Industry's first scalable, automated, virtual machine-based client-side honeypot, which is capable of detecting malicious websites attempting to
exploit unknown (also called �zero-day�) browser vulnerabilities. The HoneyMonkey system is used by the Microsoft Windows group as a primary method for
catching zero-day exploits so that those vulnerabilities can be quickly patched to protect web users. Also the first to demonstrate that search engines
could become a major infection vector. With broad coverage from technical press of our findings, all major search engines are now using HoneyMonkey-like
technologies to screen their search results and the safety of using search engines has been significantly improved.
The tool was released here and has been used by many trademark domain owners to identify cybersquatters.
The first to shed light on the cybersquatters� practice in serving adult ads harmful to minors on typo-squatting domains of children�s websites.
By using traffic correlation analysis to expose those major domain-parking companies who were profiting from typo-squatting,
by using interviews with the WashingtonPost and other technical press to create public pressure on those companies, and
by releasing the URL Tracer tool to enable brand-name owners to patrol their own typo-domains, we helped eradicate the questionable practice
and make the Web safer.
Proposed a �Follow the Money� approach to detecting large-scale search spammers who are corrupting the Web with junk content and websites in order to promote their links to spam content into top search results (see Feb 2007 NDSS paper, May 2007 WWW paper, and June 2007 ICAC paper)
The first to use redirection analysis to illuminate the dark side of search engine optimization, also known as search spamming.
In 2006, all major search engines were attacked by web spammers who started using dynamic redirection techniques to defeat the conventional anti-spam
techniques based solely on static analysis of links and page content. The search quality of queries with commercial intent was degrading to the point
of being almost unusable. We were the first to analyze the business structure of the search-spam industry and discover that it was shaped like a
�double-funnel� and so the most effective way of disrupting that industry was to attack the bottleneck of the funnel.
He transferred his redirection-based spam-detection technique to Microsoft�s search engine and demonstrated a 30% redirection in overall spam
� by far the single most effective technique in spam reduction. He used an interview with the New York Times to educate search users and the industry
and to put pressure on those legitimate Internet Service Providers and advertising syndicators who were helping the spammers hide their tracks.
This work contributed significantly to keeping search results clean and making web use more productive.