-support forums, user-written reviews and ratings, a news bulletin, micro-blog for publishing project updates, and other features.
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a concatenation of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.
Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.
ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.
ClamWin Free Antivirus is a free and open-source antivirus tool for Windows. It provides a graphical user interface to the Clam AntiVirus engine.
Download.com is an Internet download directory website launched in 1996 as a part of CNET. Originally, the domain was download.com, which became download.com.com for a while, and is now download.cnet.com. The domain download.com attracted at least 113 million visitors annually by 2008 according to a Compete.com study.
drive-by download means two things, each concerning the unintended download of computer software from the Internet:
Adaware, formerly known as Lavasoft, is a software development company that produces spyware and malware detection software, including Adaware. It operates as a subsidiary of Avanquest a division of Claranova.
Rogue security software is a form of malicious software and Internet fraud that misleads users into believing there is a virus on their computer, and to pay money for a fake malware removal tool. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. Two of the earliest examples to gain infamy were AdDestroyer and VirtualBouncer back in 2004.
A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
Stephen Edward Cross is executive vice president for research (EVPR) at the Georgia Institute of Technology (Georgia Tech), a position to which he was appointed in 2010. As EVPR, Cross coordinates research efforts among Georgia Tech's colleges, research units and faculty; and provides central administration for all research, economic development and related support units at Georgia Tech. This includes direct oversight of Georgia Tech's interdisciplinary research institutes, the Georgia Tech Research Institute (GTRI), the Enterprise Innovation Institute (EI2) and the Georgia Tech Research Corporation (GTRC).
MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software.
Sality is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Sality was first discovered in 2003 and has advanced over the years to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network for the purpose of relaying spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks. Since 2010, certain variants of Sality have also incorporated the use of rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date.
SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including Windows 8 and later, Internet Explorer, Microsoft Edge and Outlook.com. It is designed to help protect users against attacks that utilize social engineering and drive-by downloads to infect a system by scanning URLs accessed by a user against a blacklist of websites containing known threats. With the Windows 10 Creators Update, Microsoft placed the SmartScreen settings into the Windows Defender Security Center.
Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is being used for targeted cyber espionage in Middle Eastern countries.
Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.
This security software article is a stub. You can help Wikipedia by expanding it. |