Malware pandemics
(Publication) Google search: [1]
| Malware pandemics | |
|---|---|
| Botnet | Conficker, IKee.B (botnet) |
| Malware | Conficker (bot), IKee.B |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2010 / 1 septembre 2010 |
| Editor/Conference | Office of Naval Research |
| Link | http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA531166 www.dtic.mil (www.dtic.mil Archive copy) |
| Author | Philip Porras, Hassen Saidi, Vinod Yegneswaran |
| Type | |
Abstract
“ This final technical report summarizes the research activities and technical results produced by SHI
International for the ONR research project. The key objective of this project is to develop a principled approach toward understanding the structural and dynamic properties of large-scale malware pandemics in the Internet. In particular, there is an emphasis on studying the structural properties (network address translation (NATs), proxies, dynamic host configuration protocol DHCP effects) and dynamic properties (pandemic evolution), and how these properties evolve during the different phases of a malware life cycle. We conducted an in-depth reverse engineering of the peer-to-peer (P2P) protocol of Conficker and published this in the form of a web report [28]. Our efforts toward developing now techniques for tracking the structural properties of the Conficker population (sucfa as percent of NAT and DHCP hosts) and building epidemic models for predicting the long-term influence of worms such as Conficker are detailed in this report. We also conducted an in-depth analysis of the iKee.B (dull) Apple iPhone bot client, captured on November 25, 2009. This mobile botnet was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. Our report details the logic and function of iKee's scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings in smartphone malware. and its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR835,
editor = {Office of Naval Research},
author = {Philip Porras, Hassen Saidi, Vinod Yegneswaran},
title = {Malware pandemics},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2010},
howpublished = {\url{http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA531166 www.dtic.mil}},
}