Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Stivala, Giada, De Stefano, Gianluca, Mengascini, Andrea, Graziano, Mariano, Pellegrino, Giancarlo
Format: Preprint
Veröffentlicht: 2024
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2408.06133
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866917746589040640
author Stivala, Giada
De Stefano, Gianluca
Mengascini, Andrea
Graziano, Mariano
Pellegrino, Giancarlo
author_facet Stivala, Giada
De Stefano, Gianluca
Mengascini, Andrea
Graziano, Mariano
Pellegrino, Giancarlo
contents Clickbait PDFs, an entry point for multiple Web attacks, are distributed via SEO poisoning and rank high in search results due to being massively uploaded on abused or compromised websites. The central role of these hosts in the distribution of clickbait PDFs remains understudied, and it is unclear whether attackers differentiate the types of hosting for PDF uploads, how long they rely on hosts, and how affected parties respond to abuse. To address this, we conducted real-time analyses on hosts, collecting data on 4,648,939 clickbait PDFs served by 177,835 hosts over 17 months. Our results revealed a diverse infrastructure, with hosts falling into three main hosting types. We also identified at scale the presence of eight software components which facilitate file uploads and which are likely exploited for clickbait PDF distribution. We contact affected parties to report the misuse of their resources via a large-scale vulnerability notification. While we observed some effectiveness in terms of number of cleaned-up PDFs following the notification, long-term improvement in this infrastructure remained insignificant. This finding raises questions about the hosting providers' role in combating abuse and the actual impact of vulnerability notifications.
format Preprint
id arxiv_https___arxiv_org_abs_2408_06133
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns
Stivala, Giada
De Stefano, Gianluca
Mengascini, Andrea
Graziano, Mariano
Pellegrino, Giancarlo
Cryptography and Security
Clickbait PDFs, an entry point for multiple Web attacks, are distributed via SEO poisoning and rank high in search results due to being massively uploaded on abused or compromised websites. The central role of these hosts in the distribution of clickbait PDFs remains understudied, and it is unclear whether attackers differentiate the types of hosting for PDF uploads, how long they rely on hosts, and how affected parties respond to abuse. To address this, we conducted real-time analyses on hosts, collecting data on 4,648,939 clickbait PDFs served by 177,835 hosts over 17 months. Our results revealed a diverse infrastructure, with hosts falling into three main hosting types. We also identified at scale the presence of eight software components which facilitate file uploads and which are likely exploited for clickbait PDF distribution. We contact affected parties to report the misuse of their resources via a large-scale vulnerability notification. While we observed some effectiveness in terms of number of cleaned-up PDFs following the notification, long-term improvement in this infrastructure remained insignificant. This finding raises questions about the hosting providers' role in combating abuse and the actual impact of vulnerability notifications.
title Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns
topic Cryptography and Security
url https://arxiv.org/abs/2408.06133