Large Scale Studies: Malware Needles in a Haystack

  • Giovanni Bertão Unicamp
  • Marcus Botacin UFPR
  • André Grégio UFPR
  • Paulo Lício de Geus Unicamp

Resumo


Malware overview reports are valuable information to understand threats behavior and develop proper countermeasures. Currently, most of these studies are focused on either fine-grained, individual sample analysis or coarse-grained landscapes. On the one hand, only the first allows professionals to handle specific security breaches. On the other hand, only the second allows understanding threat scenario as a whole. We claim a complete security treatment is only possible when combining both approaches. Therefore, in this work, we present an analysis of a large malware dataset, showing the distinctions between coarse-grained and fine-grained analysis results. We present both a general threat scenario based on coarse-grained results as well as we detail our fine-grained results to identify particular malicious constructions to antecipate incident response of future threats.

Referências

Avast (2016). Andromeda under the microscope. [link].

Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., and Kruegel, C. (2009). A view on current malware behaviors. In USENIX LEET.

BBC (2017). Ransomware attacks around the world grow by 50 [link].

Botacin, M., Grégio, A., and de Geus, P. (2015). Uma visão geral do malware ativo no espaço nacional da internet entre 2012 e 2015. [link].

Botacin, M. F., de Geus, P. L., and Grégio, A. R. A. (2017). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques.

Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Veen, V. v. d., and Platzer, C. (2014). Andrubis – 1,000,000 apps later: A view on current android malware behaviors. In BADGERS ’14. IEEE.

Microsoft (2007). The .default user is not the default user. [link].

Rossow, C., Dietrich, C., and Bos, H. (2013). Large-scale analysis of malware downloaders. In DIMVA.

Sikorski, M. and Honig, A. (2012). Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco, CA, USA, 1st edition.

TrendMicro (2017). Erebus linux ransomware: Impact to servers and countermeasures. [link].
Publicado
25/10/2018
BERTÃO, Giovanni; BOTACIN, Marcus; GRÉGIO, André; GEUS, Paulo Lício de. Large Scale Studies: Malware Needles in a Haystack. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 18. , 2018, Natal. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2018 . p. 203-212. DOI: https://doi.org/10.5753/sbseg_estendido.2018.4159.