An empirical study of global malware encounters

The number of trojans, worms, and viruses that computers encounter varies greatly across countries. Empirically identifying factors behind such variation can provide a scientific empirical basis to policy actions to reduce malware encounters in the most affected countries. However, our understanding of these factors is currently mainly based on expert opinions, not empirical evidence. In this paper, we empirically test alternative hypotheses about factors behind international variation in the number of trojan, worm, and virus encounters. We use the Symantec Anti-Virus (AV) telemetry data collected from more than 10 million Symantec customer computers worldwide that we accessed through the Symantec Worldwide Intelligence Environment (WINE) platform. We use regression analysis to test for the effect of computing and monetary resources, web browsing behavior, computer piracy, cyber security expertise, and international relations on international variation in malware encounters. We find that trojans, worms, and viruses are most prevalent in Sub-Saharan African countries. Many Asian countries also encounter substantial quantities of malware. Our regression analysis reveals that the main factor that explains high malware exposure of these countries is a widespread computer piracy especially when combined with poverty. Our regression analysis also reveals that, surprisingly, web browsing behavior, cyber security expertise, and international relations have no significant effect.

[1]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[2]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[3]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[4]  Julio Canto,et al.  Large scale malware collection : lessons learned , 2008 .

[5]  Kathleen M. Carley,et al.  Global Mapping of Cyber Attacks , 2014 .

[6]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[7]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[8]  Tudor Dumitras,et al.  Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE) , 2011, BADGERS '11.

[9]  Engin Kirda,et al.  Insights into User Behavior in Dealing with Internet Attacks , 2012, NDSS.

[10]  Kallol Kumar Bagchi,et al.  Global software piracy , 2006, Commun. ACM.

[11]  Leyla Bilge,et al.  On the effectiveness of risk prediction based on users browsing behavior , 2014, AsiaCCS.

[12]  Tudor Dumitras,et al.  Spatio-temporal mining of software adoption & penetration , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[13]  Michael K. Reiter,et al.  An Epidemiological Study of Malware Encounters in a Large Enterprise , 2014, CCS.

[14]  Leonard M. Freeman,et al.  A set of measures of centrality based upon betweenness , 1977 .

[15]  Andrew B. Whinston,et al.  Global software piracy revisited , 2004, CACM.

[16]  Anja Feldmann,et al.  An Assessment of Overt Malicious Activity Manifest in Residential Networks , 2011, DIMVA.

[17]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[18]  Sonia Chiasson,et al.  A clinical study of risk factors related to malware infections , 2013, CCS.

[19]  Markus Kammerstetter,et al.  Vanity, cracks and malware: insights into the anti-copy protection ecosystem , 2012, CCS '12.

[20]  Leyla Bilge,et al.  Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat , 2012, RAID.

[21]  Kathleen M. Carley,et al.  Longitudinal analysis of a large corpus of cyber threat descriptions , 2016, Journal of Computer Virology and Hacking Techniques.

[22]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[23]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[24]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..