Article

Anatomy of exploit kits: preliminary analysis of exploit kits as software artefacts

Authors:

Vadim Kotov,

Fabio MassacciAuthors Info & Claims

ESSoS'13: Proceedings of the 5th international conference on Engineering Secure Software and Systems

Pages 181 - 196

https://doi.org/10.1007/978-3-642-36563-8_13

Published: 27 February 2013 Publication History

Publisher Site

Abstract

In this paper we report a preliminary analysis of the source code of over 30 different exploit kits which are the main tool behind drive-by-download attacks. The analysis shows that exploit kits make use of a very limited number of vulnerabilities and in a rather unsophisticated fashion. Their key strength is rather their ability to support "customers" in avoiding detection, monitoring traffic, and managing exploits.

References

[1]

Internet security threat report (April 2012), http://www.symantec.com/threatreport (Checked on September 10, 2012)

Google Scholar

[2]

Coogan, P.: Fragus exploit kit changes the business model (February 2010), http://www.symantec.com/connect/blogs/fragus-exploit-kit-changes-business-model (Checked on September 10, 2012)

Google Scholar

[3]

Cova, M., Kruegel, C., Vigna, G.: There is no free phish: an analysis of 'free' and live phishing kits. In: Proceedings of WOOT 2008, pp. 4:1-4:8 (2008)

Digital Library

Google Scholar

[4]

Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of CCS 2007, pp. 375- 388 (2007)

Digital Library

Google Scholar

[5]

Fraser, H.: Exploring black hole exploit kit (March 2012), http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit (Checked on September 10, 2012)

Google Scholar

[6]

Grier, C., Ballard, L., Caballero, J., Chachra, N., Dietrich, C. J., Levchenko, K., Mavrommatis, P., McCoy, D., Nappa, A., Pitsillidis, A., Provos, N., Rafique, M. Z., Rajab, M. A., Rossow, C., Thomas, K., Paxson, V., Savage, S., Voelker, G. M.: Manufacturing compromise: the emergence of exploit-as-a-service. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 821-832. ACM, New York (2012)

Digital Library

Google Scholar

[7]

Guido, D.: A case study of intelligence-driven defense. IEEE Security Privacy 9(6), 67-70 (2011)

Digital Library

Google Scholar

[8]

Herley, C., Florencio, D.: Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In: Economics of Information Security and Privacy (2010)

Google Scholar

[9]

Motoyama, M., McCoy, D., Savage, S., Voelker, G. M.: An analysis of underground forums. In: Proceedings of ICM 2011 (2011)

Digital Library

Google Scholar

[10]

Namestnikov, Y.: IT threat evolution: Q1 2012 (May 2012), http://www.securelist.com/en/analysis/204792231/IT_Threat_Evolution_Q1_2012 (Checked on September 10, 2012)

Google Scholar

[11]

Naranie, R.: Drive-by downloads. The web under siege (April 2009) (Checked on September 10, 2012)

Google Scholar

[12]

Preuss, M., Diaz, V.: Exploit kits - a different view (February 2011), http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View (Checked on September 10, 2012)

Google Scholar

[13]

Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying malicious websites and the underground economy on the chinese web. In: Proceedings of MIRES, pp. 225-244 (2009)

Crossref

Google Scholar

Cited By

View all

Dashevskyi SSantos DMassacci FSabetta A(2019)TestRExInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-017-0474-121:1(105-119)Online publication date: 1-Feb-2019
https://dl.acm.org/doi/10.1007/s10009-017-0474-1
Allodi LEtalle SMultari NSinghal AMiler E(2017)Towards Realistic Threat ModelingProceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense10.1145/3140368.3140372(23-26)Online publication date: 3-Nov-2017
https://dl.acm.org/doi/10.1145/3140368.3140372
Kline JBarford PCahn ASommers JUhlig SMaennel O(2017)On the structure and characteristics of user agent stringProceedings of the 2017 Internet Measurement Conference10.1145/3131365.3131406(184-190)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1145/3131365.3131406
Show More Cited By

Anatomy of exploit kits: preliminary analysis of exploit kits as software artefacts
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Exploit hijacking: side effects of smart defenses
LSAD '06: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense

Recent advances in the defense of networked computers use instrumented binaries to track tainted data and can detect attempted break-ins automatically. These techniques identify how the transfer of execution to the attacker takes place, allowing the ...
Transforming malicious code to ROP gadgets for antivirus evasion

This study advances research in offensive technology by proposing return oriented programming (ROP) as a means to achieve code obfuscation. The key inspiration is that ROP's unique structure poses various challenges to malware analysis compared to ...
The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using ...

Comments

Information & Contributors

Information

Published In

ESSoS'13: Proceedings of the 5th international conference on Engineering Secure Software and Systems

February 2013

228 pages

ISBN:9783642365621

Editors:
Jan Jürjens
Department of Computer Science, TU Dortmund und Fraunhofer ISST, Otto-Hahn-Straße 14, Dortmund, Germany
,
Benjamin Livshits
One Microsoft Way, Microsoft Research, Otto-Hahn-Straße 14, Redmond, WA, Germany
,
Riccardo Scandariato
Department of Computer Science, Katholieke Universiteit Leuven, Celestijnenlaan 200A, Heverlee, WA, Belgium

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 27 February 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Dashevskyi SSantos DMassacci FSabetta A(2019)TestRExInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-017-0474-121:1(105-119)Online publication date: 1-Feb-2019
Allodi LEtalle SMultari NSinghal AMiler E(2017)Towards Realistic Threat ModelingProceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense10.1145/3140368.3140372(23-26)Online publication date: 3-Nov-2017
Kline JBarford PCahn ASommers JUhlig SMaennel O(2017)On the structure and characteristics of user agent stringProceedings of the 2017 Internet Measurement Conference10.1145/3131365.3131406(184-190)Online publication date: 1-Nov-2017
Thomas DPastrana SHutchings AClayton RBeresford AUhlig SMaennel O(2017)Ethical issues in research using datasets of illicit originProceedings of the 2017 Internet Measurement Conference10.1145/3131365.3131389(445-462)Online publication date: 1-Nov-2017
Nikolaev IGrill MValeros V(2016)Exploit Kit Website Detection Using HTTP Proxy LogsProceedings of the Fifth International Conference on Network, Communication and Computing10.1145/3033288.3033354(120-125)Online publication date: 17-Dec-2016
Mansoori MWelch IHashemi S(2016)Measurement of IP and network tracking behaviour of malicious websitesProceedings of the Australasian Computer Science Week Multiconference10.1145/2843043.2843358(1-8)Online publication date: 1-Feb-2016
Allodi LMassacci F(2014)Comparing Vulnerability Severity and Exploits Using Case-Control StudiesACM Transactions on Information and System Security10.1145/263006917:1(1-20)Online publication date: 15-Aug-2014
Eshete BVenkatakrishnan VBertino ESandhu RPark J(2014)WebWinnowProceedings of the 4th ACM conference on Data and application security and privacy10.1145/2557547.2557575(305-312)Online publication date: 3-Mar-2014
Sood AEnbody R(2014)Targeted Cyber AttacksundefinedOnline publication date: 21-Apr-2014

Abstract

References

Cited By

Recommendations

Exploit hijacking: side effects of smart defenses

Transforming malicious code to ROP gadgets for antivirus evasion

The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems

Comments

Information

Published In

Sponsors

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations