Difference between revisions of "Malware pandemics"
m (1 revision imported) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
| | |Botnet=Conficker, IKee.B (botnet), | ||
|Malware=Conficker (bot), IKee.B, | |||
|Year=2010 | |||
|Date=2010-09-01 | |||
| | |||
| | |||
|Date= | |||
|Editor=Office of Naval Research | |Editor=Office of Naval Research | ||
| | |Link=http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA531166 | ||
| | |Author=Philip Porras, Hassen Saidi, Vinod Yegneswaran, | ||
|Abstract=This final technical report summarizes the research activities and technical results produced by SHI | |Abstract=This final technical report summarizes the research activities and technical results produced by SHI International for the ONR research project. The key objective of this project is to develop a principled approach toward understanding the structural and dynamic properties of large-scale malware pandemics in the Internet. In particular, there is an emphasis on studying the structural properties | ||
International for the ONR research project. The key objective of this project is to develop a principled approach toward understanding the structural and dynamic properties of large-scale malware | |||
pandemics in the Internet. In particular, there is an emphasis on studying the structural properties | |||
(network address translation (NATs), proxies, dynamic host configuration protocol DHCP effects) | (network address translation (NATs), proxies, dynamic host configuration protocol DHCP effects) | ||
and dynamic properties (pandemic evolution), and how these properties evolve during the different | and dynamic properties (pandemic evolution), and how these properties evolve during the different | ||
| Line 28: | Line 21: | ||
latest offerings in smartphone malware. and its implications demonstrate the potential extension of | latest offerings in smartphone malware. and its implications demonstrate the potential extension of | ||
crimeware to this valuable new frontier of handheld consumer devices. | crimeware to this valuable new frontier of handheld consumer devices. | ||
| | |Document= | ||
| | |Licence= | ||
|Video= | |||
|NomRevue=Office of Naval Research Final Report for 2010 | |||
|Page= | |||
}} | }} | ||
Latest revision as of 16:35, 31 July 2015
(Publication) Google search: [1]
| Malware pandemics | |
|---|---|
| Botnet | Conficker, IKee.B (botnet) |
| Malware | Conficker (bot), IKee.B |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2010 / 2010-09-01 |
| Editor/Conference | Office of Naval Research |
| Link | http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA531166 (Archive copy) |
| Author | Philip Porras, Hassen Saidi, Vinod Yegneswaran |
| Type | |
Abstract
“ This final technical report summarizes the research activities and technical results produced by SHI International for the ONR research project. The key objective of this project is to develop a principled approach toward understanding the structural and dynamic properties of large-scale malware pandemics in the Internet. In particular, there is an emphasis on studying the structural properties
(network address translation (NATs), proxies, dynamic host configuration protocol DHCP effects) and dynamic properties (pandemic evolution), and how these properties evolve during the different phases of a malware life cycle. We conducted an in-depth reverse engineering of the peer-to-peer (P2P) protocol of Conficker and published this in the form of a web report [28]. Our efforts toward developing now techniques for tracking the structural properties of the Conficker population (sucfa as percent of NAT and DHCP hosts) and building epidemic models for predicting the long-term influence of worms such as Conficker are detailed in this report. We also conducted an in-depth analysis of the iKee.B (dull) Apple iPhone bot client, captured on November 25, 2009. This mobile botnet was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. Our report details the logic and function of iKee's scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings in smartphone malware. and its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR835,
editor = {Office of Naval Research},
author = {Philip Porras, Hassen Saidi, Vinod Yegneswaran},
title = {Malware pandemics},
date = {01},
month = Sep,
year = {2010},
howpublished = {\url{http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA531166}},
}