Author Archives: admin

VMware vSphere Java examples

Posted on February 2012 by admin

I had to automate some VMware tasks the other day, and with the latest ESXi it seems the best way is the VI Java API. Note: I typically not code in Java! Continue reading

Posted in research | Tagged , | Leave a comment

Chrome extensions and security

Posted on October 2011 by admin

Adrienne wrote a blog post about some of her recent work analyzing Google Chrome extensions for security related bugs. It’s a nice read and illuminates mistakes made by a surprisingly large number of extension developers (27 / 100 extensions leak … Continue reading

Posted in Uncategorized | Comments Off

paper at IMC 2011

Posted on September 2011 by admin

This year we have a paper studying the activity of suspended users on Twitter, which will appear at IMC in November. The title is “Suspended Accounts In Retrospect: An Analysis of Twitter Spam“, and the paper presents a unique perspective … Continue reading

Posted in Uncategorized | Comments Off

Anti-virus labels are not suitable for system evaluation

Posted on September 2011 by admin

I won’t name names, but there’s plenty of researchers out there that rely on anti-virus labeling in their research. While this could work, without manual validation there’s very little chance the AV labels can be used as any sort of ground truth.

Here’s 5 reports:
1. fc39ce1593cfb6ca1eb0c289a2ca561c
2. c4d93b536f35b350a992a402dfd72e12
3. c77ba55255c1db38568ca3a73d4b8a72
4. e57d938e0754e4fbb3b87cf818a0fc69
5. e397696b7835ccdcfad9d768cf1a091c

Quick highlights in classification from each report:
1. Bredolab, Krap, Ursnif, Downloader, Generic, etc…
2. Krap, Kryptic, Generic packed, etc…
3. Bredolab, Oficla, Krap, Zbot, Ldpinch, etc…
4. Bredolab, Harnig, Krap, Ursnif, etc…
5. FakeAV, Bubnix, etc… Continue reading

Posted in research | Tagged , | Comments Off

Click Trajectories press!

Posted on June 2011 by admin

The paper, “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, got quite a bit of pres recently so there’s a number of great articles that summarize the paper content and have gone out to get quotes from banks and … Continue reading

Posted in research | Comments Off

Papers at 2011 IEEE Symp. on S&P

Posted on May 2011 by admin

We had two papers at Oakland this year, and I’ve put the PDFs up online. Kirill and Kurt  presented on Tuesday afternoon (schedule) NYT Article on the “Click Trajectories” work: http://nyti.ms/j6sf5c “Click Trajectories: End-to-End Analysis of the Spam Value Chain”, … Continue reading

Posted in Uncategorized | Comments Off

Naming some popular spambots

Posted on October 2010 by admin

Part of what I’ve been doing lately is finding, running, and maintaining bots in a controlled environment. The first part, finding, which includes identifying the binaries I’m running, turns out to be difficult to do. Continue reading

Posted in research | Tagged , , | Comments Off

presenting at CCS Tuesday

Posted on October 2010 by admin

I’m going to be at CCS 2010 in Chicago this week presenting @spam: The Underground on 140 Characters or Less. My presentation is the 3rd talk of the conference in the security session (on the first day).

Posted in Uncategorized | Tagged | Comments Off

Illinois email going away!

Posted on September 2010 by admin

grier@uiuc.edu and grier@illinois.edu are going to stop working this Friday! CITES is officially done forwarding my email. Use my new ones @berkeley.edu, or better yet: grier@imchris.org!

Posted in Uncategorized | Comments Off

Running research on AWS

Posted on September 2010 by admin

At the beginning of the year, in the middle of the project that led to the CCS paper on Twitter spam, I decided to try out Amazon Web Services. As I’ve slowly become familiar with the process, I’ve found that … Continue reading

Posted in research | Comments Off