Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Visual-similarity-based phishing detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Botzilla: detecting the "phoning home" of malicious software
Proceedings of the 2010 ACM Symposium on Applied Computing
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
SURF: speeded up robust features
ECCV'06 Proceedings of the 9th European conference on Computer Vision - Volume Part I
Banksafe information stealer detection inside the web browser
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
"Bankers" are special types of malware whose targets are Internet banking users, mainly to obtain their credentials. Banker infections cause losses of billions of dollars worldwide. Thus, better understanding and detection of bankers is required. Due to their interactive nature, obtaining bankers' behaviors can be a difficult task for current dynamic analyzers. Also, existing tools specially crafted to detect bankers are usually limited to a specific type. In this article, we propose BanDIT, a dynamic analysis system that identifies behavior related to bankers combining visual analysis, network traffic pattern matching and filesystem monitoring. We analyzed over 1,500 malware samples to identify those whose target were online banks and reported the compromised IP and e-mail addresses found. We present an evaluation of their behavior and show that BanDIT was able to identify 98.8% of bankers in a manually labeled banker samples set.