Pub Date : 2013-09-01DOI: 10.1109/ECRS.2013.6805783
Dhia Mahjoub
Fast flux, an evasion technique that has been around for years, continues to be widely used by cybercriminals today. In this case study, we describe a real-time monitoring and detection system that leverages recursive and passive DNS to track the Kelihos fast flux botnet. We track how the botnet grows its population of infected hosts, and detect, in real-time, the newest Kelihos fast flux domains that are being hosted by the botnet. Our analysis will present results on various components and attributes of the infrastructure leveraged by the Kelihos fast flux botnet. These include: domain TLD distribution, botnet geo-distribution, botnet daily cycles, distribution of operating systems used by the botnet machines, daily-discovered fast flux domains, domain and IP lifetime distribution, as well as specific examples of usage that highlight malicious campaigns.
{"title":"Monitoring a fast flux botnet using recursive and passive DNS: A case study","authors":"Dhia Mahjoub","doi":"10.1109/ECRS.2013.6805783","DOIUrl":"https://doi.org/10.1109/ECRS.2013.6805783","url":null,"abstract":"Fast flux, an evasion technique that has been around for years, continues to be widely used by cybercriminals today. In this case study, we describe a real-time monitoring and detection system that leverages recursive and passive DNS to track the Kelihos fast flux botnet. We track how the botnet grows its population of infected hosts, and detect, in real-time, the newest Kelihos fast flux domains that are being hosted by the botnet. Our analysis will present results on various components and attributes of the infrastructure leveraged by the Kelihos fast flux botnet. These include: domain TLD distribution, botnet geo-distribution, botnet daily cycles, distribution of operating systems used by the botnet machines, daily-discovered fast flux domains, domain and IP lifetime distribution, as well as specific examples of usage that highlight malicious campaigns.","PeriodicalId":110678,"journal":{"name":"2013 APWG eCrime Researchers Summit","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122516430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1109/ECRS.2013.6805778
Sadia Afroz, Vaibhav Garg, Damon McCoy, R. Greenstadt
Underground forums enable technical innovation among criminals as well as allow for specialization, thereby making cybercrime economically efficient. The success of these forums is contingent on collective action twixt a variety of stakeholders. What distinguishes sustainable forums from those that fail? We begin to address these questions by examining underground forums under an economic framework that has been used to prescribe institutional choices in other domains, such as fisheries and forests. This framework examines the sustainability of cybercrime forums given a self governance model for a common-pool resource. We analyze five distinct forums: AntiChat (AC), BadHackerZ (BH), BlackhatWorld (BW), Carders (CC), and L33tCrew (LC). Our analyses indicate that successful/sustainable forums: 1) have easy/cheap community monitoring, 2) show moderate increase in new members, 3) do not witness reduced connectivity as the network size increases, 4) limit privileged access, and 5) enforce bans or fines on offending members. We define success as forums demonstrating small world effect.
{"title":"Honor among thieves: A common's analysis of cybercrime economies","authors":"Sadia Afroz, Vaibhav Garg, Damon McCoy, R. Greenstadt","doi":"10.1109/ECRS.2013.6805778","DOIUrl":"https://doi.org/10.1109/ECRS.2013.6805778","url":null,"abstract":"Underground forums enable technical innovation among criminals as well as allow for specialization, thereby making cybercrime economically efficient. The success of these forums is contingent on collective action twixt a variety of stakeholders. What distinguishes sustainable forums from those that fail? We begin to address these questions by examining underground forums under an economic framework that has been used to prescribe institutional choices in other domains, such as fisheries and forests. This framework examines the sustainability of cybercrime forums given a self governance model for a common-pool resource. We analyze five distinct forums: AntiChat (AC), BadHackerZ (BH), BlackhatWorld (BW), Carders (CC), and L33tCrew (LC). Our analyses indicate that successful/sustainable forums: 1) have easy/cheap community monitoring, 2) show moderate increase in new members, 3) do not witness reduced connectivity as the network size increases, 4) limit privileged access, and 5) enforce bans or fines on offending members. We define success as forums demonstrating small world effect.","PeriodicalId":110678,"journal":{"name":"2013 APWG eCrime Researchers Summit","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131517558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1109/ECRS.2013.6805782
Mohammad Karami, Shiva Ghaemi, Damon McCoy
The profitability of the underground criminal business of counterfeit or unauthorized products is a major funding source that drives the illegal online advertisement industry. While it is clear that underground online affiliate-based programs are profitable for their owners, the precise business operations of such organizations are unknown to a large extent. In this study, we present the results of our analysis of a replica and herbal supplements affiliate program based on leaked ground truth data. The dataset covers a period of over two years and includes more than $6 million in sale records for an affiliate program known as Tower of Power (TowPow) focusing on the herbal supplements and counterfeit luxury goods market. In this paper we provide a detailed empirical analysis of the participating affiliates, sales dynamics, revenue sharing, domain usage patterns and conversion rates.
假冒或未经授权产品的地下犯罪业务的利润是推动非法网络广告行业的主要资金来源。虽然很明显,地下网络附属项目对其所有者来说是有利可图的,但这些组织的确切商业运作在很大程度上是未知的。在这项研究中,我们提出了我们的分析结果的副本和草药补充剂附属计划基于泄露的地面真相数据。该数据集涵盖了两年多的时间,其中包括一个名为Tower of Power (TowPow)的附属项目的600多万美元的销售记录,该项目专注于草药补充剂和假冒奢侈品市场。在本文中,我们提供了一个详细的实证分析,参与子公司,销售动态,收入分享,域名使用模式和转化率。
{"title":"Folex: An analysis of an herbal and counterfeit luxury goods affiliate program","authors":"Mohammad Karami, Shiva Ghaemi, Damon McCoy","doi":"10.1109/ECRS.2013.6805782","DOIUrl":"https://doi.org/10.1109/ECRS.2013.6805782","url":null,"abstract":"The profitability of the underground criminal business of counterfeit or unauthorized products is a major funding source that drives the illegal online advertisement industry. While it is clear that underground online affiliate-based programs are profitable for their owners, the precise business operations of such organizations are unknown to a large extent. In this study, we present the results of our analysis of a replica and herbal supplements affiliate program based on leaked ground truth data. The dataset covers a period of over two years and includes more than $6 million in sale records for an affiliate program known as Tower of Power (TowPow) focusing on the herbal supplements and counterfeit luxury goods market. In this paper we provide a detailed empirical analysis of the participating affiliates, sales dynamics, revenue sharing, domain usage patterns and conversion rates.","PeriodicalId":110678,"journal":{"name":"2013 APWG eCrime Researchers Summit","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114656298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1109/ECRS.2013.6805770
L. Zhang-Kennedy, S. Chiasson, R. Biddle
Users are susceptible to password guessing attacks when they create weak passwords. Despite an abundance of text-based password advice, it appears insufficient to help home users create strong memorable passwords. We propose that users would be empowered to make better password choices if they understood how password guessing attacks work through visual communication. We created three infographic posters and an online educational comic to help users to learn about the threats. We conducted two studies to assess their effectiveness. All four methods led to superior learning outcomes than the text-alone approach. Our pre-test questionnaires also highlighted that users' understanding of password guessing attacks is limited to a “target” mental model. One week after viewing our materials, the majority of users created strong sample passwords, and correctly described all three attacks: targeted, dictionary, and brute-force.
{"title":"Password advice shouldn't be boring: Visualizing password guessing attacks","authors":"L. Zhang-Kennedy, S. Chiasson, R. Biddle","doi":"10.1109/ECRS.2013.6805770","DOIUrl":"https://doi.org/10.1109/ECRS.2013.6805770","url":null,"abstract":"Users are susceptible to password guessing attacks when they create weak passwords. Despite an abundance of text-based password advice, it appears insufficient to help home users create strong memorable passwords. We propose that users would be empowered to make better password choices if they understood how password guessing attacks work through visual communication. We created three infographic posters and an online educational comic to help users to learn about the threats. We conducted two studies to assess their effectiveness. All four methods led to superior learning outcomes than the text-alone approach. Our pre-test questionnaires also highlighted that users' understanding of password guessing attacks is limited to a “target” mental model. One week after viewing our materials, the majority of users created strong sample passwords, and correctly described all three attacks: targeted, dictionary, and brute-force.","PeriodicalId":110678,"journal":{"name":"2013 APWG eCrime Researchers Summit","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128367524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: