An Effective Proactive Malware Collector
Date Issued
2008
Date
2008
Author(s)
Li, Yuan-Tao
Abstract
Internet services are increasingly becoming an essential part of our everyday life. But the viruses spread more and more fast. Large numbers of new risen and new sophisticated viruses are constantly expanding, and their techniques are more and more compact. In the form of Trojan for example that aims to perform its tasks with user consent, and usually is disguised as a legitimate program – apparently it greatly compromises the integrity of the system. Users infected with Trojans cannot be aware of having infected. Another MSN worms use the social relationship to reduce the alert of users and spread at a amazing speed of doubling the number each square. Therefore, malware researcher urgently needs all kinds of malware samples for investigating, especially the new kinds of worms in the Internet. The better and more we know about what malware is currently spreading in the wild, the better can our defenses are.n this thesis, we describe a Proactive Malware Collector, a tool that connects the compromised websites, and automates to get the infected samples. In brief, we get the list of the compromised websites, and browse each site in an unmodified Windows environment, which leads to excellent emulation accuracy. We capture the created and modified files after browsing the sites and filter those files that could be infected for further in-depth analysis. To this end, our tool uses the technique that is comparing the difference of virtual hardware file activity for obtaining the infected samples. It is invisible to malware. Furthermore, our tool automates to get links, browse, and filter. These factors make The Proactive Malware Collector an ideal tool for automatically collecting the large numbers of malware.
Subjects
Security
Virus worm
Malware Collection
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-97-R95944019-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):d7011d0040b5b90d6663747e6eff632d