Location of Repository


By Spiros Antonatos, Iasonas Polakis, Evangelosp Markatos and Northamericauseaninstantmessenger Amorerecent


Thepopularityofinstantmessaging(IM)serviceshas recentlyattractedtheinterestofattackersthattrytosend malicious URLs or files to the contact lists of compromised instant messaging accountsor clients. This work focuses on a systematic characterization of IM threats based on the information collected by HoneyBuddy, a honeypot-like infrastructure for detecting malicious activities in IM networks. HoneyBuddy finds and adds contacts to its honeypot messengers by querying popular search engines for IM contacts or by advertising its accounts on contact finder sites. Our deployment has shown that with over six thousand contacts we can gather between 50 and 110 malicious URLs per day as well as executables. Our experiments show that 21 % of our collected executable samples were not gathered by other malware collection infrastructures, while 93 % of theidentifiedIMphishingdomainswerenotrecordedby popular blacklist mechanisms. Furthermore, our findings show that the malicious domains are hosted by a limited number of hosts that remain practically unchangedthroughouttime

Year: 2011
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.isoc.org/isoc/confe... (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.