<div class="csl-bib-body">
<div class="csl-entry">Saha, A., Blasco Alís, J., & Lindorfer, M. (2024). Exploring the Malicious Document Threat Landscape: Towards a Systematic Approach to Detection and Analysis. In <i>2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)</i> (pp. 533–544). https://doi.org/10.1109/EuroSPW61312.2024.00065</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/203671
-
dc.description.abstract
Despite being the most common initial attack vector, document-based malware delivery remains understudied compared to research on malicious executables. This limits our understanding of how attackers leverage document file formats and exploit their functionalities for malicious purposes. In this paper, we perform a measurement study that leverages existing tools and techniques to detect, extract, and analyze malicious Office documents. We collect a substantial dataset of 9,086 malicious samples and reveal a critical gap in the understanding of how attackers utilize these documents. Our in-depth analysis highlights emerging tactics used in both targeted and large-scale cyberattacks while identifying weaknesses in common document analysis methods. Through a combination of analysis techniques, we gain crucial in-sights valuable for forensic analysts to assess suspicious files, pinpoint infection origins, and ultimately contribute to the development of more robust detection models. We make our dataset and source code available to the academic community to foster further research in this area.
en
dc.language.iso
en
-
dc.subject
large-scale measurement
en
dc.subject
malicious documents
en
dc.subject
malware
en
dc.subject
Microsoft Office
en
dc.subject
Microsoft Word
en
dc.subject
Rich Text Format
en
dc.subject
malware infection vectors
en
dc.title
Exploring the Malicious Document Threat Landscape: Towards a Systematic Approach to Detection and Analysis
en
dc.type
Inproceedings
en
dc.type
Konferenzbeitrag
de
dc.contributor.affiliation
Universidad Politécnica de Madrid, Spain
-
dc.relation.isbn
979-8-3503-6729-4
-
dc.description.startpage
533
-
dc.description.endpage
544
-
dc.type.category
Full-Paper Contribution
-
tuw.booktitle
2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)