Anubis is a dynamic malware analysis platform that executes submitted binaries in a controlled environment. To perform the analysis, the system monitors the invocation of important Windows API calls and system services, it records the network traffic, and it tracks data flows. For each submission, reports are generated that provide comprehensive reports about the activities of the binary under analysis. Anubis receives malware samples through a public web interface and a number of feeds from security organizations and anti-malware companies. Because the samples are collected from a wide range of users, the collected samples represent a comprehensive and diverse mix of malware found in the wild. In this paper, we aim to shed light on common malware behaviors. To this end, we evaluate the Anubis analysis results for almost one million malware samples, study trends and evolution of malicious behaviors over a period of almost two years, and examine the influence of code polymorphism on malware statistics.
A view on current malware behaviors
LEET 2009, 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 21, 2009, Boston, USA
Type:
Conference
City:
Boston
Date:
2009-04-21
Department:
Digital Security
Eurecom Ref:
2778
Copyright:
Copyright Usenix. Personal use of this material is permitted. The definitive version of this paper was published in LEET 2009, 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 21, 2009, Boston, USA and is available at :
See also:
PERMALINK : https://www.eurecom.fr/publication/2778
