{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T00:12:26Z","timestamp":1742947946532,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642236433"},{"type":"electronic","value":"9783642236440"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23644-0_14","type":"book-chapter","created":{"date-parts":[[2012,2,11]],"date-time":"2012-02-11T00:06:20Z","timestamp":1328918780000},"page":"262-280","source":"Crossref","is-referenced-by-count":8,"title":["Banksafe Information Stealer Detection Inside the Web Browser"],"prefix":"10.1007","author":[{"given":"Armin","family":"Buescher","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Felix","family":"Leder","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Siebert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"unstructured":"New Spyeye gains Zeus features, \n                    \n                      http:\/\/blogs.rsa.com\/rsafarl\/new-spyeye-gains-zeus-features-a-detailed-analysis-of-spyeye-trojan-v1-3\/\n                    \n                    \n                   (last visit March 2011)","key":"14_CR1"},{"unstructured":"Understanding Shims, \n                    \n                      http:\/\/technet.microsoft.com\/en-us\/library\/dd837644%28WS.10%29.aspx\n                    \n                    \n                   (last visit March 2011)","key":"14_CR2"},{"unstructured":"Virustotal web antivirus scan service by hispasec sistemas, \n                    \n                      http:\/\/www.virustotal.com\/\n                    \n                    \n                   (last visit March 2011)","key":"14_CR3"},{"unstructured":"Windows XP Application Compatibility Technologies, \n                    \n                      http:\/\/technet.microsoft.com\/en-us\/library\/bb457032.aspx\n                    \n                    \n                   (last visit March 2011)","key":"14_CR4"},{"unstructured":"Abuse.ch. abuse.ch spyeye tracker, \n                    \n                      https:\/\/spyeyetracker.abuse.ch\/\n                    \n                    \n                   (last visit March 2011)","key":"14_CR5"},{"unstructured":"Abuse.ch. abuse.ch zeus tracker, \n                    \n                      https:\/\/zeustracker.abuse.ch\/\n                    \n                    \n                   (last visit March 2011)","key":"14_CR6"},{"doi-asserted-by":"crossref","unstructured":"Apel, M., Bockermann, C., Meier, M.: Measuring similarity of malware behavior. In: Proceedings of the IEEE 34th Conference on Local Computer Networks, pp. 891\u2013898 (2009)","key":"14_CR7","DOI":"10.1109\/LCN.2009.5355037"},{"key":"14_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Andersen, J., Morleymao, Z., Jahanian, F.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"14_CR9","volume-title":"The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System","author":"B. Blunden","year":"2009","unstructured":"Blunden, B.: The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones and Bartlett Publishers, Inc., USA (2009)"},{"unstructured":"Butler, J., Hoglund, G.: System virginity verifier. In: Black Hat 2004, Las Vegas, USA (2004)","key":"14_CR10"},{"unstructured":"Coogan, P.: Symantec blog - spyeye bot versus zeus bot, \n                    \n                      http:\/\/www.symantec.com\/connect\/de\/blogs\/spyeye-bot-versus-zeus-bot\n                    \n                    \n                   (last visit March 2011)","key":"14_CR11"},{"unstructured":"F-Secure. ZeuS Variants Targeting Mobile Banking, \n                    \n                      http:\/\/www.f-secure.com\/weblog\/archives\/00002123.html\n                    \n                    \n                   (last visit March 2011)","key":"14_CR12"},{"unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proc. Network and Distributed Systems Security Symposium (February 2003)","key":"14_CR13"},{"key":"14_CR14","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G. Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Reading (2005)"},{"key":"14_CR15","first-page":"14","volume-title":"Proceedings of the 3rd Conference on USENIX Windows NT Symposium","author":"G. Hunt","year":"1999","unstructured":"Hunt, G., Brubacher, D.: Detours: binary interception of win32 functions. In: Proceedings of the 3rd Conference on USENIX Windows NT Symposium, vol.\u00a03, p. 14. USENIX Association, Berkeley (1999)"},{"unstructured":"Husse, C.: Easyhook library, \n                    \n                      http:\/\/www.codeplex.com\/easyhook\n                    \n                    \n                   (last visit March 2011)","key":"14_CR16"},{"key":"14_CR17","first-page":"190","volume-title":"Programming Language Design and Implementation","author":"C. keung Luk","year":"2005","unstructured":"keung Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Janapa, V., Hazelwood, R.K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: Programming Language Design and Implementation, pp. 190\u2013200. ACM Press, New York (2005)"},{"unstructured":"Krebs, B.: Operation trident breach, \n                    \n                      http:\/\/krebsonsecurity.com\/tag\/operation-trident-breach\/\n                    \n                    \n                   (last visit March 2011)","key":"14_CR18"},{"unstructured":"Stevens, K., Jackson, D.: Zeus banking trojan report. Technical report, Dell SecureWorks (March 2010)","key":"14_CR19"},{"unstructured":"Lanzi, A., Sharif, M.I., Lee, W.: K-tracer: A system for extracting kernel malware behavior. In: Network and Distributed System Security Symposium, San Diego, California (2009)","key":"14_CR20"},{"unstructured":"Leder, F., Plohmann, D.: Pybox - a python approach to sandboxing. In: 5th SPRING Workshop, Bonn, Germany (April 2010) (GI SIG SIDAR)","key":"14_CR21"},{"doi-asserted-by":"crossref","unstructured":"Leder, F., Steinbock, B., Martini, P.: Classification and detection of metamorphic malware using value set analysis. In: Proceedings of the 4th International Conference on Malicious and Unwanted Software (October 2009)","key":"14_CR22","DOI":"10.1109\/MALWARE.2009.5403019"},{"key":"14_CR23","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1109\/MSP.2006.11","volume":"4","author":"J.G. Levine","year":"2006","unstructured":"Levine, J.G., Grizzard, J.B., Owen, H.L.: Detecting and categorizing kernel-level rootkits to aid future detection. IEEE Security and Privacy\u00a04, 24 (2006)","journal-title":"IEEE Security and Privacy"},{"key":"14_CR24","first-page":"243","volume-title":"Proceedings of the 17th Conference on Security Symposium","author":"L. Litty","year":"2008","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the 17th Conference on Security Symposium, pp. 243\u2013258. USENIX Association, Berkeley (2008)"},{"doi-asserted-by":"crossref","unstructured":"Lobo, D., Watters, P., Wu, X.: Rbacs: Rootkit behavioral analysis and classification system. In: International Workshop on Knowledge Discovery and Data Mining, pp. 75\u201380 (2010)","key":"14_CR25","DOI":"10.1109\/WKDD.2010.23"},{"doi-asserted-by":"crossref","unstructured":"Lobo, D., Watters, P., Wu, X.-W.: Identifying rootkit infections using data mining. In: 2010 International Conference on Information Science and Applications (ICISA), pp. 1\u20137 (April 2010)","key":"14_CR26","DOI":"10.1109\/ICISA.2010.5480359"},{"doi-asserted-by":"crossref","unstructured":"Lobo, D., Watters, P., Wu, X.-W.: A new procedure to help system\/network administrators identify multiple rootkit infections. In: Proceedings of the 2010 Second International Conference on Communication Software and Networks, ICCSN 2010, Washington, DC, USA, pp. 124\u2013128 (2010)","key":"14_CR27","DOI":"10.1109\/ICCSN.2010.14"},{"unstructured":"Pietrek, M.: An in-depth look into the win32 portable executable file format, \n                    \n                      http:\/\/msdn.microsoft.com\/en-us\/magazine\/cc301808.aspx\n                    \n                    \n                   (last visit March 2011)","key":"14_CR28"},{"key":"14_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., Duessel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 108\u2013125. Springer, Heidelberg (2008)"},{"key":"14_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-87403-4_1","volume-title":"Recent Advances in Intrusion Detection","author":"R. Riley","year":"2008","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"14_CR31","first-page":"47","volume-title":"Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys 2009","author":"R. Riley","year":"2009","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-aspect profiling of kernel rootkit behavior. In: Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys 2009, pp. 47\u201360. ACM, New York (2009)"},{"unstructured":"Rutkowska, J.: System virginity verifier. In: Black Hat 2006, Washington, D.C. USA (2006)","key":"14_CR32"},{"key":"14_CR33","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1145\/1323293.1294294","volume":"41","author":"A. Seshadri","year":"2007","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. SIGOPS Oper. Syst. Rev.\u00a041, 335\u2013350 (2007)","journal-title":"SIGOPS Oper. Syst. Rev."},{"unstructured":"Tereshkin, A., Wojtczuk, R.: Introducing ring -3 rootkits. Technical report, Invisible Things Lab, Wisconsin, USA (July 2009)","key":"14_CR34"},{"unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X.: Countering persistent kernel rootkits through systematic hook discovery. In: Recent Advances in Intrusion Detection (2008)","key":"14_CR35"},{"unstructured":"Wicherski, G.: pehash: A novel approach to fast malware clustering. In: Proceedings of the 2nd Usenix Workshop on Large-scale Exploits and Emergent Threats (2009)","key":"14_CR36"},{"unstructured":"Yin, H., Liang, Z., Song, D.: Hookfinder: Identifying and understanding malware hooking behaviors. In: Network and Distributed System Security Symposium (2008)","key":"14_CR37"},{"key":"14_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-14215-4_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"H. Yin","year":"2010","unstructured":"Yin, H., Poosankam, P., Hanna, S., Song, D.: HookScout: Proactive and binary centric hook detection. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol.\u00a06201, pp. 1\u201320. Springer, Heidelberg (2010)"},{"doi-asserted-by":"crossref","unstructured":"Zhang, Q., Reeves, D.S.: Metaaware: Identifying metamorphic malware. In: Proceedings of the 23rd Annual Computer Security Applications Conference, pp. 411\u2013420 (2007)","key":"14_CR39","DOI":"10.1109\/ACSAC.2007.4413007"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23644-0_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,27]],"date-time":"2019-04-27T12:18:01Z","timestamp":1556367481000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23644-0_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236433","9783642236440"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23644-0_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}