Security

BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection

Download Now Free registration required

Executive Summary

The authors introduce BotSwindler, a bait injection system designed to delude and detect crimeware by forcing it to reveal during the exploitation of monitored information. The implementation of BotSwindler relies upon an out-of-host software agent that drives user-like interactions in a virtual machine, seeking to convince malware residing within the guest OS that it has captured legitimate credentials. To aid in the accuracy and realism of the simulations, they propose a low overhead approach, called virtual machine verification, for verifying whether the guest OS is in one of a predefined set of states.

  • Format: PDF
  • Size: 246.7 KB