It has a EULA, it must be legit

Friday 26 September 10:00 - 10:30, Green room.

Stefan Catalin Hanu Bitdefender
Stefan Mosoi Bitdefender
Marius Lucaci Bitdefender

  download slides (PDF)

Over the last few years, a certain category of software has become more and more of a nuisance to AV labs and computer users alike: adware and potentially unwanted applications (PUAs). Walking the thin greyware line, these applications try (and sometimes succeed) to persuade even the AV labs that they are honest and trustworthy. Their motivation is monetary gain, so getting installed on as many computer systems as possible is a way to increase their earnings. This is often achieved by using dubious methods of distribution or using social engineering to trick the user into willingly accepting its installation.

Analysing greyware applications and taking a definitive decision on whether or not to block them is more than often a tedious job, combining research and both dynamic and static analysis. This paper explores the possibility of streamlining the analysis of PUAs by using some of the resources the developers of these applications utilize to justify their behaviour. The End-User License Agreement (EULA) and privacy policy can provide meaningful information about what an application might do. Using natural language processing (NLP) and other techniques, one can begin to distinguish some new patterns. By analysing more than 15 known adware families and their EULAs, we found this to be an effective method to discover new PUAs, even when using automated systems.

Click here for more details about the conference.

Stefan Catalin Hanu

Stefan Catalin Hanu

Stefan Catalin Hanu was born in Bacau, Romania in 1988. In 2010, he received a Bachelor of Science degree from the 'Alexandru Ioan Cuza' University, Faculty of Computer Science. He joined Bitdefender in 2008 as an anti-malware researcher, and since 2010 he has led a small team responsible for improving detection algorithms and creating new heuristics. Since 2013 he has also been a teaching assistant at the 'Alexandru Ioan Cuza' University, Faculty of Computer Science. Stefan has a passion for travelling and photography.

Stefan Mosoi

Stefan Mosoi

Stefan Mosoi was born in Bacau, Romania in 1986. He recieved his Master of Engineering degree in web services composing in 2012 from the 'Gheorge Asachi' Polytechnic University of Iasi, Faculty of Automatic Control and Computer Engineering. He joined Bitdefender in 2010 as an anti-malware reasearcher. Today, he researches new methods of classifying and detecting adware and PUAs, and is learning how to use scripting languages to automate many of his daily tasks. His hobbies include cycling, reading and playing computer games.

Marius Lucaci

Marius Lucaci

Marius Lucaci was born in Bacau, Romania in 1987 and moved to Iasi in 2003. He is currently studying at the 'Alexandru Ioan Cuza' University of Iasi. Marius joined Bitdefender in 2010 as an anti-malware researcher, gaining experience during his first four years of work in areas including reverse engineering, data processing and malware analysis.



twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png