Visible to the public Dynamic malware analysis of phishing emails

TitleDynamic malware analysis of phishing emails
Publication TypeConference Paper
Year of Publication2018
AuthorsQbeitah, M. A., Aldwairi, M.
Conference Name2018 9th International Conference on Information and Communication Systems (ICICS)
ISBN Number978-1-5386-4366-2
Keywordsactive signature, anomaly signature, anti-malware, anti-virus products, automatic generation, complete dynamic analysis laboratory setting, comprehensive dynamic analysis, Computer crime, computer viruses, digital signatures, dynamic analysis laboratory setting, Dynamic Malware Analysis, Electronic mail, honeynet, Human Behavior, Internet, invasive software, Malware, malware analysis, malware authors, malware samples, Metrics, network communication, operating system, phishing, phishing emails, potentially new malwares, pubcrawl, Resiliency, Servers, Signature Generation, SPIM messages, standard analysis methodology, system monitoring, Tools

Malicious software or malware is one of the most significant dangers facing the Internet today. In the fight against malware, users depend on anti-malware and anti-virus products to proactively detect threats before damage is done. Those products rely on static signatures obtained through malware analysis. Unfortunately, malware authors are always one step ahead in avoiding detection. This research deals with dynamic malware analysis, which emphasizes on: how the malware will behave after execution, what changes to the operating system, registry and network communication take place. Dynamic analysis opens up the doors for automatic generation of anomaly and active signatures based on the new malware's behavior. The research includes a design of honeypot to capture new malware and a complete dynamic analysis laboratory setting. We propose a standard analysis methodology by preparing the analysis tools, then running the malicious samples in a controlled environment to investigate their behavior. We analyze 173 recent Phishing emails and 45 SPIM messages in search for potentially new malwares, we present two malware samples and their comprehensive dynamic analysis.

Citation Keyqbeitah_dynamic_2018