Automated analysis of freeware installers promoted by download portals

Research output: Contribution to journalReview ArticleScientificpeer-review

Researchers

Research units

  • University of Helsinki

Abstract

We present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension.

Details

Original languageEnglish
Pages (from-to)209-225
Number of pages17
JournalComputers and Security
Volume77
Publication statusPublished - 1 Aug 2018
MoE publication typeA2 Review article in a scientific journal

    Research areas

  • Man-in-the-middle Malware, Pay-per-install, Potentially-unwanted program, UI-automation

Download statistics

No data available

ID: 29744480