Abstract
In this paper, we present a wrap up of the malware analysis done during the last four years. We have developed a platform that includes tools for capturing malware, running code in a controlled environment, and analyzing its interactions with external entities. The platform enables us to capture malware samples, classify them and observe their communication behavior in a protected environment in a way that the malware does not perform any harmful activity. We report on some statistics on the captured malware and provide an example of an analysis session with the Mwna tool.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Berger-Sabbatel, G., Korczyński, M., Duda, A.: Architecture of a Platform for Malware Analysis and Confinement. In: Proceedings of the MCSS 2010: Multimedia Communications, Services and Security, Cracow, Poland (June 2010)
Berger-Sabbatel, G., Duda, A.: Analysis of Malware Network Activity. In: Dziech, A., Czyżewski, A. (eds.) MCSS 2011. CCIS, vol. 149, pp. 207–215. Springer, Heidelberg (2011)
Berger-Sabbatel, G., Duda, A.: Classification of Malware Network Activity. In: Dziech, A., Czyżewski, A. (eds.) MCSS 2012. CCIS, vol. 287, pp. 24–35. Springer, Heidelberg (2012)
Korczyński, M., Berger-Sabbatel, G., Duda, A.: Two Methods for Detecting Malware. In: Dziech, A., Czyżewski, A. (eds.) MCSS 2013. CCIS, vol. 368, pp. 95–106. Springer, Heidelberg (2013)
Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots 2007, p. 4. USENIX Association, Berkeley (2007)
Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: Nature, dynamics, and defense implications. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 196–206. ACM, New York (2011)
Invernizzi, L., Benvenuti, S., Comparetti, P.M., Kruegel, C., Vigna, G.: EVILSEED: A Guided Approach to Finding Malicious Web Pages. In: Proceedings of the 33th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA (May 2012)
Steggink, M., Idziejczak, I.: Detection of peer-to-peer botnets. Research report for system and network engineering, University of Amsterdam, The Netherlands (2008), http://work6.delaat.net/rp/2007-2008/p22/report.pdf
Caglayan, A., Toothaker, M., Drapaeau, D., Burke, D., Eaton, G.: Behavioral analysis of fast flux service networks. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW 2009, pp. 48:1–48:4. ACM, New York (2009)
Nazario, J., Holz, T.: As the net churns: Fast-flux botnet observations. In: 3rd International Conference on Malicious and Unwanted Software, pp. 24–31 (October 2008)
Zhuge, J., Holz, T., Han, X., Guo, J., Zou, W.: Characterizing the irc-based botnet phenomenon. Technical report, Department for Mathematics and Computer Science, University of Mannheim; TR-2007-010 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Berger-Sabbatel, G., Duda, A. (2014). Four Years of Botnet Hunting: An Assessment. In: Dziech, A., Czyżewski, A. (eds) Multimedia Communications, Services and Security. MCSS 2014. Communications in Computer and Information Science, vol 429. Springer, Cham. https://doi.org/10.1007/978-3-319-07569-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-07569-3_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07568-6
Online ISBN: 978-3-319-07569-3
eBook Packages: Computer ScienceComputer Science (R0)