Skip to Main content Skip to Navigation
Conference papers

Large-scale Malware Experiments: Why, How, and So What?

Abstract : One of the most popular research areas in the anti-malware industry (second only to detection) is to document malware characteristics and understand their operations. Most initiatives are based on reverse engineering of malicious binaries so as to understand a threat's features. In order to fully understand the challenges faced by a malware operator, it is sometimes necessary to reproduce a scenario where researchers have to manage thousands of infected computers in order to reach a set of objectives. In this paper, we first discuss the reasons why one would want to replicate a botnet and perform experiments while managing it. In our case, our objective was to emulate the Waledac botnet and assess the performance of a mitigation scheme against its peer-to-peer infrastructure. We then present our experimental methodology and explain the technical decisions we take to perform our experiments. Finally, we explain our results, both in terms of the attacks against the Waledac botnet and challenges we faced while creating our experimental environment.
Document type :
Conference papers
Complete list of metadatas
Contributor : Joan Calvet <>
Submitted on : Tuesday, November 16, 2010 - 6:05:15 PM
Last modification on : Tuesday, May 5, 2020 - 5:02:15 PM


  • HAL Id : inria-00536717, version 1



Joan Calvet, José M. Fernandez, Pierre-Marc Bureau, Jean-Yves Marion. Large-scale Malware Experiments: Why, How, and So What?. Virus Bulletin 2010, Sep 2010, Vancouver, Canada. pp.241--247. ⟨inria-00536717⟩



Record views