Studying Malicious Websites and the Underground Economy on the Chinese Web

2008 - Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, Wei Zou

Work­shop on the Eco­no­mics of In­for­ma­ti­on Se­cu­ri­ty (WEIS), Hanover, NH, USA, June 2008 [pdf]

Kernel-Level Interception and Applications on Mobile Devices

2008 - Michael Becher, Ralf Hund

Technical Report TR-2008-003, Universität Mannheim, May 2008 [PDF]

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

2008 - Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix C. Freiling

USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008 [pdf]

Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients

2008 - Ali Ikinci, Thorsten Holz, Felix Freiling

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Saarbrücken, April 2008 - **Best Paper Award** [pdf]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008. [PDF]

Rishi: Identifizierung von Bots durch Auswerten der IRC Nicknamen

2008 - Jan Göbel, Thorsten Holz

DFN-CERT Work­shop "Si­cher­heit in ver­netz­ten Sys­te­men", Ham­burg, February 2008 [pdf]

Measuring and Detecting Fast-Flux Service Networks

2008 - Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix Freiling

Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008 [pdf]

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

2007 - Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou

International Conference on Information and Communications Security (ICICS), LNCS 4861, Zhengzhou, China, December 2007 [pdf]

Virtual Honeypots - From Botnet Tracking to Intrusion Detection

2007 - Niels Provos, Thorsten Holz

Addison-Wesley Professional; 1. edition, 440 pages [Link]

Measurement and Analysis of Autonomous Spreading Malware in a University Environment

2007 - Thorsten Holz, Jan Goebel, Carsten Willems

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Lucerne, Switzerland, July 2007 [PDF]