Malware and exploit campaign detection system and method
a detection system and campaign technology, applied in the field of malware and exploit campaign detection system and method, can solve the problem of limiting the country of origin of the ip address
Inactive Publication Date: 2017-02-23
NSS LABS
View PDF6 Cites 21 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Benefits of technology
[0006]In one implementation, BaitNET is the conglomerate of a number of software applications, processes, and innovations as outlined herein which afford BaitNET the ability to shim into the operating system and the virtual machine architecture (both guest and host) enabling BaitNET to obfuscate the fact that the machine itself is a virtual / unmanned computer. The system utilizes a multitude of virtual private networks (VPNs) allowing a near-unlimited number of unique Internet IP addresses from all across the world to be used. These disparate IP addresses afford two primary advantages to BaitNET. One, in order to force re-infection, as many malware system will not “drop” (deploy) malware to the same IP address more than once, it is necessary to have BaitNET obfuscate its Internet presence. Two, many malware campaigns limit their targets by geo-location, which is often tracked via IP Address. E.g., Malware-infected servers often limit themselves to only infecting one (1) computer from any given masked IP address, and may limit the country of origin of the IP addresses that they will infect. BaitNET utilizes VPNs throughout the world to mimic dispersed geo-location and map out malware campaigns in different regions. Other techniques, while not proprietary to BaitNET, may also be used to emulate potential target qualification data points such as varying the language pack and keyboard language configuration on the host operating system.
[0009]Due to the transparency of BaitNET to the exploit and any malware it drops, BaitNET is able to perform live analysis that that can track threat actors and fully enumerate their capabilities (i.e. which exploit kits they are using, which specific exploits are employed, which applications are being targeted, and full details of the exploits themselves). BaitNET therefore produces accurate predictions of which applications are being targeted in current campaigns by threat actors, providing predictive threat analysis AHEAD of any breach.
[0013]BaitNET provides a malware and exploit campaign detection system and method that cannot be detected by the malware or exploit campaign. The system may provide threat feed data to the vendors that produce in-line network security and endpoint protection technologies. The system may also be used as a testing platform for 3rd party products. Due to the massive footprint of the system's cloud infrastructure and disparate network connections and geolocation obfuscation techniques, NSS can locate and monitor malware across the globe and provide detailed threat analysis for each specific region, as they often support and host different malware / cybercrime campaigns.
Problems solved by technology
Two, many malware campaigns limit their targets by geo-location, which is often tracked via IP Address. E.g., Malware-infected servers often limit themselves to only infecting one (1) computer from any given masked IP address, and may limit the country of origin of the IP addresses that they will infect.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0017]The system and method for malware and exploit campaign detection (known as BaitNET) is designed to seek out, detect, itemize, and retest active URLs serving drive-by exploits. BaitNET is a multi-leveled application operating within the kernel and user layers of the operating system that make it unique when compared to similar technologies utilized to detect and prevent malware.
[0018]Note that the distinction is important—malware is the payload that is delivered by an exploit. There are literally hundreds of thousands of malware samples in the wild, and it is a trivial matter to obfuscate these or morph them into something new. In contrast, there are only a few hundred active exploits in the wild at any given point in time—the exploit is the mechanism whereby the threat actor compromises the system in order to deliver and execute the malware. By identifying and blocking exploits, BaitNET moves further up the kill chain from traditional malware protection products and provides m...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
A malware and exploit campaign detection system and method are provided that cannot be detected by the malware or exploit campaign. The system may provide threat feed data to the vendors that produce in-line network security and end point protection (anti virus) technologies. The system may also be used as a testing platform for 3rd party products. Due to the massive footprint of the system's cloud infrastructure and disparate network connections and geo-location obfuscation techniques, NSS can locate and monitor malware across the globe and provide detailed threat analysis for each specific region, as they often support and host different malware / cybercrime campaigns.
Description
PRIORITY CLAIMS / RELATED APPLICATIONS[0001]This application claims priority under 35 USC 120 and is a continuation in part of U.S. patent application Ser. No. 14 / 482,696, filed Sep. 10, 2014 and titled “MALWARE AND EXPLOIT CAMPAIGN DETECTION SYSTEM AND METHOD” that in turn claims priority under 35 USC 120 and the benefit under 35 USC 119(e) to U.S. Provisional Patent Application Ser. No. 61 / 876,704 filed Sep. 11, 2013 and entitled “Malware And Exploit Campaign Detection System And Method”, the entirety of both of which are incorporated herein by reference.BACKGROUND[0002]Intrinsically modern drive-by-exploitation and malware campaigns are growing in sophistication related to obfuscation, deployment, and execution in an effort to avoid detection and analysis by security researchers, and modern security systems and software. Anti-virus (AV) systems, such as endpoint protection platforms (EPPs), as well as breach detection services (BDS) employ virtual “sandboxes” or “honey nets” that o...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06G06F17/30
CPCH04L63/1491H04L63/0272G06F17/30864H04L63/1416G06F21/53G06F21/566H04L63/1466G06F16/951G06F21/56
Inventor SAHER, MOHAMEDPATHAK, JAYENDRAELGARHY, AHMED
Owner NSS LABS
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap