Category Archives: Malware Analysis and Detection

SMTP Dialects, or how to detect bots by looking at SMTP conversations

It is somewhat surprising that, in 2012, we are still struggling fighting spam. In fact, any victory we score against botnets is just temporary, and the spam levels raise again after some time. As an example, the amount of spam … Continue reading

Posted in Malware Analysis and Detection | Leave a comment

Andrubis: A Tool for Analyzing Unknown Android Applications

We are proud to announce that we have released our brand new extension for Anubis: Andrubis. As the name already suggests, Andrubis is designed to analyze unknown apps for the Android platform (APKs), just like Anubis does for Windows executables. … Continue reading

Posted in Anubis, Binary Analysis, Malware Analysis and Detection | Leave a comment

BotMagnifier: Locating Spambots on the Internet

During the 20th USENIX Security Symposium, which will take place in San Francisco starting August 8, we will present our paper BotMagnifier: Locating Spambots on the Internet. This paper tries to tackle the problem of detecting bot infected machines from … Continue reading

Posted in Botnets, Malware Analysis and Detection | Leave a comment

Peering Through the iFrame

This week we finalized our paper titled “Peering Through the iFrame” that will appear at InfoCom 2011 in Shanghai. In this paper, we present our infiltration of a drive-by-download campaign known as Mebroot that is used to spread several types of … Continue reading

Posted in Botnets, Malware Analysis and Detection, Web Security | Leave a comment

Anubis – Managing a growing, distributed infrastructure for Binary Analysis [Part II]

In part I of this blog post, I summarized how and why the Anubis system has grown into a not only virtually, but also physically distributed analysis service. In part II, I will explain how we tackled the problem of … Continue reading

Posted in Anubis, Binary Analysis, General, Malware Analysis and Detection | Leave a comment

EXPOSURE: A new service from iSecLab goes online

Last month, in this post, we announced an upcoming service called EXPOSURE which detects domain names that are involved in malicious activities. We perform passive DNS analysis. After a period of testing, finally, we started the beta version of the service. … Continue reading

Posted in Botnets, DNS, General, Malware Analysis and Detection, Systems Security | Leave a comment

EXPOSURE, a new upcoming service for finding malicious domains using passive DNS analysis

One of the papers we will be presenting in the upcoming NDSS 2011 conference in San Diego will be Leyla‘s work on detecting malicious DNS domains using large-scale passive DNS analysis. We have used EXPOSURE in practice to automatically detect … Continue reading

Posted in Malware Analysis and Detection, Systems Security | Leave a comment