Paper Info
Title
The role of cloud services in malicious software: Trends and insights
Abstract
In this paper we investigate the way cyber-criminals abuse public cloud services to host part of their malicious infrastructures, including exploit servers to distribute malware, C&C servers to manage infected terminals, redirectors to increase anonymity, and drop zones to host stolen data. We conduct a large scale analysis of all the malware samples submitted to the Anubis malware analysis system between 2008 and 2014. For each sample, we extracted and analyzed all malware interactions with Amazon EC2, a major public cloud service provider, in order to better understand the malicious activities that involve public cloud services. In our experiments, we distinguish between benign cloud services that are passively used by malware such as file sharing, URL shortening, and pay-per-install services, and other dedicated machines that play a key role in the malware infrastructure. Our results reveal that cyber-criminals sustain long-lived operations through the use of public cloud resources, either as a redundant or a major component of their malware infrastructures. We also observe that the number of malicious and dedicated cloud-based domains has increased almost 4 times between 2010 and 2013. To understand the reasons behind this trend, we also present a detailed analysis using public DNS records. For instance, we observe that certain dedicated malicious domains hosted on the cloud remain active for an average of 110 days since they are first observed in the wild.
Year
DOI
Venue
2015
10.1007/978-3-319-20550-2_10
Detection of Intrusions and Malware & Vulnerability Assessment
Field
DocType
Citations 
World Wide Web,URL shortening,Computer security,Computer science,Server,Exploit,Anonymity,File sharing,Malware,Cloud computing,Malware analysis
Conference
2
PageRank 
References 
Authors
0.37
7
3
Name
Order
Citations
PageRank
Xiao Han1314.29
Nizar Kheir212410.96
Davide Balzarotti32040113.64