DocumentCode
711985
Title
Which malware lures work best? Measurements from a large instant messaging worm
Author
Moore, Tyler ; Clayton, Richard
Author_Institution
Southern Methodist Univ., Dallas, TX, USA
fYear
2015
fDate
26-29 May 2015
Firstpage
110
Abstract
Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a `lure´ - a superficially valid reason for their interest. We examine real world data from some `worms´ that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm´s peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic `language independent´ text.
Keywords
Web sites; computer crime; electronic messaging; invasive software; natural language processing; text analysis; Portuguese phrases; Spring 2010; URL shortening systems; brand names; generic language independent text; instant messaging worm; lure URL; malicious URL; malicious Website; malware-distribution scam; phishing; social graph; terse random strings; time 4 week; Facebook; Grippers; IP networks; Malware; Monitoring; Servers; Uniform resource locators;
fLanguage
English
Publisher
ieee
Conference_Titel
Electronic Crime Research (eCrime), 2015 APWG Symposium on
Conference_Location
Barcelona
Type
conf
DOI
10.1109/ECRIME.2015.7120801
Filename
7120801
Link To Document