Conficker and beyond: a large-scale empirical study

13 years 2 months ago
Conficker and beyond: a large-scale empirical study
Conficker [26] is the most recent widespread, well-known worm/bot. According to several reports [16, 28], it has infected about 7 million to 15 million hosts and the victims are still increasing even now. In this paper, we analyze Conficker infections at a large scale, including about 25 millions victims, and study various interesting aspects about this stateof-the-art malware. By analyzing Conficker, we intend to understand current and new trends in malware propagation, which could be very helpful in predicting future malware trends and providing insights for future malware defense. We observe that Conficker has some very different victim distribution patterns compared to many previous generation worms/botnets, suggesting that new malware spreading models and defense strategies are likely needed. Furthermore, we intend to determine how well a reputation-based blacklisting approach can perform when faced with new malware threats such as Conficker. We cross-check several DNS blacklists...
Seungwon Shin, Guofei Gu
Added 10 Feb 2011
Updated 10 Feb 2011
Type Journal
Year 2010
Authors Seungwon Shin, Guofei Gu
Comments (0)