Measuring Pay-Per-Install: The Commoditization of Malware Distribution

Recent years have seen extensive diversification of the "Underground economy" associated with malware and the subversion of Internet-connected systems. This trend towards specialization has compelling forces driving it: miscreants readily apprehend that tackling the entire value-chain from malware creation to monetization in the presence of ever-evolving countermeasures poses a daunting task requiring highly developed skills and resources. As a result, entrepreneurial-minded miscreants have formed Pay-Per-Install (PPI) services - specialized organizations that focus on the infection of victims' systems. In this paper, the authors perform a measurement study of the PPI market by infiltrating four PPI services. They develop infrastructure that enables one to interact with PPI services and gather and classify the resulting malware executables distributed by the services.

Provided by: UC Regents Topic: Security Date Added: Jun 2011 Format: PDF

Find By Topic