Abstract: Recent years have seen extensive growth of services enabling free broadcasts of live streams on the Web. Free live streaming (FLIS) services attract millions of viewers and make heavy use of deceptive advertisements. Despite the immense popularity of these services, little is known about the parties that facilitate it and maintain webpages to index links for free viewership. more
Coverage: WashingtonTimes BBC Fortune Wired ITProPorta TechWeekEurope BoxCryptor, Anonymous Trusted Reviews Advanced Television After Dawn Dream Team FC Anonymous Headquarter KU-Leuven
Clarification on media quoting me:
“[To watch the stream] users are typically asked (or lured) to install the browser extensions, and once the user installs the extension, it can potentially change any website inside the computer browser (e.g., through ad injection etc.).
So, if a person installs an extension while watching a stream, and then visits a site like BBC.com (or any other site), these extensions can potentially change the contents of BBC.com *in the user browser* and can include malicious links.”
FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors.
The ever-increasing number of malware families and polymorphic variants creates a pressing need for automatic tools to cluster the collected malware into families and generate behavioral signatures for their detection. Among these, network traffic is a powerful behavioral signature and network signatures are widely used by network administrators. In this paper we present FIRMA, a tool that given a large pool of network traffic obtained by executing unlabeled malware binaries, generates a clustering of the malware binaries into families and a set of network signatures for each family. Compared with prior tools, FIRMA produces network signatures for each of the network behaviors of a family, regardless of the type of traffic the malware uses (e.g., HTTP, IRC, SMTP, TCP, UDP). We have implemented FIRMA and evaluated it on two recent datasets comprising nearly 16,000 unique malware binaries. Our results show that FIRMA’s clustering has very high precision (100% on a labeled dataset) and recall (97.7%). We compare FIRMA’s signatures with manually generated ones, showing that they are as good (often better), while generated in a fraction of the time.
Some Reviews: ICT-Networks