Behavioral Analysis Of Malicious Code Through Network Traffic And System Call Monitoring

Malicious code (malware) that spreads through the Internet-such as viruses, worms and trojans-is a major threat to information security nowadays and a profitable business for criminals. There are several approaches to analyze malware by monitoring its actions while it is running in a controlled environment, which helps to identify malicious behaviors. In this article we propose a tool to analyze malware behavior in a non-intrusive and effective way, extending the analysis possibilities to cover malware samples that bypass current approaches and also fixes some issues with these approaches. © 2011 SPIE.8059The Society of Photo-Optical Instrumentation Engineers (SPIE)Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G., Efficient detection of split personalities in malware (2010) 17th Annual Network and Distributed System Security SymposiumBayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C., A view on current malware behaviors (2009) Usenix Workshop on Large-scale Exploits and Emergent Threats (LEET)Bayer, U., Kruegel, C., Kirda, E., TTanalyze: A tool for analyzing malware (2006) Proc. 15th Ann. Conf. European Inst. for Computer Antivirus Research (EICAR), pp. 180-192Bellard, F., QEMU, a fast and portable dynamic translator (2005) Proc. of the Annual Conference on USENIX Annual Technical Conference, pp. 41-41. , USENIX AssociationBinsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L., On the analysis of the zeus botnet crimeware toolkit (2010) Proc. of the Eighth Annual Conference on Privacy, Security and Trust, PST'2010Blunden, B., (2009) The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, , Jones and Bartlett Publishers, Inc, 1th editionChoi, Y., Kim, I., Oh, J., Ryou, J., PE file header analysis-based packed pe file detection technique (PHAD) (2008) Proc of the International Symposium on Computer Science and Its Applications, pp. 28-31Dinaburg, A., Royal, P., Sharif, M., Lee, W., Ether: Malware analysis via hardware virtualization extensions (2008) Proc. Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), , OctoberFather, H., Hooking windows API-technics of hooking API functions on windows (2004) CodeBreakers J., 1 (2)Franklin, J., Paxson, V., Perrig, A., Savage, S., An inquiry into the nature and causes of the wealth of internet miscreants (2007) Conference on Computer and Communications Security (CCS)Garfinkel, T., Rosenblum, M., A virtual machine introspection based architecture for intrusion detection (2003) Proc. Network and Distributed Systems Security Symposium, pp. 191-206Hoglund, G., Butler, J., (2005) Rootkits: Subverting the Windows Kernel, , Addison- Wesley Professional, 1th editionHolz, T., Engelberth, M., Freiling, F., Learning more about the underground economy: A case-study of keyloggers and dropzones (2008) Reihe Informatik TR-2008-006, , University of Mannheimhttp://www.joebox.org/Kang, M.G., Poosankam, P., Yin, H., Renovo: A hidden code extractor for packed exe-cutables (2007) Proc. of the 2007 ACM Workshop on Recurring Malcode (WORM 2007)Kong, J., (2007) Designing BSD Rootkits, , No Starch Press, 1th editionLeder, F., Werner, T., Know your enemy: Containing conficker (2009) The Honeynet Project & Research AllianceMartignoni, L., Christodorescu, M., Jha, S., Omniunpack: Fast, generic, and safe unpack-ing of malware (2007) Proc. of the Annual Computer Security Applications Conference (ACSAC)http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde- d599bac8184a/pecoff_v8.docxMoser, A., Kruegel, C., Kirda, E., Limits of static analysis for malware detection (2007) ACSAC, pp. 421-430. , IEEE Computer Societyhttp://www.securelist.com/en/descriptions/old145521http://www.softpanorama.org/Malware/Malware_defense_history/ Malware_gallery/Network_worms/allaple_rahack.shtmlSong, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Saxena, P., BitBlaze: A new approach to computer security via binary analysis (2008) Proc. of the 4th International Conference on Information Systems SecurityWillems, G., Holz, T., Freiling, F., Toward automated dynamic malware analysis using CWSandbox (2007) IEEE Security and Privacy, 5 (2), pp. 32-39. , DOI 10.1109/MSP.2007.45Yegneswaran, V., Saidi, H., Porras, P., Eureka: A framework for enabling static analysis on malware (2008) Technical Report SRI-CSL-08-01 Computer Science Laboratory and College of Computing, , Georgia Institute of Technolog

Stm1p alters the ribosome association of eukaryotic elongation factor 3 and affects translation elongation

Stm1p is a Saccharomyces cerevisiae protein that is primarily associated with cytosolic 80S ribosomes and polysomes. Several lines of evidence suggest that Stm1p plays a role in translation under nutrient stress conditions, although its mechanism of action is not yet known. In this study, we show that yeast lacking Stm1p (stm1Δ) are hypersensitive to the translation inhibitor anisomycin, which affects the peptidyl transferase reaction in translation elongation, but show little hypersensitivity to other translation inhibitors such as paromomycin and hygromycin B, which affect translation fidelity. Ribosomes isolated from stm1Δ yeast have intrinsically elevated levels of eukaryotic elongation factor 3 (eEF3) associated with them. Overexpression of eEF3 in cells lacking Stm1p results in a growth defect phenotype and increased anisomycin sensitivity. In addition, ribosomes with increased levels of Stm1p exhibit decreased association with eEF3. Taken together, our data indicate that Stm1p plays a complementary role to eEF3 in translation

A Hybrid Framework To Analyze Web And Os Malware

Malicious programs (malware) cause serious security issues to home users and even to highly secured enterprise systems. The main infection vector currently used by attackers is the Internet. To improve the detection rate and to develop protection mechanisms, it is very important to analyze and study these threats. To this end, several systems were developed to perform malware analysis, which support operating system (OS) programs or Web codes, but they all suffer from limitations. Also, the existing systems focus only on one type of malware, those that target the OS or that require a Web browser. In this article, we propose a framework that is able to analyze Web and OS-based malware, which provides better detection rates and a broader range of malware types analysis. We have also evaluated and compared our analysis results to the state-of-the-art systems, presenting the advantages of the developed framework over them when regarding Web and OS-based malware. © 2012 IEEE.966970Raffetseder, T., Krugel, C., Kirda, E., Detecting system emulators (2007) ISC, pp. 1-18Quist, D., Smith, V., Detecting the Presence of Virtual Machines Using the Local Data Table, , http://www.offensivecomputing.net/files/active/0/vm.pdfMoser, A., Kruegel, C., Kirda, E., Limits of static analysis for malware detection (2007) ACSAC, pp. 421-430Bayer, U., Kruegel, C., Kirda, E., Ttanalyze: A tool for analyzing malware (2006) 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference, , CiteseerWillems, C., Holz, T., Freiling, F., Toward automated dynamic malware analysis using cwsandbox (2007) IEEE Security & Privacy, pp. 32-39Cova, M., Kruegel, C., Vigna, G., Detection and analysis of driveby- download attacks and malicious javascript code (2010) Proceedings of the 19th International Conference on World Wide Web, Ser. WWW '10, pp. 281-290. , New York, NY, USA: ACMNazario, J., Phoneyc: A virtual client honeypot (2009) Proceedings of the 2nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, pp. 6-6. , USENIX AssociationSeifert, C., Steenson, R., (2006) Capture - Honeypot Client (Capture-hpc), , https://projects.honeynet.org/capture-hpcEgele, M., Wurzinger, P., Kruegel, C., Kirda, E., Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks (2009) Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 88-106Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I., The weka data mining software: An update (2009) ACM SIGKDD Explorations Newsletter, 11 (1), pp. 10-18Howard, F., (2010) Malware with Your Mocha: Obfuscation and Antiemulation Tricks Inmalicious Javascrip

PM10-bound arsenic emissions from the artistic glass industry in Murano (Venice, Italy) before and after the enforcement of REACH authorisation

The island of Murano (Venice, Italy) is famous worldwide for its artistic glass production. Diarsenic trioxide was a main ingredient of the raw glass mixture until 2015, when the authorisation process of European REACH Regulation (Registration Evaluation Authorisation of Chemicals) entered into force, effectively forbidding the use of arsenic. A total of 3077 PM10 samples were collected across the Venice area in 2013-2017. This period included the REACH Sunset Date (May 2015). High arsenic concentrations were recorded in Murano before the Sunset Date (average 383 ng/m3), representing a serious concern for public health. Other sites in Venice complied with the EU target value. In 2013, concentrations were 36-folds higher than model estimation computed over the maximum-allowed emission scenario. Polar plot analysis indicated Murano as the major source of arsenic contamination. The concentration significantly dropped after the REACH implementation, thus meeting the European target values. However, high peaks of arsenic were still detected; inspections on raw and finished glass materials confirmed that some factories were still using arsenic. Results reported serious airborne arsenic pollution in Murano before the REACH implementation. This work represents an interesting case study on the effectiveness of the European REACH process

Noise Levels in an Acute Psychiatric Unit: An Exploratory Observational Study

Background: Noise is an important aspect of the ward atmosphere climate - the combination of the architectural solutions, organizational features, the psychological traits of the operators and their interactions, and the patients' characteristics. Despite its importance noise levels have been less analyzed than other aspects of the ward atmosphere climate. Aim: In this study the aim is to identify the sources of noise and the sound pressure level in an acute psychiatric ward, and secondly to ascertain whether this is perceived by inpatients as disturbing. Method: The sound pressure levels were measured during three nonconsecutive mornings, three afternoons, and three nights. A questionnaire was administered to ascertain patients' opinions about the noise in the ward. Results: The average noise level in the ward was 62.5 dB(A)eq in the morning, 55.8 in the afternoon, and 51.5 at night. A total of 23 patients took part in the study: 65.2% of this sample did not perceive the noise in the ward as disturbing. Conclusion: In a psychiatric ward, the main source of noise is the verbal communication, and acoustic pressure also derived from care activities based around relationships. Other sources of noise perceived as disturbing came from the opening and closing of doors and the entry doorbell. Adopting relational and architectural-structural measures could reduce the sound pressure, with a view to further improving the ambience in the ward

Interactive, Visual-aided Tools To Analyze Malware Behavior

Malicious software attacks can disrupt information systems, violating security principles of availability, confidentiality and integrity. Attackers use malware to gain control, steal data, keep access and cover traces left on the compromised systems. The dynamic analysis of malware is useful to obtain an execution trace that can be used to assess the extent of an attack, to do incident response and to point to adequate counter-measures. An analysis of the captured malware can provide analysts with information about its behavior, allowing them to review the malicious actions performed during its execution on the target. The behavioral data gathered during the analysis consists of filesystem and network activity traces; a security analyst would have a hard time sieving through a maze of textual event data in search of relevant information. We present a behavioral event visualization framework that allows for an easier realization of the malicious chain of events and for quickly spotting interesting actions performed during a security compromise. Also, we analyzed more than 400 malware samples from different families and showed that they can be classified based on their visual signature. Finally, we distribute one of our tools to be freely used by the community. © 2012 Springer-Verlag.7336 LNCSPART 4302313Universidade Federal da Bahia (UFBA),Universidade Federal do Reconcavo da Bahia (UFRB),Universidade Estadual de Feira de Santana (UEFS),University of Perugia,University of Basilicata (UB)Buehlmann, S., Liebchen, C., Joebox: A Secure Sandbox Application for Windows to Analyse the Behaviour of Malware, , http://www.joebox.orgClam Antivirus, , http://www.clamav.netConti, G., Dean, E., Sinda, M., Sangster, B., Visual Reverse Engineering of Binary and Data Files (2008) LNCS, 5210, pp. 1-17. , Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. Springer, HeidelbergEick, S.G., Steffen, J.L., Sumner Jr., E.E., Seesoft-A Tool for Visualizing Line Oriented Software Statistics (1992) IEEE Transactions on Software Engineering, 18 (11), pp. 957-968Grégio, A.R.A., Oliveira, I.L., Dos Santos, R.D.C., Cansian, A.M., De Geus, P.L., Malware distributed collection and pre-classification system using honeypot technology (2009) Proceedings of SPIE, 7344, pp. 73440B-73440B10Grégio, A.R.A., Fernandes Filho, D.S., Afonso, V.M., Dos Santos, R.D.C., Jino, M., De Geus, P.L., Behavioral analysis of malicious code through network traffic and system call monitoring (2011) Proceedings of SPIE, 8059, pp. 80590O-80590O10http://dionaea.carnivore.it, The Honeynet ProjectKruegel, C., Kirda, E., Bayer, U., Ttanalyze: A tool for analyzing malware Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference (2006)MBS Tool. Malicious Behavior's Spiral - Beta Version, , http://www.las.ic.unicamp.br/~gregio/mbsProvos, N., Holz, T., (2007) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, , Addison-Wesley ProfessionalProvos, N., Honeyd - A Virtual Honeypot Daemon 10th DFNCERT Workshop (2003)Quist, D., Liebrock, L., Visualizing Compiled Executables for Malware Analysis (2009) Proceedings of the Workshop on Visualization for Cyber Security, pp. 27-32Read, H., Xynos, K., Blyth, A., Presenting DEViSE: Data Exchange for Visualizing Security Events (2009) IEEE Computer Graphics and Applications, 29, pp. 6-11http://www.threatexpert.comTrinius, P., Holz, T., Gobel, J., Freiling, F.C., Visual analysis of malware behavior using treemaps and thread graphs (2009) International Workshop on Visualization for Cyber Security(VizSec), pp. 33-3

Imaging assessment of glenohumeral dysplasia secondary to brachial plexus birth palsy*

Objective: To assess imaging parameters related to the morphology of the glenohumeral joint in children with unilateral brachial plexus birth palsy (BPBP), in comparison with those obtained for healthy shoulders. Materials and Methods We conducted a retrospective search for cases of unilateral BPBP diagnosed at our facility. Only patients with a clinical diagnosis of unilateral BPBP were included, and the final study sample consisted of 10 consecutive patients who were assessed with cross-sectional imaging. The glenoid version, the translation of the humeral head, and the degrees of glenohumeral dysplasia were assessed. Results: The mean diameter of the affected humeral heads was 1.93 cm, compared with 2.33 cm for those of the normal limbs. In two cases, there was no significant posterior displacement of the humeral head, five cases showed posterior subluxation of the humeral head, and the remaining three cases showed total luxation of the humeral head. The mean glenoid version angle of the affected limbs (90-α) was -9.6º, versus +1.6º for the normal, contralateral limbs. Conclusion: The main deformities found in this study were BPBP-associated retroversion of the glenoid cavity, developmental delay of the humeral head, and posterior translation of the humeral head