2023-09-08 ジョージア工科大学
◆研究チームは、WAEマルウェアを自動的に検出し、ほぼ80%を削除できるツール「Marsea」を開発しました。この種のマルウェアはWebアプリケーションを悪用し、そのトラフィックを無害に見せかけて検出を回避します。研究は、事件対応者とWebアプリ提供者の協力を奨励し、WAEマルウェアの普及と特性について洞察を提供します。
<関連情報>
- https://research.gatech.edu/playing-hide-and-seek-new-breed-malware-threatening-millions-users
- https://www.usenix.org/conference/usenixsecurity23/presentation/yao-mingxuan
ありふれた風景の中に潜む マルウェアにおけるウェブアプリケーションの悪用に関する実証的研究 Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware
Mingxuan Yao, Georgia Institute of Technology; Jonathan Fuller, United States Military Academy; Ranjita Pai Kasturi, Saumya Agarwal, Amit Kumar Sikder, and Brendan Saltaformaggio, Georgia Institute of Technology
the 32nd USENIX Security Symposium
Abstract
Web applications provide a wide array of utilities that are abused by malware as a replacement for traditional attacker-controlled servers. Thwarting these Web App-Engaged (WAE) malware requires rapid collaboration between incident responders and web app providers. Unfortunately, our research found that delays in this collaboration allow WAE malware to thrive. We developed Marsea, an automated malware analysis pipeline that studies WAE malware and enables rapid remediation. Given 10K malware samples, Marsea revealed 893 WAE malware in 97 families abusing 29 web apps. Our research uncovered a 226% increase in the number of WAE malware since 2020 and that malware authors are beginning to reduce their reliance on attacker-controlled servers. In fact, we found a 13.7% decrease in WAE malware relying on attacker-controlled servers. To date, we have used Marsea to collaborate with the web app providers to take down 50% of the malicious web app content.