5 research outputs found
An anti-malvertising model for university students to increase security awareness
Accessing the website through the Internet has introduced a new way of
advertising information to the users. The term âmalvertisingâ comes from the word
malware and advertising. It is one type of attack that performs malware or scareware
injection into the online advertisements. The purpose of this study is to investigate
security awareness on malvertising attack among university students, propose an
anti-malvertising model to improve security awareness, and to evaluate the security
awareness of the proposed model. The data collection of the research starts with
preliminary study in understanding the malvertising issue. Then, survey
questionnaire is distributed to university students from two different local
universities (UTM, Kuala Lumpur and UMP, Pahang) from two different
backgrounds (IT related and non-IT related courses) to investigate current security
awareness on malvertising attack. The study proposes theoretical model on antimalvertising
and the security awareness will be analyzed through the survey. The
proposed model consists of protection, behavior and monitoring components,
identified as independent variables and the security awareness on the antimalvertising
will is identified as the dependent variable. The study had found that
more than half of the students are aware with the malvertising attack by practicing
protection measures, security behavior, and security monitoring that give positive
impact to the studentsâ security awareness. This proposed theoretical model may be
beneficial for the students as a basis of reference for anti-malvertising exercise, while
promoting the security awareness among university students. Besides, the theoretical
model can be used as a reference for the researchers in this field as well as other
security practitioners in practicing the suitable components that constitute security
awareness for malvertising
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Recommended from our members
Responses to Institutional Constraints
Institutions, as mechanisms of social order, often constrain the behavior of individuals within a society. Political institutions constrain the behavior of politicians, financial institutions constrain the behavior of businesses and payment processors and social institutions often constrain the behavior of individuals. These institutions often play an important role in constraining activities that may be seen as illicit or unwanted and careful analysis of these constraints can allow researchers to learn more about activities that are often hidden or go unreported.This dissertation explores the role of institutional constraints on unwanted behavior by studying deforestation in Brazil and Malawi as well as underground activity in fraudulent software sales. These cases share the commonality that they are influenced by institutional constraints. Politicians in Brazil are constrained by reelection incentives, perpetrators of fraudulent antivirus software are constrained by payment processors and the cultural practice of ethnic favoritism in public good provision leads to particular ethnic groups in Malawi receiving much more fertilizer subsidies than others.The first chapter examines deforestation in Brazil. Local political authority (formal or informal) over natural resources may create rents for politicians. The political decision to use or allocate resources involves balancing private rents with reelection prospects. I examine the case of deforestation in Brazil and a presidential decree granting the federal government the authority to punish counties that failed to limit total deforestation within their borders. This collective punishment aimed to generate pressure on local politicians to slow deforestation. Using binding term limits as a source of variation in reelection eligibility, I find eligibility has no effect on deforestation prior to the decree. After the decree, reelection eligible mayors reduced annual deforestation 10% more than mayors ineligible for reelection. These findings are consistent with the equilibrium outcome of a lobbying model. Policies such as sanctions, which target the electorate in order to influence political behavior, may be less effective when politicians are not accountable to voters.The second chapter examines Fake antivirus (AV) programs which have been utilized to defraud millions of computer users into paying as much as one hundred dollars for a phony software license. As a result, fake AV software has evolved into one of the most lucrative criminal operations on the Internet. In this chapter, we examine the operations of three large scale fake AV businesses, lasting from three months to more than two years. More precisely, we present the results of our analysis on a trove of data obtained from several backend servers that the cybercriminals used to drive their scam operations. Our investigations reveal that these three fake AV businesses had earned a combined revenue of more than $130 million dollars. A particular focus of our analysis is on the financial and economic aspects of the scam, which involves legitimate credit card networks as well as more dubious payment processors. In particular, we present an economic model that demonstrates that fake AV companies are actively monitoring the refunds (chargebacks) that customers demand from their credit card providers. When the number of chargebacks increases in a short interval, the fake AV companies react to customer complaints by granting more refunds. This lowers the rate of chargebacks and ensures that a fake AV company can stay in business for a longer period of time. However, this behavior also leads to unusual patterns in chargebacks, which can potentially be leveraged by vigilant payment processors and credit card companies to identify and ban fraudulent firms. This chapter is joint work with Brett Stone-Gross, Richard Kremmerer, Christopher Kruegel, Douglas Steigerwald, and Giovanni Vigna and was published as Stone-Gross et al. (2013).The final chapter returns to deforestation and studies it in the context of agriculture in Malawi. The effect of development policies on the environment is often ambiguous ex ante. Programs designed to improve agricultural productivity may increase deforestation by raising the marginal productivity of agricultural land, thus increasing the demand for land clearing. However, in a setting of subsistence farming on unproductive land, increasing agricultural productivity may reduce the need to shift cultivation to maintain the desired yields. This chapter examines the impact of agricultural subsidies on deforestation in Malawi by leveraging ethnic favoritism in government resource allocation. By exploiting a change in the ethnicity of the Malawi president following the 2004 election, we show that coethnic districts received more fertilizer subsidies and experienced significant declines in deforestation compared to districts with other predominant ethnicities. This paper studies a case in which poverty alleviation programs have beneficial environ- mental impacts demonstrating that, in certain contexts, input subsidies may provide a âwin-winâ scenario. This chapter is joint work with Conor Carney
Stepping Up the Cybersecurity Game: Protecting Online Services from Malicious Activity
The rise in popularity of online services such as social networks,web-based emails, and blogs has made them a popular platform for attackers.Cybercriminals leverage such services to spread spam, malware, and stealpersonal information from their victims.In a typical cybercriminal operation, miscreants first infect their victims' machines with malicious software and have themjoin a botnet, which is a network of compromised computers. In the second step,the infected machines are often leveraged to connect to legitimate onlineservices and perform malicious activities.As a consequence, online services receive activity from both legitimate and malicious users. However, while legitimate users use these services for thepurposes they were designed for, malicious parties exploit them for theirillegal actions, which are often linked to an economic gain. In this thesis, I showthat the way in which malicious users and legitimate ones interact with Internetservices presents differences. I then develop mitigation techniques thatleverage such differences to detect and block malicious parties that misuseInternet services.As examples of this research approach, I first study the problem of spammingbotnets, which are misused to send hundreds of millions of spam emails tomailservers spread across the globe. I show that botmasters typically split alist of victim email addresses among their bots, and that it is possible toidentify bots belonging to the same botnet by enumerating the mailservers thatare contacted by IP addresses over time. I developed a system, calledBotMagnifier, which learns the set of mailservers contacted by the bots belongingto a certain botnet, and finds more bots belonging to that same botnet.I then study the problem of misused accounts on online social networks. I firstlook at the problem of fake accounts that are set up by cybercriminals to spreadmalicious content. I study the modus operandi of the cybercriminalscontrolling such accounts, and I then develop a system to automatically flag asocial network accounts as fake. I then look at the problem of legitimateaccounts getting compromised by miscreants, and I present COMPA, a system thatlearns the typical habits of social network users and considers messages thatdeviate from the learned behavior as possible compromises. As a last example, I present EvilCohort, a system that detects communities ofonline accounts that are accessed by the same botnet. EvilCohort works byclustering together accounts that are accessed by a common set of IP addresses,and can work on any online service that requires the use of accounts (socialnetworks, web-based emails, blogs, etc.)
Peering Through the iFrame
AbstractâDrive-by-download attacks have become the method of choice for cyber-criminals to infect machines with malware. Previous research has focused on developing techniques to detect web sites involved in drive-by-download attacks, and on measuring their prevalence by crawling large portions of the Internet. In this paper, we take a different approach at analyzing and understanding drive-by-download attacks. Instead of horizontally searching the Internet for malicious pages, we examine in depth one drive-by-download campaign, that is, the coordinated efforts used to spread malware. In particular, we focus on the Mebroot campaign, which we periodically monitored and infiltrated over several months, by hijacking parts of its infrastructure and obtaining network traces at an exploit server. By studying the Mebroot drive-by-download campaign from the inside, we could obtain an in-depth and comprehensive view into the entire life-cycle of this campaign and the involved parties. More precisely, we could study the security posture of the victims of drive-by attacks (e.g., by measuring the prevalence of vulnerable software components and the effectiveness of software updating mechanisms), the characteristics of legitimate web sites infected during the campaign (e.g., the infection duration), and the modus operandi of the miscreants controlling the campaign. I