Bowen Brian M. author Columbia University. Computer Science Prabhu Pratap author Columbia University. Computer Science Kemerlis Vasileios author Columbia University. Computer Science Sidiroglou Stelios author Keromytis Angelos D. author Columbia University. Computer Science Stolfo Salvatore author Columbia University. Computer Science Columbia University. Computer Science originator text Articles 2010 English We introduce BotSwindler, a bait injection system designed to delude and detect crimeware by forcing it to reveal during the exploitation of monitored information. The implementation of BotSwindler relies upon an out-of-host software agent that drives user-like interactions in a virtual machine, seeking to convince malware residing within the guest OS that it has captured legitimate credentials. To aid in the accuracy and realism of the simulations, we propose a low overhead approach, called virtual machine verification, for verifying whether the guest OS is in one of a predefined set of states. We present results from experiments with real credential-collecting malware that demonstrate the injection of monitored financial bait for detecting compromises. Additionally, using a computational analysis and a user study, we illustrate the believability of the simulations and we demonstrate that they are sufficiently human-like. Finally, we provide results from performance measurements to show our approach does not impose a performance burden. Computer science Jha Somesh editor Sommer Robin editor Kreibich Christian editor New York Springer 2010 118 137 http://dx.doi.org/10.1007/978-3-642-15512-3_7 6307 http://hdl.handle.net/10022/AC:P:10845 NNC NNC 2011-08-09 10:55:56 -0400 2012-08-01 10:55:41 -0400 4802 eng