The popularity of new social media platforms such as Facebook, Twitter etc. has created an open platform to disseminate information about common software vulnerabilities and vulnerability exploits. Also, there exists speculation about existing markets for vulnerability exploits in these mediums. In this work, we have collected and analyzed about 5,000,000 tweets over 15 days period for understanding the nature of advertisements regarding vulnerability exploits in Twitter. Our study reveals that, vulnerability related tweets are mostly informative and their number has some correlation with the risk presented by the vulnerabilities. We also found code fragments, exploit demo and information dissemination networks related to different vulnerabilities in Twitter. Our limited study period and processing capabilities did not uncover any underground sales of vulnerability exploits; however, we found that, there exist widely followed legitimate corporations that deals with business of selling vulnerability exploits. This limited study should be considered as a stepping stone in exploring vulnerability exploits advertised in Twitter.
On or about August 25th 2013, the name servers supporting the country code Top Level Domain (ccTLD) “.cn” were attacked and brought offline[2, 6–8, 11]. As local DNS caches expired, this attack eventually affected the internet traffic of most users attempting to reach Chinese websites because the authoritative DNS servers for those sites ceased working. While the attack itself was widely reported in tech circles, there are very few technical details publicly available about the attack. In this paper, we follow a series of deductive hypotheses: each leading closer to the actual malicious actors and eventually revealing the nature of the attack on the Chinese DNS to be a dictionary based NXDOMAIN attack.
Current research on software lineage typically focuses on reverse engineering code, but anti-reversing techniques such as code obfuscation causes difficulty and complexity in analyzing reverse engineered code. In this project, static analysis of various metadata is used to determine malware lineage, such as: software metadata, binary imports and exports, and execution behavioral statistics. Metadata information was aggregated from the Malicia Project dataset and VirtusTotal execution reports to analyze and determine malware lineage; producing low false positives between 0.7-35%.
More than 1 million new malware samples are generated each day using advanced packing and obfuscation techniques, making it difficult for antivirus products to detect new malware variants. Attempts to identify these malware have generally required large datasets not available to the public. We show that it is possible to automate the clustering of the Malicia dataset into malware families using the dynamic execution metadata from VirusTotal to train a machine learning classifier. In the process we are able improve on the original analysis by clustering approximately 400 previously unlabeled samples in the dataset, while also finding that previous measures of precision and recall on the Malicia dataset may be biased due to the dominance of 3 malware families. Our results can be generalized into a publically available methodology to cluster malware into families.
With new variants of malware coming out every day, Anti-Malware applications have an increasingly difficult job detecting malware and protecting computers from it. It is estimated that more than 1 million new malware variants are produced every single day. However, the number of benign software programs a legitimate user may wish to run is far lower. We propose the creation of a benign software corpus, and the collection of statistical data about the attributes of the files in the corpus. Comparison of unknown or untrusted hosts and/or the executable files they contain with the data in this corpus will allow Anti-Malware applications to determine that a file is likely benign, a much easier task than determining whether the file is likely malicious.
Created with coursegen. Last updated: 2013-12-16 18:15:24 -0600 [validate xhtml]