Temporal behaviors of Top-10 malware download in 2010–2012

Abstract

Malware can be widely downloaded over the Internet by the bot-infected computers according to their botmaster in order to form a botnet and eventually to perform cyber attacks. This paper analyzes and summarizes the malware download behaviors of Top-10 malware based on 2010 CCC, 2011 CCC and 2012 IIJ MITF datasets. The datasets contain millions of download logs collected from several Honeypots located in Japan observing malware/bot traffic and activities. These log data have been processed and analyzed in terms of daily and hourly downloads based on our Top-10 processing algorithm. As a result, both daily and hourly download patterns in each year are quite different due to different malware families and spreading protocols.