Understanding malware behavior will help in implementing robust intrusion detection and prevention systems. In this paper, we studied the behavioral characteristics of different malware types affecting the Internet and other enterprise email systems. This research was carried out on spam email data received by a single user’s test email account collected over a period of six months. A sandbox test environment platform using virtual machines was built to perform this research and simulate real-life malware behavior and determine its signature at the point of execution for proper analysis. Analysis of email data using the sandbox setup helps to produce a comprehensive data analysis about botnet behavior. We described in detail the design and implementation of sandbox test environment including the challenges faced in building this test environment. As a cost saving measure, we used VMware based virtual platforms built on Linux PC-class hardware. We present results of our behavioral measurement of the most active botnets. Our study discovered that for a single email user for a period of six months, two active Trojans contributed around 20 percent of the total identified malwares received within this time period and the remaining 80 percent of malware binaries were distributed over many different types of botnets; the email malware shows a classic long-tail distribution. During this experiment, we also discovered very strong polymorphic behaviors exhibited by these malware samples, ostensibly intended to help the malware authors and hackers to penetrate and bypass the enterprise intrusion detection systems. Finally, we are releasing the repository of malware collected as a data set for evaluation by other researchers.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Study of Malware Threats Faced by the Typical Email User
T. E. Boult
- Springer Berlin Heidelberg
Neuer Inhalt/© ITandMEDIA