The Rise of Potentially Unwanted Programs: Measuring its Prevalence, Distribution through Pay-Per-Install Services, and Economics
IMDEA Software Institute in Madrid
Abstract : Potentially unwanted programs (PUP) such as adware and rogueware, while not outright malicious, exhibit intrusive behavior that generates user complaints and makes security vendors flag them as undesirable. PUP has been little studied in the research literature despite recent indications that its prevalence may have surpassed that of malware. We have performed a systematic study of Windows PUP over a period of 4 years using a variety of datasets including malware repositories, AV telemetry from 3.9 million real Windows hosts, dynamic executions, and financial statements. This presentation summarizes what we have learned from our measurements on PUP prevalence, its distribution through pay-perinstall (PPI) services, which link advertisers that want to promote their programs with affiliate publishers willing to bundle their programs with offers for other software, and the economics of PPI services that distribute PUP.
Bio: Juan Caballero is an Associate Research Professor at the IMDEA Software Institute in Madrid, Spain. His research focuses on security issues in systems, software, and networks. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University, USA. His research regularly appears at top security venues and has won two best paper awards at the USENIX Security Symposium. He is an Associate Editor for ACM Transactions on Privacy and Security (TOPS). He has been in the technical committee of venues such as IEEE S&P, ACM CCS, USENIX Security, NDSS, WWW, RAID, and DIMVA. He is program co-chair for the 2017 Annual Computer Security Applications Conference (ACSAC). Previously, he has been program chair or co-chair for Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA, 2016), the Digital Forensics Research Symposium (DFRWS, 2014 & 2013), the European Workshop on Systems Security (EuroSec, 2015 & 2014), and the International Symposium on Engineering Secure Software and Systems (ESSoS, 2015 & 2016).Date: 2017-Jun-12 Time: 11:00:00 Room: 336