CCC DATAset 2009 によるマルウェア配布元の可視化



Similar documents
1011  時系列分析による連鎖感染の可視化と検体種別の推測

2 [2] Flow Visualizer 1 DbD 2. DbD [4] Web (PV) Web Web Web 3 ( 1) ( 1 ) Web ( 2 ) Web Web ( 3 ) Web DbD DbD () DbD DbD DbD 2.1 DbD DbD URL URL Google

Web Web Web Web i

29 jjencode JavaScript

p6-18/村松様

jta130fiü“e_qx3_ocf

jta110fiü“e

JTA108fiü“e02/3.3/CID

HTML5無料セミナ.key

表紙4_1/山道 小川内 小川内 芦塚

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

News from City Hospital

DEIM Forum 2010 D Development of a La

H indd

2,

FUJII, M. and KOSAKA, M. 2. J J [7] Fig. 1 J Fig. 2: Motivation and Skill improvement Model of J Orchestra Fig. 1: Motivating factors for a

Q [4] 2. [3] [5] ϵ- Q Q CO CO [4] Q Q [1] i = X ln n i + C (1) n i i n n i i i n i = n X i i C exploration exploitation [4] Q Q Q ϵ 1 ϵ 3. [3] [5] [4]

10/17CII/CIIIJ

CERI NEWS

SNS GIS Abstract The Tourism-based Country Promotion Basic Act was enacted in Japan over a decade ago. Tourism is expected to be the primary contribut

平常時火災における消火栓の放水能力に関する研究

, IT.,.,..,.. i


28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment

Computer Security Symposium October 2013 Android OS kub

Web Web Web Web Web, i

農研機構 食品総合研究所 研究報告 77号

Lite 2 45 ECHONET Lite ECHONET Lite [2], [3], [4], [5], [6], [7] IoT WoT Web [8] HEMS [9] ECHONET Lite ECHONET Lite ECHONET Lite ECHONET Lite ECHONET

258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS ) GPS Global Positioning System

7,, i

Core Ethics Vol. J O J O J O J O J O J O J O P C L P C L J O J O J O J O

NA-F80D2S/F70D2S取扱説明書


評論・社会科学 84号(よこ)(P)/3.金子

3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2

Kyushu Communication Studies 第2号

IP S ( :H ) ( ) ( :H22 4

<332D985F95B62D8FAC93638BA795DB90E690B62E706466>

ニピイ4月号.indb

ニピイ2012年7月号.indd

ニピイ2月号.indb


A5_2016cycling_h1h4_4kou

(a) (b) 1 JavaScript Web Web Web CGI Web Web JavaScript Web mixi facebook SNS Web URL ID Web 1 JavaScript Web 1(a) 1(b) JavaScript & Web Web Web Webji

Japanese Journal of Family Sociology, 29(1): (2017)

1 Fig. 2 2 Fig. 1 Sample of tab UI 1 Fig. 1 that changes by clicking tab 5 2. Web HTML Adobe Flash Web ( 1 ) ( 2 ) ( 3 ) ( 4 ) ( 5 ) 3 Web 2.1 Web Goo

S S

研究紀要50号(よこ)文学・文化☆/2.佐藤

untitled

BJ-No.7 01 三好秀和.indd

2000年11月21日

2 33,**. + : +/* /++** +/* /++** +/* /++** /** /** F+ +*** F+ +*** / 1*42.,43 /14+,*42 /, , 134,.,43 / 0-41,*42.4, -/41,*43,34,,+4. +

News‘oŠÍ

Vol. 42 No. SIG 8(TOD 10) July HTML 100 Development of Authoring and Delivery System for Synchronized Contents and Experiment on High Spe

97-00


先端社会研究所紀要 第9号☆/2.島村

ウイルスバスター2012 クラウド ガイドブック

1,a) 1,b) TUBSTAP TUBSTAP Offering New Benchmark Maps for Turn Based Strategy Game Tomihiro Kimura 1,a) Kokolo Ikeda 1,b) Abstract: Tsume-shogi and Ts

:- Ofer Feldman,Feldman : -

宅建練馬表478号1_4ol [更新済み].eps

Core Ethics Vol. -

<95DB8C9288E397C389C88A E696E6462>

ワーファリン錠0.5mg、ワーファリン錠1mg、ワーファリン錠5mg、ワーファリン顆粒0.2%

DEIM Forum 2010 A Web Abstract Classification Method for Revie

1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D

NEWS Topics

GN doc

(2-3)CyberSpace

IPSJ SIG Technical Report Vol.2013-CE-122 No.16 Vol.2013-CLE-11 No /12/14 Android 1,a) 1 1 GPS LAN 2 LAN Android,,, Android, HTML5 LAN 1. ICT(I

25 About what prevent spoofing of misusing a session information

No.208_honbun.indd

少子化の動向と出生率に関する研究サーベイ

<8ED089EF8B D312D30914F95742E696E6464>

004-paper-maeda.indd

先端社会研究 ★5★号/4.山崎

粗大ごみ PRESS

WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i

カスペルスキー アンチウイルス 2011 for Mac

1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf

untitled

Google Social Influences and Legal Issues of Google Street View Hiroshi Takada

NEWS LETTER vol.40 01

3_39.dvi

2016 Institute of Statistical Research

63 Author s Address: A Study on the Activities and Characteristics of Johnny s fans in china WEI Ran, LU Yijing Foreign Lang


10_細川直史.indd

No.81…J…›†[‘C’³flÅ

No.78…J…›†[

Cisco Identity Services Engine Supported Mac OS X AV/AS Products Version

Core Ethics Vol. Epstein, CI CI CI CI CI CI CI CI Epstein, CI CI CI CI CI CI CI CI CI CI Schindler, CI CI CI CI NIH CI Finn FDA / M CI N CI N / M, CI


目    次

学位研究17号

IPSJ SIG Technical Report Vol.2011-EC-19 No /3/ ,.,., Peg-Scope Viewer,,.,,,,. Utilization of Watching Logs for Support of Multi-


白山の自然誌21 白山の禅定道

WE7281_help


Transcription:

CCC DATAset 2009 105-0001 4-1-17 3F CCC DATAset 2009 1 URL Visualization of the Malware distribution by CCC DATAset 2009 Takahiro Matsuki Yuu Arai Risk Research Institute of Cyber Space, Little earth Corporation Co., Ltd. 4-1-17 Toranomon Minato-Ku Tokyo 105-0001 Japan takahiro.matsuki@lac.co.jp, y.arai@lac.co.jp Abstract The domestic BOTs infection decreases by continuation of the attention by the Cyber Clean Center. However, most undetectable malware are distributed from foreign countries. In this paper, promote the grasp of the actual situation by making the geographical distribution of the malware distribution visible with CCC DATAset 2009. Also downloader and infection to plural malware are increasing recently. Because make a URL list of the distribution of the malware and examine a method to prevent infection expansion with the downloader. 1 Web Web USB MWS 2008 [1]

CCC DATAset 2009 URL 2 CCC DATAset 2009 IP Geolocation GeoLite City [3] Google Maps API [4] 1 F-Secure [6] 2.1 IP 2008 11 2009 4 1,494 IP IP 357 IP 1 1 1: IP IP 1 274 2 5 45 6 10 17 11 25 11 26 50 5 51 100 2 101 200 3 76.8 % 274 IP 1 10 IP 94% IP 11 IP 21 51 IP 5 IP IP 1 1 IP 11 50 51 IP IP, 5 IP 577 38.6 % 2.2 1,494 IP 2 79.3 % 1 IP

1: 2: IP IP 1 1,185 2 50 268 51 100 21 101 500 13 501 1,000 3 1,001 5,000 4 IP TSPY KOLABC.CH TSPY KOLABC.CH 11 2,084 IP A 923 IP B 2 TSPY KOLABC.CH IP 2 A B 2008 12 29 2009 1 7 TSPY KOLABC.CH A 3 2009 3 4 B 2009 4 30 2: TSPY KOLABC.CH TSPY KOLABC.CH BKDR POEBOT.GN WORM SWTYMLAI.CD Web [7] BKDR POEBOT.GN 569 WORM SWTYMLAI.CD 1 IP TSPY KOLABC.CH KML Google Earth [5]

3: TSPY KOLABC.CH 2.3 Web 80 Web Web 2009 8 600 IP 4 Web CCC DATAset 2009 CCC DATAset 2009 Web IP 80 1 CCC DATAset 2009 1,494 80 1,066 71.4 % 5 X Y 6 80 200 2008 12 6 9 1 IP 1 8889 2008 12 BKDR PROTUX.AHB [2] 600 1000 80 80 80 HTTP HTTP 3 CCC DATAset 2009 80 894,517 372,165 41.6 % CCC DATAset 2008 2,942,221 1,157,101 39.3 % CCC DATAset 2008 80 5:

4: Web 4 URL 80 CCC DATAset 2009 HTTP URL URL URL 3 13 3 14 3 13 80 560 238 42.5 % 14 464 154 33.2 % HTTP GET URL 3 URL 2.2 TSPY KOLABC.CH URL ICQ AIM Firefox URL 4 PE BOBAX.AF-O [8] 3: HTTP GET URL 3/13 honeypot1 102 10 honeypot2 130 13 3/14 honeypot1 64 8 honeypot2 82 10 URL 1 10 2 URL 22 URL 4.1 DB Web Web IP URL

URL 4: URL http://205.188.226.xx/aim/win95/install AIM.exe http://209.170.96.xx/pub/icq Win95 98 NT4/ICQ 4/Lite Edition/icq4 setup.exe http://193.74.22.xxx/pub/mozilla.org/firefox/releases/1.0/win32/en-us/firefox%20setup%201.0.exe TSPY KOLABC.CH URL Stopbadware.org surbl.org Norton Safe Web Trend Micro Smart Protection Network 5 CCC DATAset 2009 URL NICT Telecom-ISAC Japan [1] (2008). Vol.2008. No.8 [2] 2008 12 https://www.ccc.go.jp/report/ 200812/0812monthly.html [3] MaxMind - GeoLite City http://www.maxmind.com/app/geolitecity [4] Google Maps API http://code.google.com/intl/ja/apis/maps [5] Google Earth API - Google Code http://code.google.com/intl/ja/apis/earth [6] F-Secure Weblog : News from the Lab http://www.f-secure.com/weblog/archives/ 00001606.html [7] Trend Micto TSPY KOLABC.CH http://www.trendmicro.co.jp/vinfo/grayware/ ve graywaredetails.asp?gname=tspy%5fkolabc %2ECH&VSect=Td [8] Avira Worm/Bobic.K.3 http://www.avira.com/jp/threats/section/ fulldetails/id vir/1189/worm bobic.k.3.html [9] StopBadware.org http://www.stopbadware.org [10] surbl.org http://www.surbl.org [11] Norton Safe Web http://safeweb.norton.com

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック