Automated analysis of freeware installers promoted by download portals

Loading...
Thumbnail Image

Access rights

openAccess

URL

Journal Title

Journal ISSN

Volume Title

A2 Katsausartikkeli tieteellisessä aikakauslehdessä

Date

2018-08-01

Major/Subject

Mcode

Degree programme

Language

en

Pages

17
209-225

Series

Computers and Security, Volume 77

Abstract

We present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension.

Description

Keywords

Man-in-the-middle Malware, Pay-per-install, Potentially-unwanted program, UI-automation

Other note

Citation

Geniola, A, Antikainen, M & Aura, T 2018, ' Automated analysis of freeware installers promoted by download portals ', Computers and Security, vol. 77, pp. 209-225 . https://doi.org/10.1016/j.cose.2018.03.010