Journal in Computer Virology

, Volume 8, Issue 1–2, pp 53–60 | Cite as

What’s in a name. . . generator?

Original Paper

Abstract

Domain generation algorithms can be used for registering spamming and phishing sites, as well as by botnets for domain flux. In this paper we study Kwyjibo, a more sophisticated domain/word generation algorithm that is able to produce over 48 million distinct pronounceable words. We show through four different implementations how Kwyjibo might be deployed and how its size can be reduced to under 163KiB using a technique we call ‘lossy distribution compression’. This means that Kwyjibo is both powerful as well as small enough to be used by malware on mobile devices.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Boldi P., Vigna S.: Mutable strings in Java: design, implementation and lightweight text-search algorithms. Sci. Comput. Program. 54(1), 3–23 (2005)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Brooks F.P. Jr: The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition. Addison-Wesley, Boston (1995)Google Scholar
  3. 3.
    Crawford H., Aycock J.: Kwyjibo: Automatic domain name generation. Softw. Pract. Experience 38(14), 1561–1567 (2008)CrossRefGoogle Scholar
  4. 4.
    Gasser, M.: A random word generator for pronounceable passwords. MITRE technical report MTR-3006 (also listed as ESD-TR-95-97), (1975)Google Scholar
  5. 5.
    Hyppönen, M.: How Sober activates. F-Secure Weblog, 8 December (2005)Google Scholar
  6. 6.
    Ijaz, H., Farooq, M., Khayam, S.A.: Mobile botnets for smartphones: An unfolding catastrophe? Virus Bulletin, pp. 11–16, December (2011)Google Scholar
  7. 7.
    Malik, H.W., Mushtaq, A.: Kraken botnet—a detailed analysis. FireEye Malware Intelligence Lab Weblog, 17 April (2008)Google Scholar
  8. 8.
    National Institute of Standards. Automated password generator (APG). FIPS PUB 181 (1993)Google Scholar
  9. 9.
    Ollmann, G.: Botnet communication topologies. Damballa white paper (2009)Google Scholar
  10. 10.
    Porras, P., Saidi, H., Addendum, V.Yegneswaran.: Conficker C analysis. http://mtc.sri.com/Conficker/addendumC, 4 April (2009)
  11. 11.
    Staniford, S., Paxson, V., Weaver, N.: How to 0wn the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium (2002)Google Scholar
  12. 12.
    Stewart, J.: Bobax Trojan analysis. SecureWorks, 17 May (2004)Google Scholar
  13. 13.
    Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In: 16th ACM Conference on Computer and Communications Security, pp. 223–234 (2009)Google Scholar
  14. 14.
    Trend Micro. File-patching ZBOT variants: ZeuS 2.0 levels up. Trend Micro Research Paper (2010)Google Scholar
  15. 15.
    UCSB Computer Security Group. Taking over the Torpig botnet (updates). http://www.cs.ucsb.edu/~seclab/projects/torpig/, (2009) (estimated)
  16. 16.
    Wolf, J.: Technical details of Srizbi’s domain generation algorithm. FireEye Malware Intelligence Lab Weblog, 25 Nov. (2008)Google Scholar
  17. 17.
    Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: 10th Annual ACM Conference on Internet Measurement, pp. 48–61 (2010)Google Scholar

Copyright information

© Springer-Verlag France 2012

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of CalgaryCalgaryCanada

Personalised recommendations