Driving in the cloud: An analysis of drive-by download operations and abuse reporting

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7967 LNCS, Issue , 2013, Pages 1-20

  Nappa, Antonio ^a,b   Rafique, M Zubair ^a   Caballero, Juan ^a  

^a IMDEA SOFTWARE INSTITUTE   (Spain)

^b UNIVERSIDAD POLITÉCNICA DE MADRID   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

CLOUD HOSTING; DISTRIBUTION VECTORS; DRIVE-BY DOWNLOADS; MALWARE FAMILIES; MALWARES; OPERATIONAL ANALYSIS;

INTERNET SERVICE PROVIDERS;

COMPUTER CRIME;

EID: 84881183138     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-39235-1_1     Document Type: Conference Paper

References (49)

1. Anderson, D.S., Fleizach, C., Savage, S., Voelker, G.M.: Spamscatter: Characterizing internet scam hosting infrastructure. In: USENIX Security (2007)
2. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178-197. Springer, Heidelberg (2007)
3. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS (2009)
4. Grier, C., et al.: Manufacturing compromise: The emergence of exploit-as-a-service. In: CCS (2012)
5. Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: The commoditization of malware distribution. In: USENIX Security (2011)
6. Caida. As ranking (2012), http://as-rank.caida.org
7. Canali, D., Balzarotti, D., Francillon, A.: The role of web hosting providers in detecting compromised websites. In: WWW (2013)
8. Cho, C.Y., Caballero, J., Grier, C., Paxson, V., Song, D.: Insights from the inside: A view of botnet management from infiltration. In: LEET (2010)
9. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: WWW(2010)
10. Crocker, D.: Mailbox names for common services, roles and functions. RFC 2142 (1997)
11. Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Low-overhead mostly static javascript malware detection. In: USENIX Security (2011)
12. Daigle, L.: Whois protocol specification. RFC 3912 (2004)
13. Malicia project, http://malicia-project.com/
14. Dunn, J.C.: Well-separated clusters and optimal fuzzy partitions. Journal of Cybernetics 4(1) (1974)
15. New dutch notice-and-take-down code raises questions (2008), http://www.edri.org/book/export/html/1619
16. Falk, J.: Complaint feedback loop operational recommendations. RFC 6449 (2011)
17. Falk, J., Kucherawy, M.: Creation and use of email feedback reports: An applicability statement for the abuse reporting format (arf). RFC 6650 (2012)
18. Jang, J., Brumley, D., Venkataraman, S.: Bitshred: Feature hashing malware for scalable triage and semantic analysis. In: CCS (2011)
19. John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying spamming botnets using Botlab. In: NSDI (2009)
20. Kaufman, L., Rousseeuw, P.J.: Finding Groups in Data: An Introduction to Cluster Analysis, vol. 4. Wiley-Interscience (1990)
21. Krawetz, N.: Average perceptual hash (2011), http://www.hackerfactor.com/ blog/index.php?/archives/432-Looks-Like-It.html
22. Kreibich, C., Weaver, N., Kanich, C., Cui, W., Paxson, V.: GQ: Practical containment for measuring modern malware systems. In: IMC (2011)
23. Love vps, http://www.lovevps.com/
24. Malware domain list, http://malwaredomainlist.com/
25. Morrison, T.: How hosting providers can battle fraudulent sign-ups (2012), http://www.spamhaus.org/news/article/687/how-hosting-providers-can- battle-fraudulent-sign-ups
26. Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.M.: A crawler-based study of spyware on the web. In: NDSS (2006)
27. Bfk: Passive dns replication, http://www.bfk.de/bfk-dnslogger.html
28. Ssdsandbox, http://xml.ssdsandbox.net/dnslookup-dnsdb
29. Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: NSDI (2010)
30. Perdisci, R., U, M.: Vamo: Towards a fully automated malware clustering validity analysis. In: ACSAC (2012)
31. Polychronakis, M., Mavrommatis, P., Provos, N.: Ghost turns zombie: Exploring the life cycle of web-based malware. In: LEET (2008)
32. Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: USENIX Security (2008)
33. Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser: Analysis of Web-based malware. In: HotBots (2007)
34. Cool exploit kit - a new browser exploit pack, http://malware. dontneedcoffee.com/2012/10/newcoolek.html/
35. Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108-125. Springer, Heidelberg (2008)
36. Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: BADGERS (2011)
37. Shafranovich, Y., Levine, J., Kucherawy, M.: An extensible format for email feedback reports. RFC 5965, Updated by RFC 6650 (2010)
38. Shue, C., Kalafut, A.J., Gupta, M.: Abnormally malicious autonomous systems and their internet connectivity. IEEE/ACMTransactions of Networking 20(1) (2012)
39. The spamhaus project (2012), http://www.spamhaus.org/
40. Stone-Gross, B., Christopher, K., Almeroth, K., Moser, A., Kirda, E.: Fire: Finding rogue networks. In: ACSAC (2009)
41. urlquery, http://urlquery.net/
42. Walls, R.J., Levine, B.N., Liberatore, M., Shields, C.: Effective digital forensics research is investigator-centric. In: HotSec (2011)
43. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In: NDSS (2006)
44. Wyke, J.: The zeroaccess botnet: Mining and fraud for massive financial gain (2012), http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/ zeroaccess-botnet.asp:x
45. X-arf: Network abuse reporting 2.0, http://x-arf.org/
46. Xylitol. Blackhole exploit kits update to v2.0 (2011), http://malware.dontneedcoffee.com/2012/09/blackhole2.0.html
47. Xylitol. Tracking cyber crime: Hands up affiliate (ransomware) (2011), http:// www.xylibox.com/2011/12/tracking-cyber-crime-affiliate.html
48. Zauner, C.: Implementation and benchmarking of perceptual image hash functions. Master's thesis, Upper Austria University of Applied Sciences (2010)
49. Zhang, J., Seifert, C., Stokes, J.W., Lee, W.: Arrow: Generating signatures to detect drive-by downloads. In: WWW (2011)