TY - CONF T1 - Analyzing the process of installing rogue software Y1 - 2009 A1 - Berthier,R. A1 - Arjona,J. A1 - Michel Cukier KW - Linux KW - Linux target computers KW - malicious actions KW - rogue software installation KW - security of data AB - This practical experience report presents the results of an experiment aimed at understanding the sequence of malicious actions following a remote compromise. The type of rogue software installed during attacks was used to classify and understand sequences of malicious actions. For this experiment, we used four Linux target computers running SSH with simple passwords. During the eight-month data collection period, we recorded a total of 1,171 attack sessions. In these sessions, attackers typed a total of 20,335 commands that we categorized into 24 specific actions. These actions were analyzed based on the type of rogue software installed by attackers. M3 - 10.1109/DSN.2009.5270293 ER -