Ghost Turns Zombie: Exploring the Life Cycle of Web-Based Malware

While the web provides information and services that enrich their lives in many ways, it has also become the primary vehicle for delivering malware. Once infected with web-based malware, an unsuspecting user's machine is converted into a productive member of the Internet underground. This paper explores the life cycle of web-based malware by employing light-weight responders to capture the network profile of infected machines. Their results indicate that web-based malware provides a cornerstone for large scale electronic fraud. It is used to exfiltrate address books of compromised machines creating databases of hundred millions of email addresses, to form spamming botnets responsible for a significant fraction of spam currently seen on the Internet, and also to steal login credentials that can be directly monetized or leveraged to turn more web servers into malware delivery vectors.