Automated analysis of freeware installers promoted by download portals

Alberto Geniola, Markku Antikainen*, Tuomas Aura

*Tämän työn vastaava kirjoittaja

Tutkimustuotos: LehtiartikkeliReview Articlevertaisarvioitu

1 Sitaatiot (Scopus)
447 Lataukset (Pure)


We present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension.

JulkaisuComputers and Security
DOI - pysyväislinkit
TilaJulkaistu - 1 elok. 2018
OKM-julkaisutyyppiA2 Katsausartikkeli tieteellisessä aikakauslehdessä


Sukella tutkimusaiheisiin 'Automated analysis of freeware installers promoted by download portals'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä