What’s in a name. . . generator?
- 195 Downloads
Domain generation algorithms can be used for registering spamming and phishing sites, as well as by botnets for domain flux. In this paper we study Kwyjibo, a more sophisticated domain/word generation algorithm that is able to produce over 48 million distinct pronounceable words. We show through four different implementations how Kwyjibo might be deployed and how its size can be reduced to under 163KiB using a technique we call ‘lossy distribution compression’. This means that Kwyjibo is both powerful as well as small enough to be used by malware on mobile devices.
Unable to display preview. Download preview PDF.
- 2.Brooks F.P. Jr: The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition. Addison-Wesley, Boston (1995)Google Scholar
- 4.Gasser, M.: A random word generator for pronounceable passwords. MITRE technical report MTR-3006 (also listed as ESD-TR-95-97), (1975)Google Scholar
- 5.Hyppönen, M.: How Sober activates. F-Secure Weblog, 8 December (2005)Google Scholar
- 6.Ijaz, H., Farooq, M., Khayam, S.A.: Mobile botnets for smartphones: An unfolding catastrophe? Virus Bulletin, pp. 11–16, December (2011)Google Scholar
- 7.Malik, H.W., Mushtaq, A.: Kraken botnet—a detailed analysis. FireEye Malware Intelligence Lab Weblog, 17 April (2008)Google Scholar
- 8.National Institute of Standards. Automated password generator (APG). FIPS PUB 181 (1993)Google Scholar
- 9.Ollmann, G.: Botnet communication topologies. Damballa white paper (2009)Google Scholar
- 10.Porras, P., Saidi, H., Addendum, V.Yegneswaran.: Conficker C analysis. http://mtc.sri.com/Conficker/addendumC, 4 April (2009)
- 11.Staniford, S., Paxson, V., Weaver, N.: How to 0wn the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium (2002)Google Scholar
- 12.Stewart, J.: Bobax Trojan analysis. SecureWorks, 17 May (2004)Google Scholar
- 13.Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In: 16th ACM Conference on Computer and Communications Security, pp. 223–234 (2009)Google Scholar
- 14.Trend Micro. File-patching ZBOT variants: ZeuS 2.0 levels up. Trend Micro Research Paper (2010)Google Scholar
- 15.UCSB Computer Security Group. Taking over the Torpig botnet (updates). http://www.cs.ucsb.edu/~seclab/projects/torpig/, (2009) (estimated)
- 16.Wolf, J.: Technical details of Srizbi’s domain generation algorithm. FireEye Malware Intelligence Lab Weblog, 25 Nov. (2008)Google Scholar
- 17.Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: 10th Annual ACM Conference on Internet Measurement, pp. 48–61 (2010)Google Scholar