HARMUR: Storing and analyzing historic data on malicious domains

Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011

Volumn , Issue , 2011, Pages 46-53

  Leita, Corrado ^a   Cova, Marco ^b  

^a SYMANTEC RESEARCH LABS   (United States)

^b UNIVERSITY OF BIRMINGHAM   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

CONTEXTUAL INFORMATION; DATA SETS; DESIGN DECISIONS; DRIVE-BY DOWNLOADS; HISTORIC DATA; HONEYPOT TECHNIQUE; TEMPORAL DIMENSIONS; TOOLS AND TECHNIQUES;

WORLD WIDE WEB;

USER INTERFACES;

EID: 79958726067     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1978672.1978678     Document Type: Conference Paper

References (26)

1. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The Nepenthes Platform: An Efficient Approach to Collect Malware. In 9th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2006.
2. Caida Project. Conficker/Conflicker/Downadup as seen from the UCSD Network Telescope.
3. M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the 19th international conference on World wide web, pages 281-290. ACM, 2010.
4. M. Cova, C. Leita, O. Thonnard, A. Keromytis, and M. Dacier. An analysis of rogue av campaigns. In Proc. of the 13th International Symposium on Intrusion Detection (RAID 2010), September 2010.
5. S. Ford, M. Cova, C. Kruegel, and G. Vigna. Analyzing and Detecting Malicious FlashAdvertisements. In Proceedings of the 25th Annual Computer Security Applications Conference, 2009.
6. P. Kijewski, C. Overes, and R. Spoor. The HoneySpider Network - fighting client-side threats. In FIRST Annual Conference, 2008.
7. C. Leita and M. Dacier. SGNET: a worldwide deployable framework to support the analysis of malware threat models. In 7th European Dependable Computing Conference (EDCC 2008), May 2008.
8. K. McGrath and M. Gupta. Behind Phishing: An Examination of Phisher Modi Operandi. In Proc. of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2008.
9. A. Moshchuk, T. Bragin, D. Deville, S. D. Gribble, and H. M. Levy. Spyproxy: Execution-based detection of malicious web content. In Proceeding of the 16th USENIX Security Symposium, 2007.
10. J. Nazario. Phoneyc: A virtual client honeypot. In Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, page 6. USENIX Association, 2009.
11. H. O'Dea. The Modern Rogue - Malware With a Face. In Proc. of the Virus Bulletin Conference, 2009.
12. V.-H. Pham, M. Dacier, G. Urvoy Keller, and T. En Najjary. The quest for multi-headed worms. In DIMVA 2008, 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 10-11th, 2008, Paris, France, Jul 2008.
13. G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks. In ACM Sigops EuroSys, 2006.
14. N. Provos. Spybye, http://www.monkey.org/~provos/spybye.
15. N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose. All Your iFRAMEs Point to Us. In Proc. of the USENIX Security Symposium, 2008.
16. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser. analysis of web-based malware. In First Workshop on Hot Topics in Understanding Botnets (HotBots 07). Google, Inc, 2007.
17. C. Seifert, I. Welch, and P. Komisarczuk. HoneyC-The Low-Interaction Client Honeypot. NZCSRCS, Hamilton, 2007, http://www.mcs.vuw.ac.nz/cseifert/ blog/images/seiferrt-honeyc.pdf 2006.
18. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your Botnet is My Botnet: Analysis of a Botnet Takeover. In Proc. of the ACM Conference on Computer and Communications Security, 2009.
19. B. Stone-Gross, A. Moser, C. Kruegel, K. Almaroth, and E. Kirda. FIRE: FInding Rogue nEtworks. In 25th Annual Computer Security Applications Conference (ACSAC), December 2009.
20. Symantec. The trojan.hydraq incident, http://www.symantec.com/connect/ blogs/trojanhydraq-incident.
21. The Honeynet Project. Home page of Capture-HPC, https://projects. honeynet.org/capture-hpc.
22. The Honeynet Project. Know your enemy: Fast-flux service networks, http://www.honeynet.org/book/export/html/130.
23. The MITRE Honeyclient Project Team. HoneyClient, http://www.honeyclient. org.
24. The WOMBAT FP7 project. Second WOMBAT workshop proceedings, http://wombat-project.eu/2010/02/wombat-deliverable-d10d63-seco.html.
25. VU Amsterdam. Shelia, http://www.cs.vu.nl/~herbertb/misc/shelia/.
26. Y. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King. Automated web patrol with strider honeymonkeys. In Proceedings of the 2006 Network and Distributed System Security Symposium, pages 35-49, 2006.