Where Only Fools Dare to Tread: An Empirical Study on the Prevalence of Zero-Day Malware

  title={Where Only Fools Dare to Tread: An Empirical Study on the Prevalence of Zero-Day Malware},
  author={Havard Vegge and Finn Michael Halvorsen and Rune Walso Nergard and Martin Gilje Gilje Jaatun and Jostein Jensen},
  journal={2009 Fourth International Conference on Internet Monitoring and Protection},
Zero-day malware is malware that is based on zero-day exploits and/or malware that is otherwise so new that it is not detected by any anti-virus or anti-malware scanners. This paper presents an empirical study that exposed updated Micsosoft Windows XP PCs with updated anti-virus software to a number of unsavoury Internet software repositories. A total of 124 zero-day malware instances were detected in our experiment. Our conclusion is that if a user is sufficiently adventurous (or foolish), no… 

Figures and Tables from this paper

Fools Download Where Angels Fear to Tread
The malware specimens that the antivirus packages didn't detect during the two-week exposure period suggest that signature-based antivirus software doesn't provide sufficient protection for users who live on the bleeding edge with respect to where they obtain their software.
Windows Installer Security
A specially developed analysis script shows that malware detection in MSI files can be significantly improved compared to normal scans with conventional anti-virus products.
Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls
A new access control model, known as functionality-based application confinement (FBAC), which is hierarchical, which enables it to provide layers of abstraction and encapsulation in policy and simultaneously enforces the security goals of both users and administrators by providing discretionary and mandatory controls.
Global Information Assurance Certification Paper
Various methods that organizations can use to better detect zero-day exploits will be discussed, and organization size will be examined to determine whether it plays a part in the detection methods used regarding zero- day exploits.
A Framework includes Path based Method and Sandbox Techniques for Effective Communication System
In the proposed method, the memory allocation is required with some shape and approaches all the applications in sequence manner to store and minimizes the delay in deleting and updating the response data and makes the system more efficiently.
Teaching Information Security Students to "Think thief"
An educational experiment where information security master students were encouraged to think out of the box and challenge the students to take the point of view of the motivated offender is reported on.
Deployment of Low Interaction Honeypots in University Campus Network
Large scale networks face daily thousands of network attacks. No matter the strength of the existing security defending mechanisms, these networks remain vulnerable, as new tools and techniques are
Teaching Engineering students to "Think thief"
It is reported that thinking thief inspires students to design creative projects, working with real subjects creates a powerful learning experience, and students are struggling with methodological issues.


Limits of Static Analysis for Malware Detection
A binary obfuscation scheme that relies on opaque constants, which are primitives that allow us to load a constant into a register such that an analysis tool cannot determine its value, demonstrates that static analysis techniques alone might no longer be sufficient to identify malware.
Searching for Malware in BitTorrent
This project explored BitTorrent for the presence of malware, and discovered a signicant portion of malware in the downloaded le set.
All Your iFRAMEs Point to Us
The relationship between the user browsing habits and exposure to malware, the techniques used to lure the user into the malware distribution networks, and the different properties of these networks are studied.
A study of malware in peer-to-peer networks
A useful insight into filtering malware is provided: filtering downloads based on the most commonly seen sizes of the most popular malware could block a large portion of malicious files with a very low rate of false positives.
Malware prevalence in the KaZaA file-sharing network
Using a light-weight crawler built for the KaZaA file-sharing network, this work finds that over 15% of the crawled files were infected by 52 different viruses, many of which open a backdoor through which an attacker can remotely control the compromised machine, send spam, or steal a user's confidential information.
Searching for Malware in Bit- Torrent
  • University of Iowa, Tech. Rep. UICS-08-05, April 24 2008, http://www.cs.uiowa.edu/~ejjung/courses/169/ project/publish/AndrewBerns_presentation.pdf.
  • 2008
ANUBIS. Last visited
  • ANUBIS. Last visited
  • 2008
Anti-Virus Comparative No.18: Proactive/retrospective test
  • AV-Comparatives. [Online]. Available: http://www.av-comparatives.org/seiten/ergebnisse/
  • 2008
Anti-Virus Comparative No.18: Proactive/retrospective test. AV-Comparatives
  • Anti-Virus Comparative No.18: Proactive/retrospective test. AV-Comparatives
  • 2008
Mapping the Mal Web Revisited
  • McAfee SiteAdvisor, June 4, 2008, http://www.siteadvisor.com/studies/map_ malweb_jun2008.pdf.
  • 2008