A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums

23 Oct
2024

Michal Tereszkowski-Kaminski, Research Engineer at IMDEA Networks and PhD Student at King’s College London

In-house Presentation

To date, most analysis of collaboration between malware authors has been performed on meta-data and compiled binaries, while ignoring artifacts present in the source code. We collect a vast amount of malicious source code from Underground Forums posts, Underground Forum code attachments, and GitHub repositories and devise a methodology that allows us to filter out most auxiliary code, leaving the measurement to focus on malicious code. We leverage this to perform an in-depth measurement of the reuse of malicious code between these malware centers as well as StackOverflow. We find that our methodology has high precision in identifying malicious code (93.1%) and provides a contemporary snapshot of malware code reuse across the Web, offering insights into the manners in which this takes place.

About Michal Tereszkowski-Kaminski

Michal is a research engineer at IMDEA and a PhD student at the Cybersecurity group at King’s College London with an MSci from the same institution. His research focuses on the malware ecosystem from a software engineering perspective, attempting to profile and study malware developers and activity via their source code artifacts.

This event will be conducted in English

  • Location: MR-A1 [Ramón] & MR-A2 [Cajal], IMDEA Networks Institute, Avda. del Mar Mediterráneo 22, 28918 Leganés – Madrid
  • Organization: IMDEA Networks Institute; NETCOM Research Group (Telematics Engineering Department, UC3M)
  • Time: 13:00
  • Add to Calendar: iCalendar Outlook Google