Network Malware Capture

Botnets are a fundamental threat to network security. Their lifecycle follows a repeated pattern of growth via exploitation, infection and communication(command & control). Preventing botnet command & control requires runtime knowledge of communication attributes on a per bot basis. One approach to this is to evaluate the malware binary, but this approach is often significantly hampered by software obfuscation techniques designed to thwart binary analysis. Our research is focused on the collection and analysis of botnet growth patterns as they appear at the network level. This has the tangible result of capturing malware in a pristine state (though often packed). By intercepting the malware while it is transferred during infection prior to it reaching the target host, the captured malware cannot benefit from the complexity of obfuscation and dispersion, which occurs during installation on a target system.