Dynamic malware analysis of phishing emails

Document Type

Conference Proceeding

Source of Publication

2018 9th International Conference on Information and Communication Systems, ICICS 2018

Publication Date

5-4-2018

Abstract

© 2018 IEEE. Malicious software or malware is one of the most significant dangers facing the Internet today. In the fight against malware, users depend on anti-malware and anti-virus products to proactively detect threats before damage is done. Those products rely on static signatures obtained through malware analysis. Unfortunately, malware authors are always one step ahead in avoiding detection. This research deals with dynamic malware analysis, which emphasizes on: how the malware will behave after execution, what changes to the operating system, registry and network communication take place. Dynamic analysis opens up the doors for automatic generation of anomaly and active signatures based on the new malware's behavior. The research includes a design of honeypot to capture new malware and a complete dynamic analysis laboratory setting. We propose a standard analysis methodology by preparing the analysis tools, then running the malicious samples in a controlled environment to investigate their behavior. We analyze 173 recent Phishing emails and 45 SPIM messages in search for potentially new malwares, we present two malware samples and their comprehensive dynamic analysis.

ISBN

9781538643662

Publisher

Institute of Electrical and Electronics Engineers Inc.

Volume

2018-January

First Page

18

Last Page

24

Disciplines

Computer Sciences

Keywords

Dynamic Malware Analysis, Honeynet, Malware, Phishing Emails, Signature Generation

Scopus ID

85048514668

Indexed in Scopus

yes

Open Access

no

Share

COinS