Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Lines of Malicious Code: Insights Into the Malicious Software Industry

Presentation
View File
pdf
900KB
Paper
View File
pdf
316KB

Martina Lindorfer
Vienna University of Technology
Austria

Alessandro Di Federico
Politecnico di Milano
Italy

Federico Maggi
Politecnico di Milano
Italy

Paolo Milani Comparetti
Vienna Univeristy of Technology/Lastline Inc.
Austria

Stefano Zanero
Politecnico di Milano
Italy

Abstract:
Malicious software installed on infected computers is a fundamental component of online crime. Malware development thus plays an essential role in the underground economy of cyber-crime. Malware authors regularly update their software to defeat defenses or to support new or improved criminal business models. A large body of research has focused focused on detecting malware, defending against it and identifying its functionality. In addition to these goals, however, the analysis of malware can provide a glimpse into how the software development industry develops malicious code.

In this work, we present techniques to observe the evolution of a malware family over time. First, we develop techniques to compare versions of malicious code and quantify their differences. Furthermore, we use behavior observed from dynamic analysis to assign semantics to binary code and to identify functional components within a malware binary. By combining these techniques, we are able to monitor the evolution of a malware’s functional components. We implemnet these techniques in a system we call BEAGLE, and apply it to the observation of 16 malware strains over several months. The results of these experiments provide insight into the effort involved in updating malware code, and show that BEAGLE can identify changes to individual malware components.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC