An Epidemiological Study of Malware Encounters in a Large Enterprise

Yen, Ting-Fang; Heorhiadi, Victor; Oprea, Alina; Reiter, Michael K.; Juels, Ari

doi:10.1145/2660267.2660330

Cited by 54 publications

(37 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, Mezzour et al do not examine malware types such as trojans, worms, and viruses. Finally, we find prior work that studies the correlation between users' demographics and attack encounters [22,9,24,33,38,44], but does not statistically explain international differences.…”

Section: Introductionmentioning

confidence: 54%

“…Moreover, several studies [22,9,24,33,38,44] examine the relationship between users' demographics and/or behavior, and malware exposure. That type of user-level analysis is important, but does not provide insight into how various country-level technical, social, economic, and policy factors affect countries' exposure to malware.…”

Section: Related Workmentioning

confidence: 99%

“…Many studies notice international differences in malware encounters [44,26,27,8,9], but mostly hypothesize about reasons behind such differences without empirically testing the validity of such hypotheses. For example, Caballero et al [8] hypothesize that fake anti-viruses are most prevalent in Western European and North American countries because attackers are interested in taking advantage of the large computing and monetary resources in these countries.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An empirical study of global malware encounters

Mezzour

Carley

2015

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

View full text Add to dashboard Cite

The number of trojans, worms, and viruses that computers encounter varies greatly across countries. Empirically identifying factors behind such variation can provide a scientific empirical basis to policy actions to reduce malware encounters in the most affected countries. However, our understanding of these factors is currently mainly based on expert opinions, not empirical evidence.In this paper, we empirically test alternative hypotheses about factors behind international variation in the number of trojan, worm, and virus encounters. We use the Symantec Anti-Virus (AV) telemetry data collected from more than 10 million Symantec customer computers worldwide that we accessed through the Symantec Worldwide Intelligence Environment (WINE) platform. We use regression analysis to test for the effect of computing and monetary resources, web browsing behavior, computer piracy, cyber security expertise, and international relations on international variation in malware encounters.We find that trojans, worms, and viruses are most prevalent in Sub-Saharan African countries. Many Asian countries also encounter substantial quantities of malware. Our regression analysis reveals that the main factor that explains high malware exposure of these countries is a widespread computer piracy especially when combined with poverty. Our regression analysis also reveals that, surprisingly, web browsing behavior, cyber security expertise, and international relations have no significant effect.

show abstract

Section: Introductionmentioning

confidence: 54%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An empirical study of global malware encounters

Mezzour

Carley

2015

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

View full text Add to dashboard Cite

show abstract

“…In addition, some types of malware can take remote control of computers to increase the damage caused by the attacker. It has been seen in the literature that the amount of malware targeting Windows OS (Microsoft Corporation, Redmond, WA, USA) is larger than targeting other OS [1,2].…”

Section: Introductionmentioning

confidence: 99%

“…Server based antiviruses are not supposed to detect malware inserted either via removable media (USB flash drives and external hard drives) or through wireless access not controlled by network administrators before it reaches the target system. Furthermore, there is not a known antivirus that can detect an encrypted virus in files, and this approach has been used lately by attackers [1,2,6].…”

Section: Introductionmentioning

confidence: 99%

Endpoint Security in Networks: An OpenMP Approach for Increasing Malware Detection Speed

et al. 2017

View full text Add to dashboard Cite

Increasingly sophisticated antivirus (AV) software and the growing amount and complexity of malware demand more processing power from personal computers, specifically from the central processor unit (CPU). This paper conducted performance tests with Clam AntiVirus (ClamAV) and improved its performance through parallel processing on multiple cores using the Open Multi-Processing (OpenMP) library. All the tests used the same dataset constituted of 1.33 GB of data distributed among 2766 files of different sizes. The new parallel version of ClamAV implemented in our work achieved an execution time around 62% lower than the original software version, reaching a speedup of 2.6 times faster. The main contribution of this work is to propose and implement a new version of the ClamAV antivirus using parallel processing with OpenMP, easily portable to a variety of hardware platforms and operating systems.

show abstract

An Analysis of Malware Trends in Enterprise Networks

Acar

Uluagac

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We present an empirical and large-scale analysis of malware samples captured from two different enterprises from 2017 to early 2018. Particularly, we perform threat vector, social-engineering, vulnerability and time-series analysis on our dataset. Unlike existing malware studies, our analysis is specifically focused on the recent enterprise malware samples. First of all, based on our analysis on the combined datasets of two enterprises, our results confirm the general consensus that AV-only solutions are not enough for real-time defenses in enterprise settings because on average 40% of the malware samples, when first appeared, are not detected by most AVs on VirusTotal or not uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our analysis also shows that enterprise users transfer documents more than executables and other types of files. Therefore, attackers embed malicious codes into documents to download and install the actual malicious payload instead of sending malicious payload directly or using vulnerability exploits. Moreover, we also found that financial matters (e.g., purchase orders and invoices) are still the most common subject seen in Business Email Compromise (BEC) scams that aim to trick employees. Finally, based on our analysis on the timestamps of captured malware samples, we found that 93% of the malware samples were delivered on weekdays. Our further analysis also showed that while the malware samples that require user interaction such as macro-based malware samples have been captured during the working hours of the employees, the massive malware attacks are triggered during the off-times of the employees to be able to silently spread over the networks.

show abstract

An Epidemiological Study of Malware Encounters in a Large Enterprise

Cited by 54 publications

References 14 publications

An empirical study of global malware encounters

An empirical study of global malware encounters

Endpoint Security in Networks: An OpenMP Approach for Increasing Malware Detection Speed

An Analysis of Malware Trends in Enterprise Networks

Contact Info

Product

Resources

About