Ecole d'ingénieur et centre de recherche en Sciences du numérique

The role of cloud services in malicious software: Trends and insights

Han, Xiao; Kheir, Nizar; Balzarotti, Davide

DIMVA 2015, 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 9-10, 2015, Milan, Italy

In this paper we investigate the way cyber-criminals abuse public cloud services to host part of their malicious infrastructures, including exploit servers to distribute malware, C&C servers to manage infected terminals, redirectors to increase anonymity, and drop zones to host stolen data. We conduct a large scale analysis of all the malware samples submitted to the Anubis malware analysis system between 2008 and 2014. For each sample, we extracted and analyzed all malware interactions with Amazon EC2, a major public cloud service provider, in order to better understand the malicious activities that involve public cloud services. In our experiments, we distinguish between benign cloud services that are passively used by malware (such as file sharing, URL shortening, and pay-per-install services), and other dedicated machines that play a key role in the malware infrastructure. Our results reveal that cyber-criminals sustain long-lived operations through the use of public cloud resources, either as a redundant or a major component of their malware infrastructures. We also observe that the number of malicious and dedicated cloud-based domains has increased almost 4 times between 2010 and 2013. To understand the reasons behind this trend, we also present a detailed analysis using public DNS records. For instance, we observe that certain dedicated malicious domains hosted on the cloud remain active for an average of 110 days since they are first observed in the wild.         

Document Doi Bibtex

Titre:The role of cloud services in malicious software: Trends and insights
Type:Conférence
Langue:English
Ville:Milan
Pays:ITALIE
Date:
Département:Sécurité numérique
Eurecom ref:4549
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in DIMVA 2015, 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 9-10, 2015, Milan, Italy and is available at : http://dx.doi.org/10.1007/978-3-319-20550-2_10
Bibtex: @inproceedings{EURECOM+4549, doi = {http://dx.doi.org/10.1007/978-3-319-20550-2_10}, year = {2015}, title = {{T}he role of cloud services in malicious software: {T}rends and insights}, author = {{H}an, {X}iao and {K}heir, {N}izar and {B}alzarotti, {D}avide}, booktitle = {{DIMVA} 2015, 12th {C}onference on {D}etection of {I}ntrusions and {M}alware \& {V}ulnerability {A}ssessment, {J}uly 9-10, 2015, {M}ilan, {I}taly }, address = {{M}ilan, {ITALIE}}, month = {07}, url = {http://www.eurecom.fr/publication/4549} }
Voir aussi: