DGAs and cyber-criminals: a case study

From Botnets.fr
Revision as of 22:58, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " damballa.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

DGAs and cyber-criminals: a case study
Dambala dga zeus3.png
Botnet ZeuS, ZeuS - P2P+DGA
Malware
Botnet/malware group
Exploit kits Sakura, Blackhole
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol P2P
Date /
Editor/Conference Damballa
Link http://www.damballa.com/downloads/r pubs/RN DGAs-and-Cyber-Criminals-A-Case-Study.pdf (pdf) ((pdf) Archive copy)
Author Manos Antonakakis, Jeremy Demar, Christopher Elisan, John Jerrim
Type

Abstract

In recent years, Domain Generation Algorithms (DGAs) have evolved from a proof-of-concept technique, capable of bypassing legacy static reputation systems (e.g. Domain Blacklists), into full-featured stealth modules embedded within an increasing number of advanced and evasive commercial crimeware toolkits today. DGAs are also referred to as a form of “domain fluxing.”

This case study details how Damballa Labs uncovered criminal DGA activity long before the malware using the DGA technique was ever identified by the security community. This discovery was accomplished using patent-pending machine learning technology and years of passive DNS data collection and analysis. In addition, this case study describes how Damballa Labs, starting only with the identified DGA behavior, tied the DGA behavior to the criminal command-and-control (C&C) infrastructure and then to the malware, infection vectors and campaigns. The identified malware is a ZeuS version 3 variant that uses peer-to-peer as its primary C&C channel and only resorts to the DGAgenerated domains if it fails

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permittedBFR790,
   editor = {Damballa},
   author = {Manos Antonakakis, Jeremy Demar, Christopher Elisan, John Jerrim},
   title = {DGAs and cyber-criminals: a case study},
   date = {24},
   month = Apr,
   year = {},
   howpublished = {\url{http://www.damballa.com/downloads/r_pubs/RN_DGAs-and-Cyber-Criminals-A-Case-Study.pdf (pdf)}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=DGAs_and_cyber-criminals:_a_case_study&oldid=5904"