One way we are evaluating the effectiveness of BLADE in preventing drive-by download infections is to exercise it daily against the latest real-world malicious URLs. Our testbed automatically harvests malware URLs from multiple whitehat sources on a daily basis and evaluates BLADE against potential drive-by URLs that were reported within the past 48 hours. To validate BLADE's browser and exploit independence, each URL is tested against multiple software configurations covering different browser versions and common plug-ins. System call and network traces are used to test for missed attacks (false negatives).

Each reported Malicious URL is tested against multiple browsers. For each URL we determine through several independent analyses whether no malicious exploit was launched. For those cases where a malicious drive-by exploit is launched and a binary upload is attempted, we verify that BLADE successfully alerts the user, quarantines the binary, and prevents its execution. We then analyze the binary and its exploit method to determine the exploit used and the malware binary type. The binary labels and detection rates are obtained through submissions to virustotal.com. The malware URL sites listed below were all active and serving malware through drive-by attacks on the day(s) that we tested. The virus labels are derived from one of the following AV vendors (AntiVir, Ikarus, and Kaspersky) in order. The country codes point to the location of the malware URL (landing site) and not necessarily the malware distribution site.

NOTICE: This site and the URL list are used for evaluating BLADE system performance and may be discontinued any time.