Saha, A., Blasco Alís, J., & Lindorfer, M. (2024). Exploring the Malicious Document Threat Landscape: Towards a Systematic Approach to Detection and Analysis. In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 533–544). https://doi.org/10.1109/EuroSPW61312.2024.00065
2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
-
ISBN:
979-8-3503-6729-4
-
Date (published):
2024
-
Event name:
Workshop on Rethinking Malware Analysis (WoRMA)
en
Event date:
8-Jul-2024 - 12-Jul-2024
-
Event place:
Vienna, Austria
-
Number of Pages:
12
-
Keywords:
large-scale measurement; malicious documents; malware; Microsoft Office; Microsoft Word; Rich Text Format; malware infection vectors
en
Abstract:
Despite being the most common initial attack vector, document-based malware delivery remains understudied compared to research on malicious executables. This limits our understanding of how attackers leverage document file formats and exploit their functionalities for malicious purposes. In this paper, we perform a measurement study that leverages existing tools and techniques to detect, extract, and analyze malicious Office documents. We collect a substantial dataset of 9,086 malicious samples and reveal a critical gap in the understanding of how attackers utilize these documents. Our in-depth analysis highlights emerging tactics used in both targeted and large-scale cyberattacks while identifying weaknesses in common document analysis methods. Through a combination of analysis techniques, we gain crucial in-sights valuable for forensic analysts to assess suspicious files, pinpoint infection origins, and ultimately contribute to the development of more robust detection models. We make our dataset and source code available to the academic community to foster further research in this area.
