UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Shedding Light on the Targeted Victim Profiles of Malicious Downloaders

Labrèche, F; Mariconti, E; Stringhini, G; (2022) Shedding Light on the Targeted Victim Profiles of Malicious Downloaders. In: ACM International Conference Proceeding Series. (pp. p. 112). ACM: Association for Computing Machinery Green open access

[thumbnail of 2208.13278.pdf]
Preview
Text
2208.13278.pdf - Accepted Version

Download (771kB) | Preview

Abstract

Malware affects millions of users worldwide, impacting the daily lives of many people as well as businesses. Malware infections are increasing in complexity and unfold over a number of stages. A malicious downloader often acts as the starting point as it fingerprints the victim's machine and downloads one or more additional malware payloads. Although previous research was conducted on these malicious downloaders and their Pay-Per-Install networks, limited work has investigated how the profile of the victim machine, e.g., its characteristics and software configuration, affect the targeting choice of cybercriminals. In this paper, we operate a large-scale investigation of the relation between the machine profile and the payload downloaded by droppers, through 151,189 executions of malware downloaders over a period of 12 months. We build a fully automated framework which uses Virtual Machines (VMs) in sandboxes to build custom user and machine profiles to test our malicious samples. We then use changepoint analysis to model the behavior of different downloader families, and perform analyses of variance (ANOVA) on the ratio of infections per profile. With this, we identify which machine profile is targeted by cybercriminals at different points in time. Our results show that a number of downloaders present different behaviors depending on a number of features of a machine. Notably, a higher number of infections for specific malware families were observed when using different browser profiles, keyboard layouts and operating systems, while one keyboard layout obtained fewer infections of a specific malware family. Our findings bring light to the importance of the features of a machine running malicious downloader software, particularly for malware research.

Type: Proceedings paper
Title: Shedding Light on the Targeted Victim Profiles of Malicious Downloaders
Event: ARES 2022: The 17th International Conference on Availability, Reliability and Security
ISBN-13: 9781450396707
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/3538969.3544435
Publisher version: https://doi.org/10.1145/3538969.3544435
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Malware, Downloader, Pay-Per-Install, Changepoint Analysis
UCL classification: UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL
URI: https://discovery.ucl.ac.uk/id/eprint/10155828
Downloads since deposit
17Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item