To date, most analysis of collaboration between malware authors has been performed on meta-data and compiled binaries, while ignoring artifacts present in the source code. We collect a vast amount of malicious source code from Underground Forums posts, Underground Forum code attachments, and GitHub repositories and devise a methodology that allows us to filter out most auxiliary code, leaving the measurement to focus on malicious code. We leverage this to perform an in-depth measurement of the reuse of malicious code between these malware centers as well as StackOverflow. We find that our methodology has high precision in identifying malicious code (93.1%) and provides a contemporary snapshot of malware code reuse across the Web, offering insights into the manners in which this takes place.
Michal is a research engineer at IMDEA and a PhD student at the Cybersecurity group at King’s College London with an MSci from the same institution. His research focuses on the malware ecosystem from a software engineering perspective, attempting to profile and study malware developers and activity via their source code artifacts.
This event will be conducted in English