DeepAI AI Chat
Log In Sign Up

Marked for Disruption: Tracing the Evolution of Malware Delivery Operations Targeted for Takedown

by   Colin C. Ife, et al.

The malware and botnet phenomenon is among the most significant threats to cybersecurity today. Consequently, law enforcement agencies, security companies, and researchers are constantly seeking to disrupt these malicious operations through so-called takedown counter-operations. Unfortunately, the success of these takedowns is mixed. Furthermore, very little is understood as to how botnets and malware delivery operations respond to takedown attempts. We present a comprehensive study of three malware delivery operations that were targeted for takedown in 2015-16 using global download metadata provided by a major security company. In summary, we found that: (1) Distributed delivery architectures were commonly used, indicating the need for better security hygiene and coordination by the (ab)used service providers. (2) A minority of malware binaries were responsible for the majority of download activity, suggesting that detecting these "super binaries" would yield the most benefit to the security community. (3) The malware operations exhibited displacing and defiant behaviours following their respective takedown attempts. We argue that these "predictable" behaviours could be factored into future takedown strategies. (4) The malware operations also exhibited previously undocumented behaviours, such as Dridex dropping competing brands of malware, or Dorkbot and Upatre heavily relying on upstream dropper malware. These "unpredictable" behaviours indicate the need for researchers to use better threat-monitoring techniques.


page 1

page 2

page 3

page 4


Devising Malware Characterstics using Transformers

With the increasing number of cybersecurity threats, it becomes more dif...

Malware Detection and Prevention using Artificial Intelligence Techniques

With the rapid technological advancement, security has become a major is...

Comparative Review of Malware Analysis Methodologies

To fight against the evolution of malware and its development, the speci...

First Step Towards Modeling Unbreakable Malware

Currently, the construction of concealed malicious code has become a tre...

Word Embedding Techniques for Malware Evolution Detection

Malware detection is a critical aspect of information security. One diff...

Sequential Embedding-based Attentive (SEA) classifier for malware classification

The tremendous growth in smart devices has uplifted several security thr...

Analyzing "Not-a-Virus" Bundled Adware: The Wajam Case

Case studies on malicious code mostly focus on botnets and worms (recent...