• Title/Summary/Keyword: API hook

Search Result 3, Processing Time 0.018 seconds

Detection of systems infected with C&C Zeus through technique of Windows API hooking (Windows API 후킹 기법을 통한 C&C Zeus에 감염된 시스템의 탐지)

  • Park, Chul-Woo;Son, Ji-Woong;Hwang, Hyun-Ki;Kim, Ki-Chang
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.5 no.2
    • /
    • pp.297-304
    • /
    • 2015
  • Zeus is one of the will-published malwares. Generally, it infects PC by executing a specific binary file downloaded on the internet. When infected, try to hook a particular Windows API of the currently running processes. If process runs hooked API, this API executes a particular code of Zeus and your private information is leaked. This paper describes techniques to detect and hook Windows API. We believe the technique should be able to detect modern P2P Zeus.

A Study on Personal Information Control and Security in Printed Matter (출력물에서의 개인 정보 제어 및 보안에 관한 연구)

  • Baek, Jong-Kyung;Park, Jea-Pyo
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.14 no.5
    • /
    • pp.2415-2421
    • /
    • 2013
  • Widespread personal data utilization has led personal data protection to its importance at core, and serious data spill has increased constantly as a result. Though various types of protection systems for data spill have been suggested, all these met failures in detection of personal data when printed out or preventing fatal data exposure without any protections when data spill happens. I propose API-Hook method which detects and controls personal data within printouts, and prevents data leakage through masking on the printed-out data. Also, it is verified if security is guaranteed on the documents containing personal data when implementing. In order to obtain security, it is essential to put more weights on the balance with availability than confidentiality.

LoGos: Internet-Explorer-Based Malicious Webpage Detection

  • Kim, Sungjin;Kim, Sungkyu;Kim, Dohoon
    • ETRI Journal
    • /
    • v.39 no.3
    • /
    • pp.406-416
    • /
    • 2017
  • Malware propagated via the World Wide Web is one of the most dangerous tools in the realm of cyber-attacks. Its methodologies are effective, relatively easy to use, and are developing constantly in an unexpected manner. As a result, rapidly detecting malware propagation websites from a myriad of webpages is a difficult task. In this paper, we present LoGos, an automated high-interaction dynamic analyzer optimized for a browser-based Windows virtual machine environment. LoGos utilizes Internet Explorer injection and API hooks, and scrutinizes malicious behaviors such as new network connections, unused open ports, registry modifications, and file creation. Based on the obtained results, LoGos can determine the maliciousness level. This model forms a very lightweight system. Thus, it is approximately 10 to 18 times faster than systems proposed in previous work. In addition, it provides high detection rates that are equal to those of state-of-the-art tools. LoGos is a closed tool that can detect an extensive array of malicious webpages. We prove the efficiency and effectiveness of the tool by analyzing almost 0.36 M domains and 3.2 M webpages on a daily basis.