We present a platform to perform dynamic behavioral analysis of an input installer. We also detail different abusive behaviors that authors of undesirable programs use to distribute their programs through download portals. But, we also find two download portals exclusively used to distribute PPI downloaders. In 18 of the 20 download portals examined the amount of PUP and malware is below 9%. We analyze the collected installers measuring an overall ratio of PUP and malware between 8% (conservative estimate) and 26% (lax estimate). To analyze the distribution of PUP through download portals, we build a platform to crawl download portals and apply it to download 191KWindows freeware installers from 20 download portals. Third, it describes AVCLASS, an automatic labeling tool that given the AV labels for a potentially massive number of samples, outputs the most likely family for each sample. Second, it proposes a system especially designed to dynamically detect and analyze PUP behaviors during program installation and uninstallation.
First, it presents a measurement study of PUP prevalence in download portals, exposing the abusive behaviors that authors of malicious software use to distribute their applications through download portals.
More concretely, it describes three main contributions. This thesis presents novel tools to detect and analyze potentially unwanted programs. For example, current malware analysis systems operate on a single program execution, while detecting incomplete PUP uninstallations requires analyzing together two program executions: the installation and the uninstallation. Current malware analysis systems are not able to detect and analyze characteristic behaviors of PUP. PUP may be difficult to uninstall and may persist installed in the system after the user tries to uninstall it. During installation, besides the target program desired by the user, the installer may install PUP as well. Freeware is often distributed as an installer, i.e., an auxiliary program in charge of performing all installation steps for the target program. Download portals can be abused to distribute PUP. A popular vector for distributing freeware are download portals, i.e., websites that index, categorize, and host programs. PUP often comes bundled with freeware, i.e., proprietary software that can be used free of charge.
In this thesis we study potentially unwanted programs (PUP), a category of undesirable software that, while not outright malicious, contains behaviors that may alter the security state or the privacy of the system on which they are installed.
0 kommentar(er)
