Manufacturing compromise: The emergence of exploit-as-a-service

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 821-832

  Grier, Chris ^a,d   Ballard, Lucas ^c   Caballero, Juan ^e   Chachra, Neha ^b   Dietrich, Christian J ^f   Levchenko, Kirill ^b   Mavrommatis, Panayiotis ^c   McCoy, Damon ^g   Nappa, Antonio ^e   Pitsillidis, Andreas ^b   Provos, Niels ^c   Rafique, M Zubair ^e   Rajab, Moheeb Abu ^c   Rossow, Christian ^f   Thomas, Kurt ^a   Paxson, Vern ^a,d   Savage, Stefan ^b   Voelker, Geoffrey M ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c GOOGLE INC   (United States)

^d Brown University   (Spain)

^e IMDEA SOFTWARE INSTITUTE   (Spain)

^f WESTPHALIAN UNIVERSITY OF APPLIED SCIENCES   (Germany)

^g GEORGE MASON UNIVERSITY   (United States)

Author keywords

Malware; Security

Indexed keywords

BLACK HOLES; MALWARES; PLUG-INS; REAL NETWORKS; SECURITY;

COMPUTER CRIME; DIGITAL STORAGE; WEBSITES;

SECURITY OF DATA;

EID: 84869388520     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382283     Document Type: Conference Paper

References (48)

1. D. Anderson, C. Fleizach, S. Savage, and G. Voelker. Spamscatter: Characterizing internet scam hosting infrastructure. In USENIX Security, 2007.
2. M. Bailey, J. Oberheide, J. Andersen, Z. Mao, F. Jahanian, and J. Nazario. Automated Classification and Analysis of Internet Malware. In Proceedings of the Conference on Recent Advances in Intrusion Detection, 2007.
3. U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, Behavior-Based Malware Clustering. In Network and Distributed System Security Symposium (NDSS), 2009.
4. J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring Pay-per-Install: The Commoditization of Malware Distribution. In Proceedings of USENIX Security, 2011.
5. J. Canto, M. Dacier, E. Kirda, and C. Leita. Large Scale Malware Collection: Lessons Learned. In Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems, 2008.
6. C. Y. Cho, J. Caballero, C. Grier, V. Paxson, and D. Song. Insights from the Inside: A View of Botnet Management from Infiltration. In Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 2010.
7. M. Cova, C. Kruegel, and G. Vigna. Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code. In Proceedings of the 19th International Conference on World Wide Web, 2010.
8. C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. Zozzle: Low-overhead Mostly Static JavaScript Malware Detection. In Proceedings of the Usenix Security Symposium, 2011.
9. T. Cymru. A Criminal Perpsective on Exploit Packs. http://www.team-cymru. com/ReadingRoom/Whitepapers/2011/Criminal-Perspective-On-Exploit-Packs.pdf, May 2011.
10. J. Franklin, V. Paxson, A. Perrig, and S. Savage. An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. In ACM Conference on Computer and Communications Security (CCS), 2007.
11. H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Zhao. Detecting and Characterizing Social Spam Campaigns. In Proceedings of the Internet Measurement Conference (IMC), 2010.
12. T. Holz, C. Gorecki, F. Freiling, and K. Rieck. Detection and Mitigation of Fast-Flux Service Networks. In Proceedings of the 15th Annual Network and Distributed System Security Symposium, 2008.
13. F. Howard. Exploring the Blackhole Exploit Kit. http://nakedsecurity. sophos.com/exploring-theblackhole-exploit-kit-3/, March 2012.
14. W. Huang, C. Hsiao, and N. Lin. mysql.com hacked, infecting visitors with malware. http://blog.armorize.com/2011/09/mysqlcom-hacked-infectingvisitors- with.html, September 2011.
15. L. Invernizzi, P. M. Comparetti, S. Benvenuti, C. Kruegel, M. Cova, and G. Vigna. EvilSeed: A Guided Approach to Finding Malicious Web Pages. In IEEE Symposium on Security and Privacy, 2012.
16. J. John, A. Moshchuk, S. Gribble, and A. Krishnamurthy. Studying Spamming Botnets Using Botlab. In Usenix Symposium on Networked Systems Design and Implementation (NSDI), 2009.
17. J. Jones. The State of Web Exploit Kits. BlackHat Las Vegas, July 2012.
18. L. Kharouni. SpyEye/ZeuS Toolkit v1.3.05 Beta. http://blog.trendmicro. com/spyeyezeus-toolkit-v1-3-05-beta/, January 2012.
19. C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamcraft: An Inside Look At Spam Campaign Orchestration. In USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2009.
20. C. Kreibich, N. Weaver, C. Kanich, W. Cui, and V. Paxson. GQ: Practical Containment for Measuring Modern Malware Systems. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pages 397-412. ACM, 2011.
21. K. Levchenko et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain. In IEEE Symposium on Security and Privacy, pages 431-446. IEEE, 2011.
22. L. Lu, V. Yegneswaran, P. Porras, and W. Lee. BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections. In Proc. of the ACM conference on Computer and Communications Security, 2010.
23. MalwareIntelligence. Inside Phoenix Exploit's Kit 2.8 mini version. http://malwareint.blogspot.com.es/2011/10/insidephoenix-exploits-kit-28-mini. html, October 2011.
24. Malware Domain List. http://www.malwaredomainlist.com, July 2012.
25. B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's Clicking What? Techniques and Innovations of Today's Clickbots. Detection of Intrusions and Malware, and Vulnerability Assessment, pages 164-183, 2011.
26. A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy. A crawler-based study of spyware on the web. In Proceedings of the 2006 Network and Distributed System Security Symposium (NDSS), February 2006.
27. F. Paget. An Overview of Exploit Packs. https://blogs.mcafee.com/mcafee- labs/an-overviewof-exploit-packs, 2010.
28. M. Polychronakis, P. Mavrommatis, and N. Provos. Ghost turns Zombie: Exploring the Life Cycle of Web-based Malware. In Proceedings of the 1st USENIX Workshop on Large-scale Exploits and Emergent Threats, pages 1-8. USENIX Association, 2008.
29. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All Your iFRAMEs Point to Us. In Proceedings of the 17th Usenix Security Symposium, pages 1-15, July 2008.
30. M. Rajab, L. Ballard, N. Jagpal, P. Mavrommatis, D. Nojiri, N. Provos, and L. Schmidt. Trends in Circumventing Web-Malware Detection. Technical report, Google, July 2011.
31. M. Rajab, L. Ballard, P. Mavrommatis, N. Provos, and X. Zhao. The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2010.
32. M. Rajab, F. Monrose, A. Terzis, and N. Provos. Peeking Through the Cloud: DNS-Based Estimation and Its Applications. In Applied Cryptography and Network Security, pages 21-38, 2008.
33. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov. Learning and Classification of Malware Behavior. Detection of Intrusions and Malware, and Vulnerability Assessment, pages 108-125, 2008.
34. Robert Lemos. MPack developer on automated infection kit (interview). http://www.theregister.co.uk/2007/07/23/mpack-developer-interview, July 2007.
35. C. Rossow, C. Dietrich, and H. Bos. Large-Scale Analysis of Malware Downloaders. In Proceedings of 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2012.
36. C. Rossow, C. Dietrich, H. Bos, L. Cavallaro, M. van Steen, F. Freiling, and N. Pohlmann. Sandnet: Network Traffic Analysis of Malicious Software. In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pages 78-88. ACM, 2011.
37. SellMeYourTraffic.com. http://www.sellmeyourtraffic.com, May 2012.
38. URL Query. http://urlquery.net/report.php?id=40035, May 2012.
39. B. Stone-Gross, R. Abman, R. Kemmerer, C. Kruegel, D. Steigerwald, and G. Vigna. The Underground Economy of Fake Antivirus Software. In Proceedings of the Workshop on Economics of Information Security (WEIS), 2011.
40. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your Botnet is My Botnet: Analysis of a Botnet Takeover. In Proceedings of the 16th ACM conference on Computer and communications security, pages 635-647, 2009.
41. B. Stone-Gross, T. Holz, G. Stringhini, and G. Vigna. The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2011.
42. B. Stone-Gross, R. Stevens, A. Zarras, R. Kemmerer, C. Kruegel, and G. Vigna. Understanding Fraudulent Activities in Online Ad Exchanges. In Proceedings of the Internet Measurement Conference (IMC), 2011.
43. H. Suri. The BlackHole Theory. http://www.symantec.com/connect/blogs/ blackhole-theory, February 2011.
44. K. Thomas, C. Grier, D. Song, and V. Paxson. Suspended Accounts in Retrospect: An Analysis of Twitter Spam. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, 2011.
45. Traffbiz: A new malicious twist on affiliate partnerka schemes? http://nakedsecurity.sophos.com/2012/03/01/traffbiza-new-malicious-twist-on- affiliate-partnerkaschemes/, May 2012.
46. Trustwave Spider Labs. Catch Me If You Can, Trojan Banker Strikes Again. http://blog.spiderlabs.com/2012/05/catch-meif-you-can-trojan-banker-zeus- strikes-again-part-2-of-5-1.html, May 2012.
47. Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In Proceedings of the 2006 Network and Distributed System Security Symposium (NDSS), 2006.
48. S. Yadav, A. Reddy, A. Reddy, and S. Ranjan. Detecting Algorithmically Generated Malicious Domain Names. In Proceedings of the Internet Measurement Conference (IMC), 2010.