Talk 4

Malware Authors Are Just Writing Software: What Can the Software Development Life Cycle and Social Network Analysis Teach Us About Malware Attribution?

Malware is just software—with some special characteristics—and malware authors are just specialized software developers. Software development, including malware development, is an inherently "social" activity—all software is composed of contributions from multiple authors, either explicitly by a software development team or implicitly through the inclusion of libraries and other shared code. Software development is characterized by a software development life cycle, and given that it is a social process, social network analysis can be applied to the contributors and contributions for a given software binary. We argue that each malware binary is produced using some form of a software development life cycle, and there will be clues—artifacts—as to the contributions and contributors for that piece of software that can be studied using social network analysis.