Labrèche, F;
Mariconti, E;
Stringhini, G;
(2022)
Shedding Light on the Targeted Victim Profiles of Malicious Downloaders.
In:
ACM International Conference Proceeding Series.
(pp. p. 112).
ACM: Association for Computing Machinery
Preview |
Text
2208.13278.pdf - Accepted Version Download (771kB) | Preview |
Abstract
Malware affects millions of users worldwide, impacting the daily lives of many people as well as businesses. Malware infections are increasing in complexity and unfold over a number of stages. A malicious downloader often acts as the starting point as it fingerprints the victim's machine and downloads one or more additional malware payloads. Although previous research was conducted on these malicious downloaders and their Pay-Per-Install networks, limited work has investigated how the profile of the victim machine, e.g., its characteristics and software configuration, affect the targeting choice of cybercriminals. In this paper, we operate a large-scale investigation of the relation between the machine profile and the payload downloaded by droppers, through 151,189 executions of malware downloaders over a period of 12 months. We build a fully automated framework which uses Virtual Machines (VMs) in sandboxes to build custom user and machine profiles to test our malicious samples. We then use changepoint analysis to model the behavior of different downloader families, and perform analyses of variance (ANOVA) on the ratio of infections per profile. With this, we identify which machine profile is targeted by cybercriminals at different points in time. Our results show that a number of downloaders present different behaviors depending on a number of features of a machine. Notably, a higher number of infections for specific malware families were observed when using different browser profiles, keyboard layouts and operating systems, while one keyboard layout obtained fewer infections of a specific malware family. Our findings bring light to the importance of the features of a machine running malicious downloader software, particularly for malware research.
| Type: | Proceedings paper |
|---|---|
| Title: | Shedding Light on the Targeted Victim Profiles of Malicious Downloaders |
| Event: | ARES 2022: The 17th International Conference on Availability, Reliability and Security |
| ISBN-13: | 9781450396707 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/3538969.3544435 |
| Publisher version: | https://doi.org/10.1145/3538969.3544435 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Malware, Downloader, Pay-Per-Install, Changepoint Analysis |
| UCL classification: | UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science UCL > Provost and Vice Provost Offices > UCL BEAMS UCL |
| URI: | https://discovery-pp.ucl.ac.uk/id/eprint/10155828 |
Archive Staff Only
 |
View Item |
