论文信息 - A Systematic Characterization of IM Threats using Honeypots

A Systematic Characterization of IM Threats using Honeypots

The popularity of instant messaging (IM) services has recently attracted the interest of attackers that try to send malicious URLs or files to the contact lists of compromised instant messaging accounts or clients. This work focuses on a systematic characterization of IM threats based on the information collected by HoneyBuddy, a honeypot-like infrastructure for detecting malicious activities in IM networks. HoneyBuddy finds and adds contacts to its honeypot messengers by querying popular search engines for IM contacts or by advertising its accounts on contact finder sites. Our deployment has shown that with over six thousand contacts we can gather between 50 and 110 malicious URLs per day as well as executables. Our experiments show that 21% of our collected executable samples were not gathered by other malware collection infrastructures, while 93% of the identified IM phishing domains were not recorded by popular blacklist mechanisms. Furthermore, our findings show that the malicious domains are hosted by a limited number of hosts that remain practically unchanged throughout time.

Evangelos P. Markatos | Spyros Antonatos | Iasonas Polakis | Thanasis Petsas

[1] David Lee,et al. Coping with Instant Messaging Worms - Statistical Modeling and Analysis , 2007, 2007 15th IEEE Workshop on Local & Metropolitan Area Networks.

[2] Andrew Byde,et al. Virus Throttling for Instant Messaging , 2004 .

[3] Mohammad Mannan. Secure Public Instant Messaging: A Survey † , 2004 .

[4] Herbert Bos,et al. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[5] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[6] Zhenyu Wu,et al. HoneyIM: Fast Detection and Suppression of Instant Messaging Malware in Enterprise-Like Networks , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[7] N. Hindocha. Threats to Instant Messaging , 2003 .

[8] David Lee,et al. Defending against Instant Messaging Worms , 2006 .

[9] Paul C. van Oorschot,et al. Secure Public Instant Messaging , 2004, PST.

[10] Na Li,et al. Detecting and filtering instant messaging spam - a global and personalized approach , 2005, 1st IEEE ICNP Workshop on Secure Network Protocols, 2005. (NPSec)..

[11] Jure Leskovec,et al. Planetary-scale views on a large instant-messaging network , 2008, WWW.

[12] John Langford,et al. Telling humans and computers apart automatically , 2004, CACM.

[13] Sven Krasser,et al. Analyzing Network and Content Characteristics of Spim Using Honeypots , 2007, SRUTI.