Defenses against pay per install malware
In Today’s fast growing internet the threat regarding the exploited services resulting loss in terms of money and services is increasing a lot . One of the avenue of posing this kind of threat are pay-per-install . This requires that we need to understand and appreciate the threat posed by the “silent installs” industry. PPI or pay-per-install services have direct implications for take down efforts: even if as a defense mechanism we are able to completely clean up a botnet (as opposed to merely severing its C&C:command and control master servers), the bot master could return to business-as-usual through modest payments to one or more PPI services.
Pay-per-install (PPI) services are offered by specialized organizations that focus on the infecting the victims’ systems.
Given that multiple malware makers make use of the same PPI services, and that the number of PPI services seems to be significantly smaller than the number of malware families, PPI services are good targets for future take down efforts. However, the wide spread and easy availability of malware industry lead to commercialization of the malware industry that could make it easy to recreate PPI services elsewhere after take down, so the focus should be on identifying and apprehending the people that run such services.
Regarding detection techniques,it is observed that the content-based features of reclaimed signatures perform better than the endpoint-based features. The former wins over the latter in literature review regarding the handling of the periodic replacement of stale URLs PPI services employ for hosting the malware executable, likely to bypass URL blacklists. It is also observed that many downloaders employ a simple download-and-execute strategy, which in turn suggests that in order to protect your business , defense mechanism might realize significant protections by employing taint-based approaches that identify the execution of downloaded data.