Article ID Journal Published Year Pages File Type
466466 Computer Law & Security Review 2015 16 Pages PDF
Abstract

The growth in use of Internet based systems over the past 20 years has seen a corresponding growth in criminal information technologies infrastructures. While previous “worm” based attacks would push themselves onto vulnerable systems, a common form of attack is now that of drive-by download. In contrast to email or worm-based malware propagation, such drive-by attacks are stealthy as they are ‘invisible’ to the user when doing general Web browsing. They also increase the potential victim base for attackers since they allow a way through the user's firewall as the user initiates the connection to the Web page from within their own network. This paper introduces some key terminology relating to drive-by downloads and assesses the state of the art in technologies which seek to prevent these attacks. This paper then suggests that a proactive approach to preventing compromise is required. The roles of different stakeholders are examined in terms of efficacy and legal implications, and it is concluded that Web hosting providers are best placed to deal with the problem, but that the system of liability exemption deriving from the E-Commerce Directive reduces the incentive for these actors to adopt appropriate security practices.

Related Topics
Physical Sciences and Engineering Computer Science Computer Science (General)
Authors
, , ,