Automated Collection and Analysis of Malware Disseminated via Online Advertising

Online advertising system has become a convenient and efficient channel to disseminate Web-based malware to the Internet users. Most of the free online services exist in exchange of the revenues generated through advertisements. Therefore, considerable efforts are made to deliver the ads to the appropriate audiences. Cyber criminals can easily exploit this online ad delivery system to deliver malware to a very large number of end-users and their vulnerable machines. We observe that this active approach by cyber criminals can be exploited to expedite the collection of malware. In this paper, we propose an automated system that mimics high-risk browsing activities such as clicking on suspicious online ads, and as a result collects malicious executable files for further analysis and diagnosis. Using our system we crawled over the Internet for a period of 7 days to collect a significant amount of ad frame URLs, which has been monitored for another period of 7 days to collect more than 800 malicious executables. The experimental results showed that our system is quite effective in collecting online malware samples using very limited resources compared to other malware collecting honeypot systems.