Automatically identifying trigger-based behavior in malware

Advances in Information Security

Volumn 36, Issue , 2008, Pages 65-88

  Brumley, David ^a   Hartwig, Cody ^a   Liang, Zhenkai ^a   Newsome, James ^a   Song, Dawn ^a   Yin, Heng ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84882738195     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-68768-1_4     Document Type: Article

References (29)

1. Blazingtools perfect keylogger. http://www.blazingtools.com/bpk.html.
2. QEMU. http://www.qemu.org.
3. Tribal flood network. http://www.cert.org/incident_notes/IN-99-07.html.
4. David Brumley, Cody Hartwig, Min Gyang Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, Dawn Song, and Heng Yin. Automatically dissecting malicious binaries. Technical Report CMU-CS-07-133, 2007.
5. David Brumley and James Newsome. Alias analysis for assembly. Technical Report CMU-CS-06-180, Carnegie Mellon University School of Computer Science, 2006.
6. Cristian Cadar, Vijay Ganesh, Peter Pawlowski, David Dill, and Dawson Engler. EXE: A system for automatically generating inputs of death using symbolic execution. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), October 2006.
7. Edmund Clarke, Daniel Kroening, and Flavio Lerda. A tool for checking ANSI-C programs. In Kurt Jensen and Andreas Podelski, editors, Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004), volume 2988 of Lecture Notes in Computer Science, pages 168-176. Springer, 2004.
8. Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. Temporal search: Detecting hidden malware time bombs with virtual machines. In Proceedings of the Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XII), October 2006.
9. Tony Lee Peter Ferrie. Win32.Netsky.C. http://www.symantec.com/security_response/writeup.jsp?docid=2004-022417%-4628-99.
10. C. Flanagan and J.B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In Proceedings of the 28th ACM Symposium on the Principles of Programming Languages (POPL), 2001.
11. Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Estended static checking for java. In ACM Conference on the Programming Language Design and Implementation (PLDI), 2002.
12. Vijay Ganesh and David Dill. STP: A decision procedure for bitvectors and arrays. http://theory.stanford.edu/vganesh/stp.html.
13. Gettis. W32.Mydoom.B@mm. http://www.symantec.com/security_response/writeup.jsp?docid=2004-022011%-2447-99.
14. Patrice Godefroid, Nils Klarlund, and Koushik Sen. DART: Directed automated random testing. In Proc. of the 2005 Programming Language Design and Implementation Conference (PLDI), 2005.
15. Ha. Keylogger.Stawin. http://www.symantec.com/security_response/writeup.jsp?docid=2004-012915%-2315-99.
16. . Neal Hindocha. Win32.Netsky.D. http://www.symantec.com/security_response/writeup.jsp?docid=2004-030110%-0232-99.
17. James King. Symbolic execution and program testing. Communications of the ACM, 19:386-394, 1976.
18. McAfee. W97M/Opey.C. http://vil.nai.com/vil/content/v_10290.htm.
19. Andreas Moser, Christopher Kruegel, and Engin Kirda. Exploring multiple execution paths for malware analysis. In IEEE Symposium on Security and Privacy. IEEE Press, 2007.
20. James Newsome, David Brumley, Jason Franklin, and Dawn Song. Replayer: Automatic protocol replay by binary analysis. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), October 2006.
21. Benjamin C Pierce. Types and Programming Languages. The MIT Press, 2002.
22. Koushik Sen, Darko Marinov, and Gul Agha. CUTE: A concolic unit testing engine for c. In ACM SIGSOFT Sympsoium on the Foundations of Software Engineering, 2005.
23. Symantec. Spyware.e2give. http://www.symantec.com/securityresponse/writeup.jsp?docid=2004-102614-1006-99.
24. Symantec. Xeram.1664. http://www.symantec.com/security_response/writeup.jsp?docid=2000-121913-2839-99.
25. United States Department of Justice Press Release. Former computer network administrator at new jersey high-tech firm sentenced to 41 months for unleashing $10 million computer "time bomb". http://www.usdoj.gov/criminal/cybercrime/lloydSent.htm.
26. United States Department of Justice Press Release. Former lance, inc. employee sentenced to 24 months and ordered to pay $194,609 restitution in computer fraud case. http://www.usdoj.gov/criminal/cybercrime/SullivanSent.htm.
27. United States Department of Justice Press Release. Former technology manager sentenced to a year in prison for computer hacking offense. http://www.usdoj.gov/criminal/cybercrime/sheaSent.htm.
28. Yichen Xie and Alex Aiken. Context- and path-sensitive memory leak detection. ACM SIGSOFT Software Engineering Notes, 30, 2005.
29. Junfeng Yang, Can Sar, Paul Twohey, Cristian Cadar, and Dawson Engler. Automatically generating malicious disks using symbolic execution. In IEEE Symposium on Security and Privacy, 2006.