Malware

  • “Practical and secure Software-Based attestation.” .
    [Bibtex]
    @inproceedings{lightsec,
    citeulike-article-id = {12477272},
    citeulike-linkout-0 = {http://www.markus-jakobsson.com/wp-content/uploads/lightsecJakobssonJohansson.pdf},
    keywords = {article, fraud, malware, mobile, most-downloaded, publication, publications},
    posted-at = {2013-07-13 07:33:26},
    priority = {2},
    title = {Practical and Secure {Software-Based} Attestation},
    url = {http://www.markus-jakobsson.com/wp-content/uploads/lightsecJakobssonJohansson.pdf}
    }
  • M. Jakobsson and G. Stewart, “Mobile malware: why the traditional AV paradigm is doomed, and how to use physics to detect undesirable routines,” in Blackhat, 2013.
    [Bibtex]
    @inproceedings{blackhat13,
    abstract = {The traditional {Anti-Virus} paradigm focuses on signature-based and behavioral detection. These require substantial processing, which hurts the limited power resources of handsets. Also, carriers are reluctant and slow to deliver Firmware Over The Air ({FOTA}) patches, due to the rigorous testing they need to subject updates to, and the costs of over-the-air updates. A move to cloud-based screening fails to recognize that not all threats will be propagated over the backbone, may obfuscate themselves in transit; or fight back (as rootkits do) to evade reporting or use of techniques such as the ``Google kill switch''. Hardware vendors are evaluating security solutions with hardware support, such as {TrustZone}, but while this reduces the vulnerabilities, it still exposes an attack surface.
    We describe a new approach that detects the presence of any undesirable routines -- including corruptions of the code used to perform this detection. The security assertions we make are not based on heuristics, but rather, rely on the physical characteristics of the target device. We detail the approach, which does not rely on hardware modifications, and explain how to analyze its security.},
    author = {Jakobsson, Markus and Stewart, Guy},
    booktitle = {BlackHat},
    citeulike-article-id = {12477269},
    citeulike-linkout-0 = {http://www.markus-jakobsson.com/wp-content/uploads/blackhat2013JakobssonStewart.pdf},
    keywords = {article, fraud, malware, mobile, most-downloaded, publication, publications},
    posted-at = {2013-07-13 07:26:29},
    priority = {2},
    title = {Mobile Malware: Why the Traditional {AV} Paradigm is Doomed, and How to Use Physics to Detect Undesirable Routines},
    url = {http://www.markus-jakobsson.com/wp-content/uploads/blackhat2013JakobssonStewart.pdf},
    year = {2013}
    }
  • M. Jakobsson and K. Johansson, “Practical and secure Software-Based attestation,” in Lightsec, 2011.
    [Bibtex]
    @inproceedings{citeulike:12348466,
    abstract = {Software-based attestation can be used for guaranteed detection of any active malware on a device. This promises a significant advance in the battle against malware, including mobile malware. However, most software based attestation methods are either heuristic or unsuitable for mobile computing – and often both. One recent software-based attestation method uses so-called memory-printing to produce a software-based attestation technique with provable properties. We describe a novel memory-printing algorithm that improves on that work by being more than an order of magnitude faster, while avoiding commonly used and questionable security assumptions. This results in a truly practical and arguable secure solution – taking less than 3 seconds on a 600 {MHz} processor with 256 {MB} {RAM}. Our work finds applications to malware defense and trusted computing in general, and mobile malware defense in particular.},
    author = {Jakobsson, Markus and Johansson, Karl-Anders},
    booktitle = {LightSec},
    citeulike-article-id = {12348466},
    citeulike-linkout-0 = {http://www.markus-jakobsson.com/wp-content/uploads/lightsec-Jakobsson-Johansson-2011.pdf},
    keywords = {malware, mobile, publications},
    posted-at = {2013-05-16 13:47:21},
    priority = {5},
    title = {Practical and Secure {Software-Based} Attestation},
    url = {http://www.markus-jakobsson.com/wp-content/uploads/lightsec-Jakobsson-Johansson-2011.pdf},
    year = {2011}
    }
  • M. Jakobsson, A. Juels, and J. Ratkiewicz, Remote-Harm detection.
    [Bibtex]
    @misc{remote-harm-detection,
    author = {Jakobsson, Markus and Juels, Ari and Ratkiewicz, Jacob},
    citeulike-article-id = {7845883},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-rhd.pdf},
    howpublished = {http://rhd.ravenwhitedevelopment.com},
    keywords = {malware, publications},
    posted-at = {2010-09-17 03:26:39},
    priority = {0},
    title = {{Remote-Harm} Detection},
    url = {http://markus-jakobsson.com/papers/jakobsson-rhd.pdf}
    }
  • M. Jakobsson, A central nervous system for automatically detecting malware, 2009.
    [Bibtex]
    @misc{markus-blog,
    author = {Jakobsson, Markus},
    citeulike-article-id = {7845871},
    citeulike-linkout-0 = {http://blogs.parc.com/blog/2009/09/a-central-nervous-system-for-automatically-detecting-malware/},
    keywords = {fraud, malware, mobile, publications},
    month = sep,
    posted-at = {2010-09-17 03:24:24},
    priority = {0},
    title = {A Central Nervous System for Automatically Detecting Malware},
    url = {http://blogs.parc.com/blog/2009/09/a-central-nervous-system-for-automatically-detecting-malware/},
    year = {2009}
    }
  • M. Jakobsson and A. Juels, “Server-Side detection of malware infection,” in New security paradigms workshop (nspw), Oxford, UK, 2009.
    [Bibtex]
    @inproceedings{jj09,
    address = {Oxford, UK},
    author = {Jakobsson, Markus and Juels, Ari},
    booktitle = {New Security Paradigms Workshop (NSPW)},
    citeulike-article-id = {7845870},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-nspw09.pdf},
    keywords = {fraud, malware, publications},
    month = sep,
    posted-at = {2010-09-17 03:24:24},
    priority = {0},
    publisher = {ACM},
    title = {{Server-Side} Detection of Malware Infection},
    url = {http://markus-jakobsson.com/papers/jakobsson-nspw09.pdf},
    year = {2009}
    }
  • M. Jakobsson and K. Johansson, “Retroactive detection of malware with applications to mobile platforms,” in Hotsec 2010, Washington, DC, 2010.
    [Bibtex]
    @inproceedings{JJ10b,
    address = {Washington, DC},
    author = {Jakobsson, Markus and Johansson, Karl-Anders},
    booktitle = {HotSec 2010},
    citeulike-article-id = {7845869},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-hotsec10.pdf},
    keywords = {fraud, malware, mobile, most-downloaded, publications},
    month = aug,
    organization = {USENIX},
    posted-at = {2010-09-17 03:24:24},
    priority = {0},
    publisher = {USENIX},
    title = {Retroactive Detection of Malware With Applications to Mobile Platforms},
    url = {http://markus-jakobsson.com/papers/jakobsson-hotsec10.pdf},
    year = {2010}
    }
  • M. Jakobsson and K. Johansson, Assured detection of malware with applications to mobile platforms, 2010.
    [Bibtex]
    @misc{JJ10,
    author = {Jakobsson, Markus and Johansson, Karl-Anders},
    booktitle = {DIMACS Technical Report 2010-03},
    citeulike-article-id = {7845868},
    citeulike-linkout-0 = {http://dimacs.rutgers.edu/TechnicalReports/abstracts/2010/2010-03.html},
    citeulike-linkout-1 = {http://markus-jakobsson.com/papers/jakobsson-dimacstr10.pdf},
    howpublished = {\\\\urlhttp://dimacs.rutgers.edu/TechnicalReports/abstracts/2010/2010-03.html},
    keywords = {fraud, malware, mobile, publications},
    pages = {97--110},
    posted-at = {2010-09-17 03:24:24},
    priority = {0},
    title = {Assured Detection of Malware With Applications to Mobile Platforms},
    url = {http://dimacs.rutgers.edu/TechnicalReports/abstracts/2010/2010-03.html},
    year = {2010}
    }
  • S. Stamm and M. Jakobsson, Social malware.
    [Bibtex]
    @misc{social-malware,
    author = {Stamm, Sid and Jakobsson, Markus},
    citeulike-article-id = {7845867},
    citeulike-linkout-0 = {http://www.indiana.edu/\~{}phishing/verybigad/},
    howpublished = {\\url{www.indiana.edu/\~{}phishing/verybigad/}},
    keywords = {fraud, malware, publications},
    posted-at = {2010-09-17 03:24:24},
    priority = {0},
    title = {Social Malware},
    url = {http://www.indiana.edu/\~{}phishing/verybigad/}
    }
  • J. Y. Choi, P. Golle, and M. Jakobsson, “Tamper-Evident digital signature protecting certification authorities against malware,” in Dasc ’06: proceedings of the 2nd ieee international symposium on dependable, autonomic and secure computing, Washington, DC, USA, 2006, pp. 37-44.
    [Bibtex]
    @inproceedings{choi-tamper-evident,
    address = {Washington, DC, USA},
    author = {Choi, Jong Y. and Golle, Philippe and Jakobsson, Markus},
    booktitle = {DASC '06: Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing},
    citeulike-article-id = {7845861},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-dasc06.pdf},
    keywords = {fraud, malware, publications},
    pages = {37--44},
    posted-at = {2010-09-17 03:24:23},
    priority = {0},
    publisher = {IEEE Computer Society},
    title = {{Tamper-Evident} Digital Signature Protecting Certification Authorities Against Malware},
    url = {http://markus-jakobsson.com/papers/jakobsson-dasc06.pdf},
    year = {2006}
    }
  • S. Stamm, Z. Ramzan, and M. Jakobsson, “Drive-by pharming,” in Icics’07: proceedings of the 9th international conference on information and communications security, Berlin, Heidelberg, 2007, pp. 495-506.
    [Bibtex]
    @inproceedings{drive-by-pharming,
    address = {Berlin, Heidelberg},
    author = {Stamm, Sid and Ramzan, Zulfikar and Jakobsson, Markus},
    booktitle = {ICICS'07: Proceedings of the 9th international conference on Information and communications security},
    citeulike-article-id = {7845857},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-icics07.pdf},
    keywords = {fraud, malware, publications},
    location = {Zhengzhou, China},
    pages = {495--506},
    posted-at = {2010-09-17 03:24:23},
    priority = {0},
    publisher = {Springer-Verlag},
    title = {Drive-by pharming},
    url = {http://markus-jakobsson.com/papers/jakobsson-icics07.pdf},
    year = {2007}
    }
  • M. Jakobsson, Z. Ramzan, and S. Stamm, “JavaScript breaks free,” in Web 2.0 security and privacy, Oakland, CA, 2007.
    [Bibtex]
    @inproceedings{Jakobsson_web2.0,
    address = {Oakland, CA},
    author = {Jakobsson, Markus and Ramzan, Zulfikar and Stamm, Sid},
    booktitle = {Web 2.0 Security and Privacy},
    citeulike-article-id = {7845855},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-web20sp07.pdf},
    keywords = {fraud, malware, publications},
    month = may,
    organization = {IEEE},
    posted-at = {2010-09-17 03:24:23},
    priority = {0},
    publisher = {IEEE},
    title = {{JavaScript} Breaks Free},
    url = {http://markus-jakobsson.com/papers/jakobsson-web20sp07.pdf},
    year = {2007}
    }
  • M. Gandhi, M. Jakobsson, and J. Ratkiewicz, “Badvertisements: stealthy click-fraud with unwitting accessories,” Journal of digital forensics practice, vol. 1, iss. 2, 2006.
    [Bibtex]
    @article{badvertisements,
    author = {Gandhi, Mona and Jakobsson, Markus and Ratkiewicz, Jacob},
    citeulike-article-id = {7845853},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-jdfp06.pdf},
    journal = {Journal of Digital Forensics Practice},
    keywords = {fraud, malware, most-downloaded, publications},
    number = {2},
    posted-at = {2010-09-17 03:24:23},
    priority = {0},
    publisher = {Taylor \& Francis},
    title = {Badvertisements: Stealthy click-fraud with unwitting accessories},
    url = {http://markus-jakobsson.com/papers/jakobsson-jdfp06.pdf},
    volume = {1},
    year = {2006}
    }
  • A. Tsow, M. Jakobsson, L. Yang, and S. Wetzel, “Warkitting: the drive-by subversion of wireless home routers,” Journal of digital forensics practice, vol. 1, iss. 3, pp. 179-192, 2006.
    [Bibtex]
    @article{warkitting,
    author = {Tsow, Alex and Jakobsson, Markus and Yang, Liu and Wetzel, Susanne},
    citeulike-article-id = {7845852},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-jdfp06-warkit.pdf},
    journal = {Journal of Digital Forensics Practice},
    keywords = {fraud, malware, publications},
    number = {3},
    pages = {179--192},
    posted-at = {2010-09-17 03:24:23},
    priority = {0},
    publisher = {Taylor \& Francis},
    title = {Warkitting: the Drive-by Subversion of Wireless Home Routers},
    url = {http://markus-jakobsson.com/papers/jakobsson-jdfp06-warkit.pdf},
    volume = {1},
    year = {2006}
    }
  • P. G. Jong Youl Choi and M. Jakobsson, “Auditable privacy: on Tamper-Evident mix networks,” in Proceeding of financial cryptography and data security, Anguilla, British West Indies, 2006, pp. 126-141.
    [Bibtex]
    @inproceedings{CGJ-2006,
    address = {Anguilla, British West Indies},
    author = {Jong Youl Choi, Philippe G. and Jakobsson, Markus},
    booktitle = {Proceeding of Financial Cryptography and Data Security},
    citeulike-article-id = {7845834},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-fc06.pdf},
    keywords = {encryption, malware, privacy, publications},
    month = feb,
    pages = {126--141},
    posted-at = {2010-09-17 03:22:31},
    priority = {0},
    publisher = {Springer Verlag},
    title = {Auditable Privacy: On {Tamper-Evident} Mix Networks},
    url = {http://markus-jakobsson.com/papers/jakobsson-fc06.pdf},
    volume = {LNCS 4107},
    year = {2006}
    }
  • S. Srikwan and M. Jakobsson, “Using cartoons to teach internet security,” Cryptologia, vol. 32, iss. 2, pp. 137-154, 2008.
    [Bibtex]
    @article{sec-cartoon,
    address = {Bristol, PA, USA},
    author = {Srikwan, Sukamol and Jakobsson, Markus},
    citeulike-article-id = {7845827},
    citeulike-linkout-0 = {http://markus-jakobsson.com/papers/jakobsson-cryptologia08.pdf},
    journal = {Cryptologia},
    keywords = {education, fraud, malware, phishing, publications},
    number = {2},
    pages = {137--154},
    posted-at = {2010-09-17 03:21:32},
    priority = {0},
    publisher = {Taylor \& Francis, Inc.},
    title = {Using Cartoons to Teach Internet Security},
    url = {http://markus-jakobsson.com/papers/jakobsson-cryptologia08.pdf},
    volume = {32},
    year = {2008}
    }
  • M. Jakobsson and Z. Ramzan, Crimeware: understanding new attacks and defenses, Symantec Press / Addison Wesley, 2008.
    [Bibtex]
    @book{crimeware,
    author = {Jakobsson, Markus and Ramzan, Zulfikar},
    citeulike-article-id = {7845749},
    isbn = {978-0321501950},
    keywords = {authentication, fraud, malware, publications},
    posted-at = {2010-09-17 03:00:42},
    priority = {0},
    publisher = {Symantec Press / Addison Wesley},
    title = {Crimeware: Understanding New Attacks and Defenses},
    year = {2008}
    }

Comments are closed.