Nazca: Detecting Malware Distribution in Large-Scale Networks
Malware remains one of the most significant security threats on the Internet. Antivirus solutions and blacklists, the main weapons of defense against these attacks, have only been (partially) successful. One reason is that cyber-criminals take active steps to bypass defenses, for example, by distributing constantly changing (obfuscated) variants of their malware programs, and by quickly churning through domains and IP addresses that are used for distributing exploit code and botnet commands. The authors analyze one of the core tasks that malware authors have to achieve to be successful: they must distribute and install malware programs onto as many victim machines as possible.