An Analysis of SpyEye Detection and Removal Tools
| Forfattere | Hanno Langweg, Benjamin Adolphi, Svein Engen |
| Institusjon | Høgskolen i Gjøvik |
| Publikasjon | Norsk informasjonssikkerhetskonferanse (NISK) |
| Utgave | 2011 |
| Publiseringsdato | 2011-12-04 |
| Generell lenke | http://www.frisc.no/arrangementer/nisk-2012-4/ |
| ISBN/ISBN2 | 9788251928458/ |
| Kategori | Informasjonsteknologi |
| Redaktør | Ragnar Soleng |
Abstrakt
In February 2011, several Norwegian banks observed malware attacks ontheir online banking interfaces. Following the observation, customers were
advised to download and run SpyEye malware detection and removal tools
to find out if their machines were affected and to remove the malware in
case an infection was confirmed. We can confirm that the detection tool
detects presence of SpyEye malware on a personal computer. We can also
confirm that the removal tools we tested do remove SpyEye malware from a
personal computer. We are concerned that removal is not complete in all cases
and we are concerned that the detection and removal tools are susceptible to
manipulations of their user interface by future variants of SpyEye malware.
Referanser
[1] Kreetta Askola, Rauli Puuper¨a, Pekka Pietik¨ainen, Juhani Eronen, Marko Laakso, Kimmo Halunen, and Juha R¨oning. Vulnerability dependencies in antivirus software.In Proceedings of the 2008 Second International Conference on Emerging Security
Information, Systems and Technologies, pages 273–278, Washington, DC, USA,
2008. IEEE Computer Society.
[2] Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian,
and Jose Nazario. Automated classification and analysis of internet malware. In
Proceedings of the 10th international conference on Recent advances in intrusion
detection, RAID’07, pages 178–197, Berlin, Heidelberg, 2007. Springer-Verlag.
[3] Ulrich Bayer, Engin Kirda, and Christopher Kruegel. Improving the efficiency of dynamic malware analysis. In Proceedings of the 2010 ACM Symposium on Applied
Computing, SAC ’10, pages 1871–1878, New York, NY, USA, 2010. ACM.
[4] Xu Chen, J. Andersen, Z.M. Mao, M. Bailey, and J. Nazario. Towards an
understanding of anti-virtualization and anti-debugging behavior in modern malware.
In IEEE International Conference on Dependable Systems and Networks With FTCS
and DCC, 2008. DSN 2008., pages 177 –186, June 2008.
[5] Amanda M. Holland-Minkley. Cyberattacks: a lab-based introduction to computer security. In Proceedings of the 7th conference on Information technology education, SIGITE ’06, pages 39–46, New York, NY, USA, 2006. ACM.
[6] Frank H. Katz. Campus-wide spyware and virus removal as a method of teaching
information security. In Proceedings of the 3rd annual conference on Information
security curriculum development, InfoSecCD ’06, pages 1–4, New York, NY, USA,
2006. ACM.
[7] Yi min Wang, Roussi Roussev, Chad Verbowski, Aaron Johnson, Ming wei Wu,
Yennun Huang, and Sy yen Kuo. Gatekeeper: Monitoring auto-start extensibilitypoints (aseps) for spyware management. In In Proceedings of Usenix Large Installation System Administration Conference (LISA), 2004.
[8] Fabian M¨uller, Heiko Fangmeier, Michel Messerschmidt, and Jan Seedorf. PackTest 2004-07. An anti-malware product test conducted by the antiVirusTestCenter University of Hamburg. ftp://ftp.informatik.uni-hamburg.de/pub/unihh/informatik/AGN/texts/tests/pc-av/packtest/packtest-report.pdf, 2004.
[9] Harshit Nayyar and Pedro Bueno. Clash of the Titans: ZeuS v SpyEye. SANS Institute InfoSec Reading Room, 2010.
Forrige artikkel Neste artikkel
