Presentation | 2007-11-21 Extract Network Access Information from BOT Code Using Static Analysis Hayato OKADA, Masakatu MORII, Koji NAKAO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Recently malwares called BOT spread like wildfire across the Internet. BOTs access a outside server like IRC server and await commands send by attacker called herder on infected machines. Through the server, herder logon BOTs and sends commands to damage the Internet. Therefore we need information such as BOT commands and a passward in order that we analyze a BOT by operating it. In this paper we propose a technique that specify a region include the information, and extract the information a BOT. In the technique, we specify a region that specific infomation exist in an unknown BOT by searching unique byte sequences above and below the information, and try extracting the information. In fact, we succeed in extracting the information from an unknown BOT, and operate the BOT. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | BOT / malware / IRC server / herder |
Paper # | ISEC2007-94,OIS2007-66 |
Date of Issue |
Conference Information | |
Committee | ISEC |
---|---|
Conference Date | 2007/11/14(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information Security (ISEC) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Extract Network Access Information from BOT Code Using Static Analysis |
Sub Title (in English) | |
Keyword(1) | BOT |
Keyword(2) | malware |
Keyword(3) | IRC server |
Keyword(4) | herder |
1st Author's Name | Hayato OKADA |
1st Author's Affiliation | Graduate School of Science and Technology, Kobe University() |
2nd Author's Name | Masakatu MORII |
2nd Author's Affiliation | Graduate School of Science and Technology, Kobe University |
3rd Author's Name | Koji NAKAO |
3rd Author's Affiliation | National Institute of Information and Communications Technology |
Date | 2007-11-21 |
Paper # | ISEC2007-94,OIS2007-66 |
Volume (vol) | vol.107 |
Number (no) | 345 |
Page | pp.pp.- |
#Pages | 5 |
Date of Issue |