| Presentation | 2010-11-05 A Method of Sandbox Analysis of Malware Acting with Use of Online Services Kousuke Murakami, Katsunari Yoshioka, Tsutomu Matsumoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Recently, it is reported that some malware misuse online services, such as Gmail or Twitter, for sending spam and exchanging Command and Control (C&C) messages. Such malware need to be carefully treated when analyzed in an Internet-connected sandbox for behavioral analysis since they can cause harm to the actual online services. In this paper, we propose a method of malware sandbox analysis that utilizes a dummy server that works as a man in the middle between being-analyzed malware and the online services, observes and accumulates data transmitted between them. When the malware sends a request to these online services, dummy server looks for a corresponding request from the accumulated data and responds back to the malware on behalf of the actual service. This way, we can reduce the number of requests sent from malware to the actual online services. Moreover, in the victim host where the malware is executed, we register a private CA that we set up to authenticate the dummy server so that the server authentication can be done properly even though malware uses SSL/TLS. In experiment, we were able to observe behavior of several malware that misuse online services. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Malware / Online Service / Sandbox Analysis / Dummy Server |
| Paper # | ICSS2010-55 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2010/10/29(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Method of Sandbox Analysis of Malware Acting with Use of Online Services |
| Sub Title (in English) | |
| Keyword(1) | Malware |
| Keyword(2) | Online Service |
| Keyword(3) | Sandbox Analysis |
| Keyword(4) | Dummy Server |
| 1st Author's Name | Kousuke Murakami |
| 1st Author's Affiliation | Yokohama National University() |
| 2nd Author's Name | Katsunari Yoshioka |
| 2nd Author's Affiliation | Yokohama National University |
| 3rd Author's Name | Tsutomu Matsumoto |
| 3rd Author's Affiliation | Yokohama National University |
| Date | 2010-11-05 |
| Paper # | ICSS2010-55 |
| Volume (vol) | vol.110 |
| Number (no) | 266 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |