| Presentation | 2010-06-18 A Life-cycle Monitoring Method of Malware Download Sites for Websites Takeshi YAGI, Naoto TANIMOTO, Takeo HARIU, Mitsutaka ITOH, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | This paper proposes a method to monitor life-cycle of malware download sites for websites and reports the actual life-cycle as monitored by web honeypots carrying vulnerable web applications on the Internet. Recently, a large number of websites are used by attackers as hopping sites to attack other websites and user terminals. To make hopping sites, many attackers use vulnerabilities in web applications to force victims to download malware themselves. To protect websites from these attacks, technologies filtering access from websites to malware download sites, which are set by attackers, are effective. However, to update filtering configuration, it is necessary to identify malware periodically since malware may be changed of removed from malware download sites. In this paper, we propose a method to update filtering configuration automatically based on dynamic malware analysis using attack recreation. Our investigation reveals that some malware files on malware download sites are changed to other kinds of malware. In addition, it reveals that life-cycle of malware download sites are similar to the life-cycle of web pages. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | security / malware / website / web honeypot |
| Paper # | IA2010-14,ICSS2010-14 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2010/6/10(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Life-cycle Monitoring Method of Malware Download Sites for Websites |
| Sub Title (in English) | |
| Keyword(1) | security |
| Keyword(2) | malware |
| Keyword(3) | website |
| Keyword(4) | web honeypot |
| 1st Author's Name | Takeshi YAGI |
| 1st Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation() |
| 2nd Author's Name | Naoto TANIMOTO |
| 2nd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 3rd Author's Name | Takeo HARIU |
| 3rd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 4th Author's Name | Mitsutaka ITOH |
| 4th Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| Date | 2010-06-18 |
| Paper # | IA2010-14,ICSS2010-14 |
| Volume (vol) | vol.110 |
| Number (no) | 79 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |