{"title":"哪种恶意软件引诱效果最好?来自大型即时通讯蠕虫的测量结果","authors":"T. Moore, R. Clayton","doi":"10.1109/ECRIME.2015.7120801","DOIUrl":null,"url":null,"abstract":"Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a `lure' - a superficially valid reason for their interest. We examine real world data from some `worms' that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm's peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic `language independent' text.","PeriodicalId":127631,"journal":{"name":"2015 APWG Symposium on Electronic Crime Research (eCrime)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Which malware lures work best? Measurements from a large instant messaging worm\",\"authors\":\"T. Moore, R. Clayton\",\"doi\":\"10.1109/ECRIME.2015.7120801\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a `lure' - a superficially valid reason for their interest. We examine real world data from some `worms' that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm's peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic `language independent' text.\",\"PeriodicalId\":127631,\"journal\":{\"name\":\"2015 APWG Symposium on Electronic Crime Research (eCrime)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 APWG Symposium on Electronic Crime Research (eCrime)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ECRIME.2015.7120801\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 APWG Symposium on Electronic Crime Research (eCrime)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECRIME.2015.7120801","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Which malware lures work best? Measurements from a large instant messaging worm
Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a `lure' - a superficially valid reason for their interest. We examine real world data from some `worms' that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm's peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic `language independent' text.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
