DOCSLIB.ORG

Dbshield: Securing Dropbox Against Malware Distribution

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Dbshield: Securing Dropbox Against Malware Distribution DBSHIELD: SECURING DROPBOX AGAINST MALWARE DIST RIBUTION ANAND BHATIA (ANANDR ) & TEJASWI SUDHA (T SUDHA) CONTENTS Abstract........................................................................................................................................................ 3 Introduction ................................................................................................................................................ 3 Dropbox - the growth story .................................................................................................................. 3 Dropbox – INSECURE BY DESIGN? .................................................................................................. 4 Motivations for an enhanced client ......................................................................................................... 5 DBShield - Conceptual overview ............................................................................................................. 6 Features ................................................................................................................................................... 6 Evaluation of available anti-malware engines ................................................................................... 6 DBShield- usage scenario ...................................................................................................................... 7 DBShield implementation ..................................................................................................................... 8 Client api review .................................................................................................................................... 8 Leveraging the dropbox rest api .......................................................................................................... 8 Implementation ...................................................................................................................................... 9 Performance evaluation .......................................................................................................................... 12 Results .................................................................................................................................................... 13 Lessons learnt ........................................................................................................................................... 13 Planned optimizations & future work .................................................................................................. 14 Conclusions ............................................................................................................................................... 14 Acknowledgements ................................................................................................................................. 14 References ................................................................................................................................................. 15 ABSTRACT Cloud based file storage services becoming increasingly popular off-late as they offer convenience & seamless folder based sharing. Among the host of options, Dropbox has proved to be the leader due its ease-of-use, cross platform client availability and low cost of entry. It has proved especially popular in academic circles too as it offers up to 18 GB of free storage space, easily meeting the needs of students. These services have also caught the attention of a more nefarious group of people namely malware and spam distributors. These groups have exploited the multiple security vulnerabilities in the new cloud based offerings towards their end. Using the sharing features of such services it offers them an easy avenue of spreading malware. To prevent epidemics, it is unwise to rely on the end-users to deploy the protections necessary to contain malware to the infected host. In this report, we present the design, implementation and evaluation of DBShield– a security enhanced Dropbox command line client which offers malware protection “out-of-the-box” thereby removing the burden of anti-malware protection from the end users. It utilizes ClamAV – an Open Source antimalware engine to offer cross-platform protection for both upstream and downstream file syncing. As DBShield is written in Perl, we are able to offer a security without compromising on cross platform compatibility of the standard Dropbox Client. We also discuss the various attack vectors used against Dropbox in the past and ones which could be potentially used in the future. We have implemented a proof-of-concept prototype for both Linux & Windows platforms, tested it against real-world malware and performed performance measurements to optimize the client performance. INTRODUCTION Up until recently, the most common way to share files on a personal or small team-based projects was to send them via email. With the advent cloud computing and broadband internet penetration, a new paradigm to file sharing has gained rapid prominence. Centralized cloud based file sharing and syncing had made it much simpler to view, edit and access common files from any terminal at any location. Of the host of cloud based storage service providers, Dropbox reigns supreme having the largest market share and user base with over 100 million users [1]. DROPBOX - THE GROWTH STORY Dropbox, which started out in September 2008 uses a freemium model of business. It offers both free and paid accounts. There are several factors which contributed to Dropbox’s rapid growth. Some of them are: It offers support for variety of devices across multiple Operating systems ranging from Mac OSX to Android devices. It offers free accounts starting at 2GB of storage expandable right up to 18GB. It is very easy to use requiring little to no setup to getting the sync working. It is making rapid inroads into the smartphone space with HTC & Sony Ericsson making deals to offer bundled crowd storage to augment on board storage on the device. Fig. 1: Shows the rapid growth that Dropbox has witnessed over past few years. DROPBOX – INSECURE BY DESIGN? However, all these advantages seem to be just the silver lining which hides a darker cloud. Many security experts have lambasted Dropbox for its insecure design [2][3][4]. The initial version of Dropbox client suffered from the following security loopholes: 1. No encryption at client end. This allows easy spoofing of data packets and the corresponding hashes. 2. Trust based assumptions for client-sent hashes. This is among the more well- known exploits where using a client to spoof hashes allows end users to gain access to arbitrary files not necessarily owned by the user. 3. Weak data possession protocols[2].Dropbox doesn’t not employ any provable possession algorithms to ensure data possession by clients leaving user data essential public. 4. Direct Download attacks. This employs knowledge of host-id which is a unique identifier linking a device to a particular user’s account to download chunks of the users data without owning the data itself. These loopholes were expectedly exploited and Dropbox has suffered no less than 3 security breaches [4]. There were two major attack vectors targeting these loopholes: 1. Data and Information leak using loopholes 1 through 4. 2. Online “slack-space” [3] All of the above issues have more or less been fixed or are slated to be fixed in future Dropbox versions. The new security features introduced by Dropbox include TWO-FACTOR AUTHENTICATION and DROPPING DE-DUPLICATION partially to ensure data privacy for owners. These “enhancement” though still buggy, address the aforementioned attack vectors. MOTIVATIONS FOR AN ENHANCED CLIENT While Dropbox developers have begun to deal with existing attack vectors, there is a worrisome up an coming mode of attack: malware and spam distribution. Initial instances of these ideas in implementations have already been spotted in the wild from as early as early 2012 [5] [6]. The very genesis of these attacks is engrained within the Dropbox Terms of service “You, not Dropbox, will be fully responsible and liable for what you copy, share, upload, download or otherwise use while using the Services. You must not upload spyware or any other malicious software…You, and not Dropbox, are responsible for maintaining and protecting all of your stuff. Dropbox will not be liable for any loss or corruption of your stuff…” This asserts that Dropbox is just a file storage and syncing service. It does not and will not for the near future provide any malware filter or protection of user data. Malware attacks manifest in three different ways: 1. Trojan distribution. Malware cartels have been using Dropbox’s public folders to host and later download spyware on to infected machines. Thus, Dropbox serves as an easy always available means to infect even partially compromised machines. 2. Spammer abuse. Dropbox’s public folder also serves as the perfect way to host public URLS to which are in essence spammy links to advertisers. Spammers leverage the credence of Dropbox URLS to trick people to generate click-throughs. 3. Accidental spread across owner devices. This attack occurs when a user shares a file benign on one machine, but harmful on the other via dropbox’s automatic syncing thereby leading to a malware epidemic. There have been several requests by users of the popular client to integrate some basic anti- virus protection in at an added cost but that feature request
Load more

Recommended publications
  • A Resource Guide for Transitioning Your Class Online
    A Resource Guide for Transitioning Your Class Online SPECIAL REPORT MAGNA PUBLICATIONS CONTENTS Education Initiatives: A Mashup of Emergency A Checklist for Moving Your Resources and Other Great Course Online 03 Tips 13 How Teaching Online Can Eight Steps for a Smoother Improve Your Face-to-Face Transition to Online Teaching 05 15 Classes Five Ways to Foster Seven Ways to Facilitate Creativity in Your Online Effective Online Discussions 07 Classroom 19 Online Discussions: Would Simple Animation for Your Changing the Environment Courses 09 23 Help? What Do Students Really Want from Online Instruc- 11 tors? Education Initiatives: A Mashup of Emergency Resources and Other Great Tips Faculty Focus n response to COVID-19, we’ve seen in- links to educational resources from all over the structors and universities from around the world. Iworld come together to compile numer- ous resources and lists. Although we’ve only 4. Mandy Berry: A Facebook Post on skimmed the surface, we believe the following Remote Teaching links provide insight on different perspectives A public Facebook post from Amanda Berry, that institutions and staff are currently go- an assistant professor of literature at American ing through. From transitioning to an online University. course to fostering a productive conversation with your students, these resources shed light 5. Resources for Disruptions on education initiatives we hope you find use- A list of resources compiled by Ollie Dreon ful during this time of uncertainty. on his blog pertaining to transitioning to online teaching and coping with education initiatives 1. Remote Teaching Strategies— during this time of disruption.
    [Show full text]
  • Defining the Digital Services Landscape for the Middle East
    Defining the Digital Services landscape for the Middle East Defining the Digital Services landscape for the Middle East 1 2 Contents Defining the Digital Services landscape for the Middle East 4 The Digital Services landscape 6 Consumer needs landscape Digital Services landscape Digital ecosystem Digital capital Digital Services Maturity Cycle: Middle East 24 Investing in Digital Services in the Middle East 26 Defining the Digital Services landscape for the Middle East 3 Defining the Digital Services landscape for the Middle East The Middle East is one of the fastest growing emerging markets in the world. As the region becomes more digitally connected, demand for Digital Services and technologies is also becoming more prominent. With the digital economy still in its infancy, it is unclear which global advances in Digital Services and technologies will be adopted by the Middle East and which require local development. In this context, identifying how, where and with whom to work with in this market can be very challenging. In our effort to broaden the discussion, we have prepared this report to define the Digital Services landscape for the Middle East, to help the region’s digital community in understanding and navigating through this complex and ever-changing space. Eng. Ayman Al Bannaw Today, we are witnessing an unprecedented change in the technology, media, and Chairman & CEO telecommunications industries. These changes, driven mainly by consumers, are taking Noortel place at a pace that is causing confusion, disruption and forcing convergence. This has created massive opportunities for Digital Services in the region, which has in turn led to certain industry players entering the space in an incoherent manner, for fear of losing their market share or missing the opportunities at hand.
    [Show full text]
  • Mobile Developer's Guide to the Galaxy
    Don’t Panic MOBILE DEVELOPER’S GUIDE TO THE GALAXY U PD A TE D & EX TE ND 12th ED EDITION published by: Services and Tools for All Mobile Platforms Enough Software GmbH + Co. KG Sögestrasse 70 28195 Bremen Germany www.enough.de Please send your feedback, questions or sponsorship requests to: [email protected] Follow us on Twitter: @enoughsoftware 12th Edition February 2013 This Developer Guide is licensed under the Creative Commons Some Rights Reserved License. Editors: Marco Tabor (Enough Software) Julian Harty Izabella Balce Art Direction and Design by Andrej Balaz (Enough Software) Mobile Developer’s Guide Contents I Prologue 1 The Galaxy of Mobile: An Introduction 1 Topology: Form Factors and Usage Patterns 2 Star Formation: Creating a Mobile Service 6 The Universe of Mobile Operating Systems 12 About Time and Space 12 Lost in Space 14 Conceptional Design For Mobile 14 Capturing The Idea 16 Designing User Experience 22 Android 22 The Ecosystem 24 Prerequisites 25 Implementation 28 Testing 30 Building 30 Signing 31 Distribution 32 Monetization 34 BlackBerry Java Apps 34 The Ecosystem 35 Prerequisites 36 Implementation 38 Testing 39 Signing 39 Distribution 40 Learn More 42 BlackBerry 10 42 The Ecosystem 43 Development 51 Testing 51 Signing 52 Distribution 54 iOS 54 The Ecosystem 55 Technology Overview 57 Testing & Debugging 59 Learn More 62 Java ME (J2ME) 62 The Ecosystem 63 Prerequisites 64 Implementation 67 Testing 68 Porting 70 Signing 71 Distribution 72 Learn More 4 75 Windows Phone 75 The Ecosystem 76 Implementation 82 Testing
    [Show full text]
  • Chapter 1. the Freemium Business Model
    CHAPTER The Freemium Business Model 1 Commerce at a price point of $0 All business models are malleable thought structures, meant to be adapted and decisively employed to best achieve a specific product’s or service’s goals. This being understood, and for the purposes of this book, a broad and basic formal defi- nition of the freemium business model is described as follows: The freemium business model stipulates that a product’s basic functionality be given away for free, in an environment of very low or no marginal distribution and production costs that provides the potential for massive scale, with advanced func- tionality, premium access, and other product-specific benefits available for a fee. The freemium business model is an adaptation of a fairly common distribu- tion and monetization scheme used in software since the 1980s: the feature-limited software paradigm was when consumers saw most of the fundamental core com- ponents of a product released for free, with the product’s remaining functionality (such as saving progress or printing) becoming available only upon purchase, either in a one-time payment or through recurring subscription payments. The most basic point of difference between the freemium business model— freemium being a portmanteau of free and premium—and the feature-limited model is distribution: feature-limited software products were generally distributed on physical discs, whereas freemium products are almost exclusively distributed via the Internet. So the distribution speed and ultimate reach of feature-limited products were a function of the firm’s capacity to produce and ship tangible goods; no such restrictions limit the distribution of freemium products.
    [Show full text]
  • The Use of Secrets in Marketing and Value Creation
    Bentley University Scholars @ Bentley 2019 Dissertations and Theses 2019 The Use of Secrets in Marketing and Value Creation Ivan Fedorenko Follow this and additional works at: https://scholars.bentley.edu/etd_2019 Part of the Business Administration, Management, and Operations Commons, Marketing Commons, and the Organizational Behavior and Theory Commons @Copyright 2019 Ivan Fedorenko THE USE OF SECRETS IN MARKETING AND VALUE CREATION Ivan Fedorenko A dissertation submitted in partial fulfillment of the requirements for the degree of PhD in Business 2019 Program Authorized to offer degree: Marketing ProQuest Number:13883650 All rights reserved INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if material had to be removed, a note will indicate the deletion. ProQuest 13883650 Published by ProQuest LLC ( 2019). Copyright of the Dissertation is held by the Author. All rights reserved. This work is protected against unauthorized copying under Title 17, United States Code Microform Edition © ProQuest LLC. ProQuest LLC. 789 East Eisenhower Parkway P.O. Box 1346 Ann Arbor, MI 48106 - 1346 In presenting this dissertation in partial fulfillment of the requirements for the doctoral degree at Bentley University, I agree that the Library shall make its copies freely available for inspection. I further agree that extensive copying of the dissertation is allowable only for scholarly purposes, consistent with “fair use” as prescribed in the U.S. Copyright Law. Requests for copying or reproduction of this dissertation may be referred to ProQuest Information and Learning Author Relations Team at (800) 521-0600 ext.
    [Show full text]
  • Transforming Your Saas Business
    Transforming your SaaS business A strategic guide for optimizing business performance kpmg.com/SaaS Contents 2 Executive Summary 4 Background: Evolution of an Industry 11 Business Model Dynamics: A New Way of Doing Business 18 Business Drivers: Optimizing Performance for Success 39 Leading Practices: Critical Steps for Achieving Success 44 Appendix: Strategic Drivers: Formulae and Examples Featured Industry Contributors 1 Mark Hawkins, CFO, Salesforce.com 2 Neil Williams, CFO, Intuit 2 Steve Cakebread, CFO, Yext 5 Mark Culhane, CFO, Lithium Technologies 5 Bob L. Corey, CFO, CallidusCloud 7 Ron Gill, CFO, NetSuite 8 Mark Garrett, CFO, Adobe 9 Kevin Bandy, Chief Digital Officer, Cisco 13 R. Scott Herren, CFO, Autodesk 15 Mike Kourey, CFO, Medallia 16 Matt Quinn, CTO and EVP Products & Technology, TIBCO 21 Clyde Hosein, CFO, RingCentral © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Revolutionary changes in technologies have come in waves -- it brought us the mainframe, “the client-server and the cloud. From our experience, the cloud is exciting in that it enables us to help our customers connect with their customers in a whole new way. As the pioneer in Cloud SaaS offerings, we have witnessed disruption across industries and the globe as people embrace this dramatically improved technology. In 2015, the worldwide As a CFO, the big opportunity is how best to market for SaaS software support our respective companies in these application sales will be times of innovation and disruption, pivoting to new technology models and business models $33.4 billion in order to meet the modern day expectations with projections to grow and demands of customers and investors.
    [Show full text]
  • Summary Report 2020 Awards, Winners, Comments
    Independent Tests of Anti-Virus Software Summary Report 2020 Awards, winners, comments TEST PERIOD : 2020 LANGUAGE : ENGLISH LAST REVISION : 15TH JANUARY 2021 WWW.AV-COMPARATIVES.ORG Summary Report 2020 www.av-comparatives.org Content INTRODUCTION 3 MANAGEMENT SUMMARY 5 ANNUAL AWARDS 9 PRICING 16 USER EXPERIENCE REVIEW 18 AVAST FREE ANTIVIRUS 21 AVG ANTIVIRUS FREE 24 AVIRA ANTIVIRUS PRO 27 BITDEFENDER INTERNET SECURITY 30 ESET INTERNET SECURITY 34 F-SECURE SAFE 38 G DATA INTERNET SECURITY 41 K7 TOTAL SECURITY 45 KASPERSKY INTERNET SECURITY 48 MCAFEE TOTAL PROTECTION 52 MICROSOFT DEFENDER ANTIVIRUS 55 NORTONLIFELOCK NORTON 360 DELUXE 58 PANDA FREE ANTIVIRUS 61 TOTAL AV ANTIVIRUS PRO 64 TOTAL DEFENSE ESSENTIAL ANTI-VIRUS 67 TREND MICRO INTERNET SECURITY 70 VIPRE ADVANCED SECURITY 73 FEATURELIST COMES HERE 76 COPYRIGHT AND DISCLAIMER 77 2 Summary Report 2020 www.av-comparatives.org Introduction About AV-Comparatives We are an independent test lab, providing rigorous testing of security software products. We were founded in 2004 and are based in Innsbruck, Austria. AV-Comparatives is an ISO 9001:2015 certified organisation. We received the TÜV Austria certificate for our management system for the scope: “Independent Tests of Anti-Virus Software”. http://www.av-comparatives.org/iso-certification/ AV-Comparatives is the first certified EICAR Trusted IT-Security Lab http://www.av-comparatives.org/eicar-trusted-lab/ At the end of every year, AV-Comparatives releases a Summary Report to comment on the various consumer anti-virus products tested over the course of the year, and to highlight the high-scoring products of the different tests that took place over the twelve months.
    [Show full text]
  • E-Commerce Business Models and Concepts
    CHAPTER 2 E-commerce Business Models and Concepts LEARNING OBJECTIVES After reading this chapter, you will be able to: ■■ Identify the key components of e-commerce business models. ■■ Describe the major B2C business models. ■■ Describe the major B2B business models. ■■ Understand key business concepts and strategies applicable to e-commerce. Tweet Tweet: Twitter’s Business Model witter, the social network phenomenon based on 140-character text mes- Tsages, continues in the long tradition of Internet developments that appear to spring out of nowhere and take the world by storm. Twitter provides a platform for users to express themselves by creating content and sharing it with followers, who sign up to receive “tweets.” Twitter began as a Web-based version of popular text messaging ser- vices provided by cell phone carriers. The basic idea was to marry short text messaging on cell phones with the Web © Kennedy Photography / Alamy and its ability to create social groups. You start by establishing a Twitter account online. By typing a short message called a tweet online or to a code on your cell phone (40404), you can tell your followers what you are doing, your location, or whatever else you might want to say. You are limited to 140 characters, but there is no installation required and no charge. Coming up with solid numbers for Twitter is not easy. By 2013, Twitter had an esti- mated 550 million registered users worldwide, although it is not clear how many continue to actively use the service after signing up. According to Twitter itself, it had 200 million “active” users worldwide as of July 2013.
    [Show full text]
  • Gap Analysis”
    “The research leading to these results has received funding from the European Community's Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 249025” “Gap Analysis” Deliverable number D3.2 D3.2_Mobile Game Arch_Gap Analysis-V.1.0 Version: 1.0 Last Update: 02/04/2013 Distribution Level: PU Distribution level PU = Public, RE = Restricted to a group of the specified Consortium, PP = Restricted to other program participants (including Commission Services), CO= Confidential, only for members of the Mobile GameArch Consortium (including the Commission Services) Partner Name Short Name Country JCP-CONSULT JCP FR European Game Developers Federation EGDF SW NCC SARL NCC FR NORDIC GAME RESOURCES AB NGR SW Abstract: This document seeks to identify the Gaps in the European mobile games content industry, in view to use these findings in the Recommendations paper, to be published in the last months of this project (June 2013). “The research leading to these results has received funding from the European Union's Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 288632” Mobile Game Arch Page: 2 of 95 FP7 – ICT– GA 288632 Document Identity Title: Gap Analysis Subject: Report Number: File name: D3.2_Mobile Game Arch_Gap Analysis-v.1.0 Registration Date: 2013.04.02 Last Update: 2013.04.02 Revision History No. Version Edition Author(s) Date 1 0 0 Erik Robertson (NGR) 27.02.2013 Comments: Initial version 2 0 2 Kristaps Dobrajs (JCP-C) 29.03.2013 Comments: Formatting and editing 3 1 0 Kristaps Dobrajs, Jean-Charles Point
    [Show full text]
  • Expert Report of Anindya Ghose (Replacement Copy)Ag November 1, 2016
    PUBLIC Before the UNITED STATES COPYRIGHT ROYALTY JUDGES The Library of Congress In the Matter of Docket No. 16-CRB-0003-PR (2018-2022) DETERMINATION OF RATES AND TERMS FOR MAKING AND DISTRIBUTING PHONORECORDS (PHONORECORDS III) EXPERT REPORT OF ANINDYA GHOSE (REPLACEMENT COPY)AG NOVEMBER 1, 2016 PUBLIC Table of Contents I. Assignment ..........................................................................................................................1 II. Summary of Opinions ..........................................................................................................1 III. Qualifications .......................................................................................................................2 IV. Brief Background on Permanent Downloads, Ringtones, Interactive Streaming, and Locker Services, and On Related Industry Trends ..............................................................4 A. Permanent Downloads and Ringtones .....................................................................4 B. Interactive Streaming ...............................................................................................6 C. Locker Services ........................................................................................................7 D. Related Trends in the Digital Music Industry ..........................................................9 V. Current and Proposed Mechanical Royalty Rates For Permanent Downloads, Ringtones, Interactive Streaming, and Locker Services ....................................................10
    [Show full text]
  • Differentiation Factors Between Free and Premium Among Different Cloud Computing Services
    Differentiation factors between free and premium among different cloud computing services Author: Martijn Beltman University of Twente P.O. Box 217, 7500AE Enschede The Netherlands ABSTRACT: This paper tries to give more insight in the differentiation factors between free and premium versions for consumers among various cloud computing services. The design is a comparative case study by which Spotify, MBAM, LinkedIn, DropBox, Flickr and Skype are subjected to qualitative content analysis. The product of this essay is a taxonomy formed of literature, applied to the cases. The results show that the differentiation factors are different as well as the cases. Most of the cases have multiple differentiation factors (a mix) to go premium. The theoretical implications of this paper (due to limitations) shows the need for more research for a more complete understanding. Practical implications could be the rise in awareness in the decision to go premium for consumers. Supervisor: F. Wijnhoven Keywords Versioning, Freemium, Differentiation, Cloud computing services Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. 5th IBA Bachelor Thesis Conference, July 2nd, 2015, Enschede, The Netherlands. Copyright 2015, University of Twente, The Faculty of Behavioural, Management and Social sciences. 1. INTRODUCTION (Shapiro & Varian, 1999).
    [Show full text]
  • Costly Freeware: a Systematic Analysis Of
    IET Information Security Research Article ISSN 1751-8709 Costly freeware: a systematic analysis of Received on 24th November 2017 Revised 3rd May 2018 abuse in download portals Accepted on 16th May 2018 doi: 10.1049/iet-ifs.2017.0585 www.ietdl.org Richard Rivera1,2 , Platon Kotzias1,2, Avinash Sudhodanan1, Juan Caballero1 1IMDEA Software Institute, Madrid, Spain 2Universidad Politécnica de Madrid, Madrid, Spain E-mail: [email protected] Abstract: Freeware is proprietary software that can be used free of charge. A popular vector for distributing freeware is download portals, i.e. websites that index, categorise, and host programs. Download portals can be abused to distribute potentially unwanted programs (PUP) and malware. The abuse can be due to PUP and malware authors uploading their ware, by benign freeware authors joining as affiliate publishers of pay-per-install (PPI) services and other affiliate programs, or by malicious download portal owners. The authors perform a systematic study of abuse in download portals. They build a platform to crawl download portals and apply it to download 191 K Windows freeware installers from 20 download portals. They analyse the collected installers and execute them in a sandbox to monitor their installation. They measure an overall ratio of PUP and malware between 8% (conservative estimate) and 26% (lax estimate). In 18 of the 20 download portals examined the amount of PUP and malware is below 9%. However, they also find two download portals exclusively used to distribute PPI downloaders. Finally, they detail different abusive behaviours that authors of undesirable programs use to distribute their programs through download portals.
    [Show full text]