InfoSec Seminar: Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web

Speaker: Colin Ife

Date/Time: 27-Jun-2019, 16:00 UTC

Venue: Roberts 309



We present a longitudinal measurement of malicious file distribution on the Web. Following a data-driven approach, we identify network infrastructures and the files that they download. We then study their characteristics over a short period (one day), over a medium period (daily, over one month) as well as in the long term (weekly, over one year). This analysis offers us an unprecedented view on the malicious file delivery ecosystem and its dynamics.

We find that the malicious file delivery landscape can be divided into two distinct ecosystems: a much larger, tightly connected set of networks that is mostly responsible for the delivery of potentially unwanted programs (PUP), and a number of disjoint network infrastructures that are responsible for delivering malware on victim computers. We find that these two ecosystems are mostly disjoint, but it is not uncommon to see malware downloaded from the PUP Ecosystem, and vice versa. We estimate the proportions of PUP-to-malware in the wild and compare their distribution patterns. We monitor the temporal evolution of malicious file delivery infrastructures over an entire year. We then reason on how our findings can help the research and law enforcement communities in developing better take-down techniques


Colin Ife is a PhD student (SECReT DTC) at UCL with a primary research focus on malware delivery networks. More generally, his research interests lie in applying data and crime science approaches to cybersecurity problems and for cybercrime mitigation. Colin holds a BA and MEng in Information and Computer Engineering from University of Cambridge, and an MRes in Security Science from UCL.

Add to Calendar

This page was last modified on 27 Mar 2014.