Measurement and Analysis of Autonomous Spreading Malware in a University Environment

Authors:
Jan Goebel;Thorsten Holz;Carsten Willems
Affiliations:
RWTH Aachen University, Center for Computing and Communication,;University of Mannheim, Laboratory for Dependable Distributed Systems,;University of Mannheim, Laboratory for Dependable Distributed Systems,
Venue:
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Year:
2007

Citing 13
Cited 1

Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Internet intrusions: global characteristics and prevalence

SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Inside the Slammer Worm

IEEE Security and Privacy
Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
A study of malware in peer-to-peer networks

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Malware prevalence in the KaZaA file-sharing network

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Measurement and analysis of spywave in a university environment

NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Toward Automated Dynamic Malware Analysis Using CWSandbox

IEEE Security and Privacy
Peer-to-peer botnets: overview and case study

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
The nepenthes platform: an efficient approach to collect malware

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Traffic characterization and internet usage in rural Africa

Proceedings of the 20th international conference companion on World wide web

Quantified Score

Hi-index	0.00

Visualization

Abstract

Autonomous spreading malware in the form of bots or worms is a constant threat in today's Internet. In the form of botnets, networks of compromised machines that can be remotely controlled by an attacker, malware can cause lots of harm. In this paper, we present a measurement setup to study the spreading and prevalence of malware that propagates autonomously. We present the results when observing about 16,000 IPs within a university environment for a period of eight weeks. We collected information about 13,4 million successful exploits and study the system- and network-level behavior of the collected 2,034 valid, unique malware binaries.