Proceedings of the 2007 ACM workshop on Recurring malcode

WORM '07: Proceedings of the 2007 ACM workshop on Recurring malcode

November 2007

2007 Proceeding

Program Chair:
Christopher Kruegel
Technical University Vienna, Austria

Publisher:

Association for Computing Machinery
New York
NY
United States

Conference:

CCS07: 14th ACM Conference on Computer and Communications Security 2007 Alexandria Virginia USA 2 November 2007

ISBN:

978-1-59593-886-2

Published:

02 November 2007

Sponsors:

SIGSAC, ACM

Recommend ACM DL

ALREADY A SUBSCRIBER?SIGN IN

Get Alerts for this ConferenceAlerts Save to BinderBinder

Save to Binder

Create a New Binder

Name

Export CitationCitation

Share on

Next Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Bibliometrics

Citation count

582

Downloads (6 weeks)

Downloads (12 months)

287

Downloads (cumulative)

10,988

Sections

WORM '07: Proceedings of the 2007 ACM workshop on Recurring malcode

2007

Previous Next

Skip Abstract Section

Abstract

On behalf of the program committee, it is my great pleasure to present the proceedings of the 5_th ACM Workshop on Recurring Malcode (WORM). Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. Self-propagating threats, often termed worms, exploit software weaknesses, hardware limitations, Internet topology, and the open Internet communication model to compromise large numbers of networked systems. Malware is increasingly used as a beachhead to launch further malicious activities, such as installing spyware, deploying phishing servers and spam relays, or performing information espionage. Unfortunately, current operational practices still face significant challenges in containing these threats as evidenced by the rise in automated botnet networks and the continued presence of worms released years ago

This year's workshop continues the efforts of the previous years by providing a forum for exchanging ideas, increasing understanding, and relating experiences on malicious code. To this end, we invited participation from a wide range of communities, including researchers and practitioners from academia, industry, and the government. The WORM program committee received 30 paper submissions from all over the world. All submissions were carefully reviewed by at least three members of the program committee and judged on the basis of scientific novelty, importance to the field, and technical quality. The final selection took place at the program committee meeting held in Boston, USA, on August 7_th 2007. The program committee selected nine papers based on quality, focus, and the likelihood of stimulating productive discussion at the workshop. Moreover, the program committee also solicited invited talks from leading practitioners to share their perspectives

Proceeding Downloads

PDF(title page, copyright, welcome, contents, organization)

PDF(author index)

Skip Table Of Content Section

Select All

Export Citations Save to Binder

SESSION: Threats

Article

A framework for detection and measurement of phishing attacks

Sujata Garera,
Niels Provos,
Monica Chew,
Aviel D. Rubin

pp 1–8https://doi.org/10.1145/1314389.1314391

Phishing is form of identity theft that combines social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers. Often a phisher tries to lure her victim into clicking a URL pointing to a ...

- 288
- 4,738
Metrics
Total Citations288
Total Downloads4,738
Last 12 Months231
Last 6 weeks29

Abstract
Get Access

Article

A new worm exploiting IPv4-IPv6 dual-stack networks

Qinhua Zheng,
Ting Liu,
Xiaohong Guan,
Yu Qu,
Na Wang

pp 9–15https://doi.org/10.1145/1314389.1314392

It is commonly believed that the IPv6 protocol can provide good protection against network worms due to its huge address space. However, it is proved to be incorrect by our study on the new "dual-stack worm" which can spread in IPv4-IPv6 dual-stack ...

- 7
- 1,429
Metrics
Total Citations7
Total Downloads1,429
Last 12 Months5
Last 6 weeks1

Abstract
Get Access

SESSION: Worms

Article

Quorum sensing and self-stopping worms

Ryan Vogt,
John Aycock,
Michael J. Jacobson

pp 16–22https://doi.org/10.1145/1314389.1314394

Random-scanning worms can be adapted, without a complex overlay control network, to stop their scanning activity once a certain percentage of all vulnerable hosts have been infected. This modification makes a worm more difficult to detect for a ...

- 11
- 276
Metrics
Total Citations11
Total Downloads276
Last 12 Months2
Last 6 weeks0

Abstract
Get Access

Article

On the trade-off between speed and resiliency of flashworms and similar malcodes

Duc T. Ha,
Hung Q. Ngo

pp 23–30https://doi.org/10.1145/1314389.1314395

Inspired by the Flash worm paper [1], we formulate and investigate the problem of finding a fast and resilient propagation topology and propagation schedule for Flash worms and similar malcodes. Resiliency means a very large proportion of infectable ...

- 1
- 113
Metrics
Total Citations1
Total Downloads113
Last 12 Months0
Last 6 weeks0

Abstract
Get Access

SESSION: Analyzing and detecting malware

Article

Statistical signatures for fast filtering of instruction-substituting metamorphic malware

Mohamed R. Chouchane,
Andrew Walenstein,
Arun Lakhotia

pp 31–37https://doi.org/10.1145/1314389.1314397

Introducing program variations via metamorphic transformations is one of the methods used by malware authors in order to help their programs slip past defenses. A method is presented for rapidly deciding whether or not an input program is likely to be a ...

- 13
- 537
Metrics
Total Citations13
Total Downloads537
Last 12 Months1
Last 6 weeks0

Abstract
Get Access

Article

Honey@home: a new approach to large-scale threat monitoring

Spiros Antonatos,
Kostas Anagnostakis,
Evangelos Markatos

pp 38–45https://doi.org/10.1145/1314389.1314398

Honeypots have been shown to be very useful for accurately detecting attacks, including zero-day threats, at a reasonable cost and without false positives. However, there are two pressing problems with existing approaches. The first problem is that ...

- 12
- 856
Metrics
Total Citations12
Total Downloads856
Last 12 Months5
Last 6 weeks0

Abstract
Get Access

Article

Renovo: a hidden code extractor for packed executables

Min Gyung Kang,
Pongsin Poosankam,
Heng Yin

pp 46–53https://doi.org/10.1145/1314389.1314399

As reverse engineering becomes a prevalent technique to analyze malware, malware writers leverage various anti-reverse engineering techniques to hide their code. One technique commonly used is code packing as packed executables hinder code analysis. ...

- 173
- 1,100
Metrics
Total Citations173
Total Downloads1,100
Last 12 Months25
Last 6 weeks1

Abstract
Get Access

SESSION: Mobile malware

Article

On the detection and origin identification of mobile worms

Sandeep Sarat,
Andreas Terzis

pp 54–60https://doi.org/10.1145/1314389.1314401

Mobility can be exploited to spread malware among wireless nodes moving across network domains. Because such mobile worms spread across domains by exploiting the physical movement of mobile nodes, they cannot be contained by existing defenses. In this ...

- 5
- 463
Metrics
Total Citations5
Total Downloads463
Last 12 Months1
Last 6 weeks0

Abstract
Get Access

Article

Can you infect me now?: malware propagation in mobile phone networks

Chris Fleizach,
Michael Liljenstam,
Per Johansson,
Geoffrey M. Voelker,
Andras Mehes

pp 61–68https://doi.org/10.1145/1314389.1314402

In this paper we evaluate the effects of malware propagating usingcommunication services in mobile phone networks. Although self-propagating malware is well understood in the Internet, mobile phone networks have very different characteristics in terms ...

- 71
- 1,453
Metrics
Total Citations71
Total Downloads1,453
Last 12 Months17
Last 6 weeks3

Abstract
Get Access

Cited By

Pham K, Chen G, Wei S, Shen D, Ge L, Yu W, Blasch E, Pham K and Chen G (2015). Secured network sensor-based defense system SPIE Defense + Security, 10.1117/12.2179282, , (946909), Online publication date: 22-May-2015.

Save to Binder

Create a New Binder

Name

Contributors

Christopher Kruegel
University of California, Santa Barbara
- Publication Years2001 - 2023
- Publication counts189
- Citation count8,988
- Available for Download91
- Downloads (cumulative)119,211
- Downloads (12 months)14,202
- Downloads (6 weeks)1,819
- Average Downloads per Article1,310
- Average Citation per Article48
View Full Profile

Proceedings of the 2007 ACM workshop on Recurring malcode
1. Social and professional topics
  1. Computing / technology policy

Recommendations

WORM '06: Proceedings of the 4th ACM workshop on Recurring malcode
Read More
WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode
Read More
WiSE '02: Proceedings of the 1st ACM workshop on Wireless security
Read More

Comments

Export Citations

Select Citation format

Please download or close your previous search result export first before starting a new bulk export.
Preview is not available.
By clicking download,a status dialog will open to start the export process. The process may takea few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress.
Download
- Download citation
- Copy citation

Save to Binder

Sections

Proceeding Downloads

Cited By

Save to Binder

Recommendations

WORM '06: Proceedings of the 4th ACM workshop on Recurring malcode

WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode

WiSE '02: Proceedings of the 1st ACM workshop on Wireless security