A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums

Michal Tereszkowski-Kaminski; Santanu Kumar Dash; Guillermo Suarez-Tangil

doi:10.1007/978-3-031-70896-1_3

Back

A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums

Conference proceeding

Open access

Peer reviewed

A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums

Michal Tereszkowski-Kaminski, Santanu Kumar Dash and Guillermo Suarez-Tangil

29th European Symposium on Research in Computer Security - Proceedings, Part III, Vol.14984, pp.45-66

Lecture Notes in Computer Science

29th European Symposium on Research in Computer Security (Bydgoszcz, Poland, 16/09/2024 - 20/09/2024)

2024

DOI: https://doi.org/10.1007/978-3-031-70896-1_3

Abstract

malware

source code reuse

Underground forum

To date, most analysis of collaboration between malware authors has been performed on meta-data and compiled binaries, while ignoring artifacts present in the source code. We collect a vast amount of malicious source code from Underground Forums posts, Underground Forum code attachments, and GitHub repositories and devise a methodology that allows us to filter out most auxiliary code, leaving the measurement to focus on malicious code. We leverage this to perform an in-depth measurement of the reuse of malicious code between these malware centers as well as StackOverflow. We find that our methodology has high precision in identifying malicious code (93.1%) and provides a contemporary snapshot of malware code reuse across the Web, offering insights into the manners in which this takes place.

Files and links (2)

pdf

Malicious Code Reuse__ESORICS___Camera_Ready1.11 MBDownload View

Author's Accepted Manuscript Open Access

url

https://doi.org/10.1007/978-3-031-70896-1_3View

Published (Version of record)

Metrics

3 Record Views

Details

Title: A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums
Creators: Michal Tereszkowski-Kaminski (Corresponding Author) - IMDEA Networks
Santanu Kumar Dash (Author) - University of Surrey, School of Computer Science and Electronic Engineering
Guillermo Suarez-Tangil (Author) - IMDEA Networks
Publication Details: 29th European Symposium on Research in Computer Security - Proceedings, Part III, Vol.14984, pp.45-66
Conference: 29th European Symposium on Research in Computer Security (Bydgoszcz, Poland, 16/09/2024 - 20/09/2024)
Series: Lecture Notes in Computer Science
Publisher: Springer
Date published: 2024
Grants: TED2021-132900A-I00, Ministerio de Ciencia, Innovación y Universidades (Spain, Madrid) - MICINN
PID2022-143304OBI00, Ministerio de Ciencia, Innovación y Universidades (Spain, Madrid) - MICINN
Programa Investigo, 2022-C23.I01.P03.S0020-0000038, European Union (Belgium, Brussels) - EU
Ministerio de Trabajo y Economía Social (Spain, Madrid) - MITES
Servicio Público de Empleo Estatal (Spain, Madrid) - SEPE
Grant note: This project was funded by TED2021-132900A-I00, from the Spanish Ministry of Science and Innovation, with funds from MCIN/AEI /10.13039/501100011033, and the European Union-NextGenerationEU/PRTR; and by PID2022-143304OBI00 funded by MCIN/AEI /10.13039/501100011033/ and the ERDF “A way of making Europe.” M. Tereszkowski-Kaminski’s work was supported by “Programa Investigo” grant 2022-C23.I01.P03.S0020-0000038, funded by the European Union NextGeneration-EU/PRTR and MITES/SEPE. G. Suarez-Tangil has been appointed as 2019 Ramon y Cajal fellow (RYC-2020-029401-I) funded by MCIN/AEI/10.13039/501100011033 and ESF Investing in your future.
Identifiers: 99925262202346
Academic Unit: School of Computer Science and Electronic Engineering
Language: English
Resource Type: Conference proceeding

A Study of Malicious Source Code Reuse Among GitHub, StackOverflow and Underground Forums

Abstract

Files and links (2)

Metrics

Details

Usage Policy