CISPA
Browse
- No file added yet -

Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns

Download (1.08 MB)

Clickbait PDFs, an entry point for multiple Web attacks, are distributed via SEO poisoning and rank high in search results due to being massively uploaded on abused or compromised websites.
The central role of these hosts in the distribution of clickbait PDFs remains understudied, and it is unclear whether attackers differentiate the types of hosting for PDF uploads, how long they rely on hosts, and how affected parties respond to abuse.

To address this, we conducted real-time analyses on hosts, collecting data on 4,648,939 clickbait PDFs served by 177,835 hosts over 17 months. Our results revealed a diverse infrastructure, with hosts falling into three main hosting types. We also identified at scale the presence of eight software components which facilitate file uploads and which are likely exploited for clickbait PDF distribution.
We contact affected parties to report the misuse of their resources via a large-scale vulnerability notification. While we observed some effectiveness in terms of number of cleaned-up PDFs following the notification, long-term improvement in this infrastructure remained insignificant.
This finding raises questions about the hosting providers' role in combating abuse and the actual impact of vulnerability notifications.

History

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

IEEE European Symposium on Security and Privacy (EuroS&P)

BibTeX

@conference{Stivala:De Stefano:Mengascini:Graziano:Pellegrino:2024, title = "Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns", author = "Stivala, Giada Martina" AND "De Stefano, Gianluca" AND "Mengascini, Andrea" AND "Graziano, Mariano" AND "Pellegrino, Giancarlo", year = 2024, month = 7 }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC