Bowen Brian M. author Columbia University. Computer Science Prabhu Pratap author Columbia University. Computer Science Kemerlis Vasileios author Columbia University. Computer Science Sidiroglou Stelios author Columbia University. Computer Science Keromytis Angelos D. author Columbia University. Computer Science Stolfo Salvatore author Columbia University. Computer Science Columbia University. Computer Science originator contributor text Technical reports New York Department of Computer Science, Columbia University 2010 We introduce BotSwindler, a bait injection system designed to delude and detect crimeware by forcing it to reveal itself during the exploitation of monitored information. Our implementation of BotSwindler relies upon an out-of-host software agent to drive user-like interactions in a virtual machine, seeking to convince malware residing within the guest OS that it has captured legitimate credentials. To aid in the accuracy and realism of the simulations, we introduce a low overhead approach, called virtual machine verification, for verifying whether the guest OS is in one of a predefined set of states. We provide empirical evidence to show that BotSwindler can be used to induce malware into performing observable actions and demonstrate how this approach is superior to that used in other tools. We present results from a user study to illustrate the believability of the simulations and show that financial bait information can be used to effectively detect compromises through experimentation with real credential-collecting malware. Computer science CUCS-007-10 http://hdl.handle.net/10022/AC:P:10504 English NNC NNC 2011-06-07 16:01:59 -0400 2012-08-01 10:54:37 -0400 4427 eng