|
[1] “Amonetize: Pay per install.” [Online]. Available: http://www.pay-per-install.com/Amonetize.html [2] Alexa, “Alexa top websites.” [Online]. Available: http://www.alexa.com/topsites [3] S. Arshad, A. Kharraz, and W. Robertson, Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance. Cham: Springer International Publishing, 2016, pp. 415–436. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-45719-2 19 [4] S. Arshad, A. Kharraz, and W. Robertson, Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017, pp. 441–459. [Online]. Available: http://dx.doi.org/10.1007/978-3-662-54970-4 26 [5] Avast, “Avast: Enable detection of potentially unwanted programs (pups).” [Online]. Available: http://ccm.net/faq/15731-avast-enable-detection-of-potentially-unwanted-programs [6] AVG, “What are potentially unwanted programs (pup).” [On-line]. Available: https://support.avg.com/SupportArticleView?l=enUS&urlName=What-is-Potentially-Unwanted-Program-PUP [7] N. Bielova, “Survey on javascript security policies and their enforcement mechanisms in a web browser,” The Journal of Logic and Algebraic Programming, vol. 82, no. 8, pp. 243–262, 2013. [8] B. E. Brandi., “The ad networks and advertisers that fund ad injectors,” 2014. [Online]. Available: http://www.benedelman.org/injectors/ [9] J. D. Brutlag, “Aberrant behavior detection in time series for network monitoring,”in Proceedings of the 14th USENIX conference on System administration. USENIX Association, 2000, pp. 139–146. [10] J. Caballero, C. Grier, C. Kreibich, and V. Paxson, “Measuring pay-per-install: The commoditization of malware distribution.” in Usenix security symposium, 2011, p. 15. [11] X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario, “Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware,”in Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on. IEEE, 2008, pp. 177–186. [12] D. Coldewey, “Marriott puts an end to shady ad injection service,”2012. [Online]. Available: https://techcrunch.com/2012/04/09/marriott-puts-an-end-to-shady-ad-injection-service/ [13] M. Cova, C. Leita, O. Thonnard, A. D. Keromytis, and M. Dacier, “An analysis of rogue av campaigns,” in International Workshop on Recent Advances in Intrusion Detection. Springer, 2010, pp. 442–463. [14] CrunchBase, “Installmonetizer.” [Online]. Available: https://www.crunchbase.com/product/installmonetizer#/entity [15] CrunchBase, “Opencandy.” [Online]. Available: https://www.crunchbase.com/product/opencandy#/entity [16] N. Good, R. Dhamija, J. Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, and J. Konstan, “Stopping spyware at the gate: a user study of privacy, notice and spyware,” in Proceedings of the 2005 symposium on Usable privacy and security. ACM, 2005, pp. 43–52. [17] N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan, “Noticing notice: a large-scale experiment on the timing of software license agreements,” in Proceedings of the SIGCHI conference on Human factors in computing systems. ACM, 2007, pp. 607–616. [18] X. Han, N. Kheir, and D. Balzarotti, “The role of cloud services in malicious software: Trends and insights,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2015, pp. 187–204. [19] L. Invernizzi, S. Miskovic, R. Torres, C. Kruegel, S. Saha, G. Vigna, S.-J. Lee, and M. Mellia, “Nazca: Detecting malware distribution in large-scale networks.”in Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 14), vol. 14, 2014, pp. 23–26. [20] D. Kirat, G. Vigna, and C. Kruegel, “Barebox: efficient malware analysis on bare-metal,” in Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 2011, pp. 403–412. [21] P. Kotzias, L. Bilge, and J. Caballero, “Measuring pup prevalence and pup distribution through pay-per-install services,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 739–756. [Online]. Available: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/kotzias [22] P. Kotzias and J. Caballero, “An analysis of pay-per-install economics using entity graphs,” in The Workshop on the Economics of Information Security (WEIS), 2017. [Online]. Available: http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS 2017 paper 45.pdf [23] P. Kotzias, S. Matic, R. Rivera, and J. Caballero, “Certified pup: abuse in Authenticode code signing,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015, pp. 465–478. [24] B. J. Kwon, J. Mondal, J. Jang, L. Bilge, and T. Dumitras, “The dropper effect: Insights into malware distribution with downloader graph analytics,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015, pp. 1118–1129. [25] B. J. Kwon, V. Srinivas, A. Deshpande, and T. Dumitras, “Catching worms, trojan horses and pups: Unsupervised detection of silent delivery campaigns,” CoRR, vol. abs/1611.02787, 2016. [Online]. Available: http://arxiv.org/abs/1611.02787 [26] K. Lab, “Kaspersky internet security 2011.” [Online]. Available: http://support.kaspersky.com/3914 [27] C. Lever, P. Kotzias, D. Balzarotti, J. Caballero, and M. Antonakakis, “A Lustrum of malware network communication: Evolution and insights,” in S&P 2017, 37th IEEE Symposium on Security and Privacy, May 23-25, 2017, San Jose, USA, San Jose, UNITED STATES, 05 2017. [Online]. Available: http://www.eurecom.fr/publication/5177 [28] Z. Li, K. Zhang, Y. Xie, F. Yu, and X. Wang, “Knowing your enemy: understanding and detecting malicious web advertising,” in Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 2012, pp. 674–686. [29] G. Marvin, “Google study exposes tangled web of companies profiting from ad injection,” 2015. [Online]. Available: http://marketingland.com/ad-injector-study-google-127738 [30] McAfee, “Crossrider.” [Online]. Available: https://www.mcafee.com/threat-intelligence/malware/default.aspx?id=6946096 [31] McAfee, “Potentially unwanted programs (pups).” [Online]. Available: http://www.mcafee.com/us/threat-center/resources/pups-configuration.aspx#VSE7 [32] S. McCoy, A. Everard, D. F. Galletta, and G. D. Moody, “Here we go again! the impact of website ad repetition on recall, intrusiveness, attitudes, and site revisit intentions,” Information & Management, vol. 54, no. 1, pp. 14–24, 2017. [33] Microsoft, “How microsoft antimalware products identify malware: unwanted software and malicious software.” [Online]. Available: https://www.microsoft.com/en-us/security/portal/mmpc/shared/objectivecriteria.aspx [34] Microsoft, “Pua: Win32/vopackage.” [Online]. Available: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PUA%3AWin32%2FVOPackage&ThreatID=213926 [35] Orange3, “Data mining fruitful and fun.” [Online]. Available: https://orange.biolab.si/ [36] C. Pickard and S. Miladinov, “Rogue software: Protection against potentially unwanted applications,” in 2012 7th International Conference on Malicious and Unwanted Software, Oct 2012, pp. 1–8. [37] PPI, “Best pay-per-install affiliate program reviews,” 2017. [Online]. Available: https://pay-per-install.com [38] M. A. Rajab, “Out with unwanted ad injectors.” [Online]. Available: https://security.googleblog.com/2015/03/out-with-unwanted-ad-injectors.html [39] M. N. Sakib and C.-T. Huang, “Automated collection and analysis of malware disseminated via online advertising,” in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1. IEEE, 2015, pp. 1411–1416. [40] K. Stevens, “The underground economy of the pay-per-install (ppi) business,”2009. [Online]. Available: https://www.secureworks.com/research/ppi [41] Symantec, “Adware.eorezo.” [Online]. Available: https://www.symantec.com/security response/writeup.jsp?docid=2012-061213-2441-99 [42] Symantec, “Pua.wajam.” [Online]. Available: https://www.symantec.com/security response/writeup.jsp?docid=2014-100114-1231-99 [43] K. Thomas, E. Bursztein, C. Grier, G. Ho, N. Jagpal, A. Kapravelos, D. Mccoy, A. Nappa, V. Paxson, P. Pearce, N. Provos, and M. A. Rajab, “Ad injection at scale: Assessing deceptive advertisement modifications,” in Proceedings of the 2015 IEEE Symposium on Security and Privacy, ser. SP ’15. Washington, DC, USA: IEEE Computer Society, 2015, pp. 151–167. [Online]. Available: http://dx.doi.org/10.1109/SP.2015.17 [44] K. Thomas, J. A. E. Crespo, R. Rasti, J.-M. Picod, C. Phillips, M.-A. Decoste, C. Sharp, F. Tirelo, A. Tofigh, M.-A. Courteau, L. Ballard, R. Shield, N. Jagpal, M. A. Rajab, P. Mavrommatis, N. Provos, E. Bursztein, and D. McCoy, “Investigating commercial pay-per-install and the distribution of unwanted software,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 721–739. [Online]. Available: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/thomas [45] ThreatMiner.org, 2017. [Online]. Available: https://www.threatminer.org/ [46] TrendMicro, “Adw vitruvian.” [Online]. Available: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adw vitruvian [47] virustotal, “Virustotal - free online virus, malware and url scanner.” 2017. [Online]. Available: https://www.virustotal.com/ [48] T. Vissers, W. Joosen, and N. Nikiforakis, “Parking sensors: Analyzing and detecting parked domains.” in Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 15), 2015. [Online]. Available: http://dx.doi.org/10.14722/ndss.2015.230053 [49] X. Xing, W. Meng, B. Lee, U. Weinsberg, A. Sheth, R. Perdisci, and W. Lee, “Understanding malvertising through ad-injecting browser extensions,”in Proceedings of the 24th International Conference on World Wide Web, ser. WWW ’15. Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee, 2015, pp. 1286–1295. [Online]. Available: https://doi.org/10.1145/2736277.2741630 [50] A. Zarras, A. Kapravelos, G. Stringhini, T. Holz, C. Kruegel, and G. Vigna, “The dark alleys of madison avenue: Understanding malicious advertisements,” in Proceedings of the 2014 Conference on Internet Measurement Conference. ACM, 2014, pp. 373–380.
|