WebPatrol: Automated collection and replay of web-based malware scenarios

Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011

Volumn , Issue , 2011, Pages 186-195

  Chen, Kevin Zhijie ^a,b   Gu, Guofei ^c   Zhuge, Jianwei ^d   Nazario, Jose ^e   Han, Xinhui ^a  

^a PEKING UNIVERSITY   (China)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c TEXAS A AND M UNIVERSITY   (United States)

^d TSINGHUA UNIVERSITY   (China)

^e Arbor Networks   (United States)

Author keywords

Drive by download; Malicious script; Web based malware analysis and collection

Indexed keywords

COMPUTATION THEORY; NETWORK SECURITY; WEBSITES;

AUTOMATED COLLECTION; DRIVE-BY DOWNLOADS; MALICIOUS SCRIPT; MALWARE ANALYSIS; MALWARES; REMOTE SERVERS; WEB-BASED MALWARE; WEB-BASED MALWARE ANALYSE AND COLLECTION; WEB-CENTRIC; WEB-SITES;

MALWARE;

EID: 79956002283     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1966913.1966938     Document Type: Conference Paper

References (20)

1. Capture-HPC. https://projects.honeynet.org/capture-hpc.
2. libemu:x86 shellcode detection and emulation. http://libemu.carnivore.it/ .
3. Malzilla: Malware hunting tool. http://malzilla.sourceforge.net/.
4. Polipo:a caching web proxy. http://www.pps.jussieu.fr/-jch/software/ polipo/.
5. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The nepenthes platform: An efficient approach to collect malware. Lecture Notes in Computer Science, vol. 4219:165, 2006.
6. M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious javascript code. In Proceedings of the 19th International World Wide Web Conference, 2010.
7. CVE-2007-4105. Baidu soba remote code execute vulnerability. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4105.
8. B. Feinstein, D. Peck, and I. SecureWorks. Caffeine monkey: Automated collection, detection and analysis of malicious javascript. Black Hat USA, 2007.
9. S. Ford, M. Cova, C. Kruegel, and G. Vigna. Analyzing and detecting malicious ash advertisements. In 2009 Annual Computer Security Applications Conference, pages 363-372, 2009.
10. J. Mieres. Fragus. new botnet framework in-the-wild, 2009. http://evil-ngers.blogspot.com/2009/08/fragus-new-botnet-framework-in-wild.html.
11. J. Nazario. PhoneyC: a virtual client honeypot. In Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threat, 2009.
12. M. Polychronakis, P. Mavrommatis, and N. Provos. Ghost turns zombie: exploring the life cycle of web-based malware. In Proceedings of the 1st USENIX Workshop on Large-scale Exploits and Emergent Threats, 2008.
13. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iFRAMEs point to us. In Proceedings of the 17th USENIX Security Symposium, pages 1-15, 2008.
14. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The Ghost In The Browser. In First Workshop on Hot Topics in Understanding Botnets, 2007.
15. C. Seifert, V. Delwadia, P. Komisarczuk, D. Stirling, and I. Welch. Measurement Study on Malicious Web Servers in the. nz Domain. In Proceedings of the 14th Australasian Conference on Information Security and Privacy, page 25, 2009.
16. C. Song, J. Zhuge, X. Han, and Z. Ye. Preventing drive-by download via inter-module communication monitoring. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 124-134, 2010.
17. W3C. XMLHttpRequest. http://www.w3.org/TR/XMLHttpRequest/.
18. Y. M. Wang. Strider HoneyMonkeys: active Client-Side honeypots for finding web sites that exploit browser vulnerabilities. In Part of Works in Progress at the 14th USENIX Security Symposium, 2007.
19. J. Zhuge, T. Holz, X. Han, C. Song, and W. Zou. Collecting autonomous spreading malware using high-interaction honeypots. Lecture Notes In Computer Science, vol. 4861:438, 2007.
20. J. Zhuge, T. Holz, C. Song, J. Guo, X. Han, and W. Zou. Studying malicious websites and the underground economy on the chinese web. In Proceedings of the 7th Workshop on the Economics of Information Security, 2007.