A Lustrum of Malware Network Communication: Evolution and Insights

Lever, Chaz; Kotzias, Platon; Balzarotti, Davide; Caballero, Juan; Antonakakis, Manos

doi:10.1109/sp.2017.59

Cited by 63 publications

(40 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One important aspect when systematizing the analysis of malware is properly curating the dataset [23]. We perform the following sanity checks for each sample processed: (i) is it malware?…”

Section: B Sanity Checksmentioning

confidence: 99%

A First Look at the Crypto-Mining Malware Ecosystem

Pastrana

Suárez-Tangil

2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

Illicit crypto-mining leverages resources stolen from victims to mine cryptocurrencies on behalf of criminals. While recent works have analyzed one side of this threat, i.e.: webbrowser cryptojacking, only commercial reports have partially covered binary-based crypto-mining malware.In this paper, we conduct the largest measurement of cryptomining malware to date, analyzing approximately 4.5 million malware samples (1.2 million malicious miners), over a period of twelve years from 2007 to 2019. Our analysis pipeline applies both static and dynamic analysis to extract information from the samples, such as wallet identifiers and mining pools. Together with OSINT data, this information is used to group samples into campaigns. We then analyze publicly-available payments sent to the wallets from mining-pools as a reward for mining, and estimate profits for the different campaigns. All this together is is done in a fully automated fashion, which enables us to leverage measurement-based findings of illicit crypto-mining at scale.Our profit analysis reveals campaigns with multi-million earnings, associating over 4.4% of Monero with illicit mining. We analyze the infrastructure related with the different campaigns, showing that a high proportion of this ecosystem is supported by underground economies such as Pay-Per-Install services. We also uncover novel techniques that allow criminals to run successful campaigns.

show abstract

“…One important aspect when systematizing the analysis of malware is properly curating the dataset [23]. We perform the following sanity checks for each sample processed: (i) is it malware?…”

Section: B Sanity Checksmentioning

confidence: 99%

A First Look at the Crypto-Mining Malware Ecosystem

Pastrana

Suárez-Tangil

2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…In effect, the code became longer and more complicated for analysis. The longest observed Locky first stage code has a length slightly more than 1 Megabyte -exactly 1064661 bytes 2 . The code presented in the Fig.…”

Section: Locky Case Studymentioning

confidence: 99%

“…In the most cases the second stage code is hosted on web servers (sites hacked without the knowledge of their owners). The more detailed description of attack techniqes used nowadays can be found in [1] [2]. Some of them are also discussed with a QNAP NAS vulnerability case study presented in [3].…”

Section: Introductionmentioning

confidence: 99%

The impact of malware evolution on the analysis methods and infrastructure

Cabaj

Gawkowski

Grochowski

et al. 2017

Proceedings of the 2017 Federated Conference on Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-The huge number of malware introduced each day demands methods and tools for their automated analyses. Complex and distributed infrastructure of malicious software and new sophisticated techniques used to obstruct the analyses are discussed in the paper based on real-life malware evolution observed for a long time. Their impact on both toolsets and methods are presented based on practical development of systems for malware analyses and new features for existing tools.

show abstract

“…Similarly, AndroidLeaks [38] uses data-flow analysis to evaluate Android applications for leaks of private information; they verified leaks in 2,342 applications. Lever et al show in a longitudinal study of malware [53] that analysis of network traffic is a key factor to early detection.…”

Section: Privacy Leaks In Other Platformsmentioning

confidence: 99%

“…Thus, this approach builds on a fundamental invariant of tracking and user privacy violation. Furthermore, long term studies of malware have highlighted network activity as a particularly effective medium for detecting malicious activity [53]. I model features that are intrinsic to the network traffic generated by trackers to distinguish malicious from benign traffic.…”

Section: Introductionmentioning

confidence: 99%

Measurement and detection of security properties of client-side web applications

Weissbacher¹

View full text Add to dashboard Cite

A Lustrum of Malware Network Communication: Evolution and Insights

Cited by 63 publications

References 30 publications

A First Look at the Crypto-Mining Malware Ecosystem

A First Look at the Crypto-Mining Malware Ecosystem

The impact of malware evolution on the analysis methods and infrastructure

Measurement and detection of security properties of client-side web applications

Contact Info

Product

Resources

About