Automated analysis of freeware installers promoted by download portals
Loading...
Access rights
openAccess
URL
Journal Title
Journal ISSN
Volume Title
A2 Katsausartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
Date
2018-08-01
Department
Major/Subject
Mcode
Degree programme
Language
en
Pages
17
209-225
209-225
Series
Computers and Security, Volume 77
Abstract
We present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension.Description
Keywords
Man-in-the-middle Malware, Pay-per-install, Potentially-unwanted program, UI-automation
Other note
Citation
Geniola, A, Antikainen, M & Aura, T 2018, ' Automated analysis of freeware installers promoted by download portals ', Computers and Security, vol. 77, pp. 209-225 . https://doi.org/10.1016/j.cose.2018.03.010