Quantifying maliciousness in Alexa top-ranked domains

Wednesday 24 September 16:30 - 17:00, Red room.

Paul Royal Barracuda Labs

  download slides (PDF)

Most people assume that it is safe to visit popular, well-established websites. While examples of popular website compromises contradict this expectation, there exist few comprehensive studies that attempt to systematically quantify maliciousness in top-ranked sites.

To address this gap in understanding, my presentation details the design and results of long-running experiments that identify maliciousness among popular websites in a vulnerability and exploit-independent manner. To perform experimentation, I created a scalable URL analysis system that forces a browser within a sterile virtual machine to visit a given site, then examines the network-level actions of the VM to determine whether a drive-by download occurred. As input to this system, I provided the Alexa top 25,000 most popular domains each day in what became a series of month-long studies.

An analysis of the results reveals that, each month, millions of users are served malicious content from just tens of popular websites, and at least one million users are successfully compromised. In addition to an assessment of the threat (e.g. use of Java or ad networks in drive-by downloads), my presentation will coincide with release of the raw data collected to promote a better understanding of this issue.

Click here for more details about the conference.

Paul Royal

Paul Royal

Paul Royal is a consultant for Barracuda Labs, the research and threat analysis division of Barracuda Networks. In this role, he collaborates with a team of researchers on the design and implementation of technologies that enhance the company's ability to protect users and online communications. When not consulting for Barracuda Labs, Paul is a research scientist at the College of Computing at Georgia Tech and Associate Director of the Georgia Tech Information Security Center (GTISC).


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.