References
- Empirical study of drive-by-download spyware. http://cisr.nps.navy.mil/downloads/06paper_spyware.pdf
- N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, "The ghost in the browser analysis of web-based malware", HotBots'07, pages 4-10, 2007
- Sina dloader class activex control's downloadandinstall' method arbirary file download vulnerability, http://www.securityfocus.com/bid/30223/info
- MS IE daxctle.ocx KeyFrame 메소드 힙 오버플로우 취약점 분석 보고서, http://pds.nprotect.co.kr/pds/virusinfo_img/INCA_Alert%5BMS_IE_daxctle.ocx_KeyFrame_Method_Heap_Overflow%5D.pdf
- ActiveX 취약성 공격시의 Unicode Shellcode, http://hkpco.kr/paper/ActiveX_Shellcode.pdf
- W.G.J. Halfond and A. Orso, "Amnesia: analysis and monitoring for neutralizing sql-injection attacks", Proceedings of the 20th IEEE/ACM international Conference on Automated software engineeringm, page 174-183, 2005
- S. Bandhakavi, P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan, "Candid: preventing sql injection attacks using dynamic candidate evaluations", In CCS' 07: Proceedings of the 14th ACM conference on Computer and communications security, pages 12-24, 2007
- MS Internet Explorer (IFRAME Tag) Buffer Overflow Exploit, http://milw0rm.com/exploits/612