An Empirical Study of Real-World Polymorphic Code Injection Attacks

Free registration required

Executive Summary

Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, the authors present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. They focus on the analysis of the structure and operation of the attack code, as well as the overall attack activity in relation to the targeted services. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, while the results indicate limited use of sophisticated obfuscation schemes and extensive code reuse among different malware families.

  • Format: PDF
  • Size: 657 KB