Dynamic malware analysis of phishing emails

Malicious software or malware is one of the most significant dangers facing the Internet today. In the fight against malware, users depend on anti-malware and anti-virus products to proactively detect threats before damage is done. Those products rely on static signatures obtained through malware analysis. Unfortunately, malware authors are always one step ahead in avoiding detection. This research deals with dynamic malware analysis, which emphasizes on: how the malware will behave after execution, what changes to the operating system, registry and network communication take place. Dynamic analysis opens up the doors for automatic generation of anomaly and active signatures based on the new malware's behavior. The research includes a design of honeypot to capture new malware and a complete dynamic analysis laboratory setting. We propose a standard analysis methodology by preparing the analysis tools, then running the malicious samples in a controlled environment to investigate their behavior. We analyze 173 recent Phishing emails and 45 SPIM messages in search for potentially new malwares, we present two malware samples and their comprehensive dynamic analysis.

[1]  El-Sayed M. El-Alfy,et al.  A Multicriterion Fuzzy Classification Method with Greedy Attribute Selection for Anomaly-based Intrusion Detection , 2014, FNC/MobiSPC.

[2]  Monther Aldwairi,et al.  Detection of Drive-by Download Attacks Using Machine Learning Approach , 2017, Int. J. Inf. Secur. Priv..

[3]  Zhu Guang-lin On"Cloud Computing" , 2011 .

[4]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[5]  Michael Ligh,et al.  Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code , 2010 .

[6]  Monther Aldwairi,et al.  Exhaust: Optimizing Wu-Manber pattern matching for intrusion detection using Bloom filters , 2015, 2015 2nd World Symposium on Web Applications and Networking (WSWAN).

[7]  Debasish Jena,et al.  Honeypot in network security: a survey , 2011, ICCCS '11.

[8]  Leonardo L Carvalho,et al.  The fat-1 transgene in mice increases antioxidant potential, reduces pro-inflammatory cytokine levels, and enhances PPARγ and SIRT-1 expression on a calorie restricted diet , 2009, Oxidative medicine and cellular longevity.

[9]  Monther Aldwairi,et al.  GFlux: A google-based system for Fast Flux detection , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[10]  M. Aldwairi,et al.  Baeza-Yates and Navarro approximate string matching for spam filtering , 2012, Second International Conference on the Innovative Computing Technology (INTECH 2012).

[11]  Monther Aldwairi,et al.  Efficient Wu-Manber Pattern Matching Hardware for Intrusion and Malware Detection , 2020, ArXiv.

[12]  T. Gireesh Kumar,et al.  A Framework for Dynamic Malware Analysis Based on Behavior Artifacts , 2016, FICTA.

[13]  Monther Aldwairi,et al.  MALURLs: Malicious URLs Classification System , 2011 .

[14]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[15]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[17]  Monther Aldwairi,et al.  Automated malicious advertisement detection using VirusTotal, URLVoid, and TrendMicro , 2017, 2017 8th International Conference on Information and Communication Systems (ICICS).