N. Crée, Télécharge Exécute Chaîne spéciale Détection Date publication Alias Hôtes distants contactés Ransom:Win32/Reveton.R!lnk Ransom:Win32/Reveton, p.8, 2013.

/. Win32 and . Reveton, M trojan (ESET) CXmal/RnsmLnk-A (Sophos) PWS:Win32/Reveton, 2013.

L. Vers-une-version-de, L. , and .. , diffusé de façon massive sur Twitter en janvier 2012, p.30

R. Objet-de-la-classe-de-botnets-casier and .. , héritier de Goldenbaks avec un modèle de type affiliation et créé par un groupe allant par le nom de " GangstaMoney " ), p.37

1. Pourcentage-du-parc-informatique, système d'exploitation) mis à jour automatiquement , 0 : 0%, p.169

R. Antonakakis, Y. Perdisci, N. Nadji, S. Vasiloglou, W. Abu-nimeh et al., From throw-away traffic to bots : Detecting the rise of dga-based malware, Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pp.24-24, 2012.

]. D. Arsg-+-13, C. Andriesse, B. Rossow, D. Stone-gross, H. Plohmann et al., Highly resilient peer-to-peer botnets are here : An analysis of gameover zeusThe Americas, Malicious and Unwanted SoftwareMALWARE), 2013 8th International Conference on, pp.116-123, 2013.

[. Rajab and J. Zarfoss, Fabian Monrose et Andreas Terzis : A multifaceted approach to understanding the botnet phenomenon, Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC '06, pp.41-52, 2006.

[. Asert, Illuminating the etumbot apt backdoor, Arbor Networks, 2014.

[. Alam, I. Sogukpinar, I. Traore, and Y. Coady, Incloud malware analysis and detection : State of the art, Proceedings of the 7th International Conference on Security of Information and Networks, SIN '14, pp.473-473478, 2014.

[. Bossert, F. Guihéry, and G. Hiet, Towards automated protocol reverse engineering using semantic information, Proceedings of the 9th ACM symposium on Information, computer and communications security, ASIA CCS '14, pp.51-62, 2014.
DOI : 10.1145/2590296.2590346

URL : https://hal.archives-ouvertes.fr/hal-01009283

[. Bächer, T. Holz, M. Kötter, and G. Wicherski, Know your Enemy : Tracking Botnets

. Bibliographie-[-bit10 and . Bitdefender, Bitdefender issues emergency update : Twitter-controlled botnet self development kit at large. http://www.bitdefender.com/news/ bitdefender-issues-emergency-update:-twitter-controlled-botnet- self-development-kit-at-large-1544, 2010.

[. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, EX- POSURE : Finding malicious domains using passive DNS analysis, NDSS 2011, 18th Annual Network and Distributed System Security Symposium, pp.6-9

[. Bilge, A. Lanzi, and D. Balzarotti, Thwarting real-time dynamic unpacking, Proceedings of the Fourth European Workshop on System Security, EUROSEC '11, pp.1-5, 2011.
DOI : 10.1145/1972551.1972556

. Blu15 and . Blueliv, Chasing cybercrime : network insights of dyre and dridex trojan bankers. https://www.blueliv.com/research/chasing-the-cybercrimenetwork-insights-of-dyre-and-dridex-trojan-bankers-report, 2015.

J. Boutin, The evolution of webinjects. https://www.virusbtn. com, 2014.

]. T. Bri95 and . Brisco, DNS Support for Load Balancing, RFCInformational), vol.1794, 1995.

[. Bruneau, Dns sinkhole. http://www.sans.org/reading-room/ whitepapers/dns/dns-sinkhole-33523, 2010.

L. Bilge, S. Sen, D. Balzarotti, E. Kirda, and C. Kruegel, Exposure, ACM Transactions on Information and System Security, vol.16, issue.4, pp.1-1428, 2014.
DOI : 10.1145/2584679

[. Barford and V. Yegneswaran, An inside look at botnets. Advances in Information Security, pp.171-191, 2007.

A. A. Cárdenas, S. Amin, Y. Zong-syun-lin, C. Huang, S. Huang et al., Attacks against process control systems, Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, pp.355-366, 2011.
DOI : 10.1145/1966913.1966959

J. Calvet, Dynamic Analysis of Malicious Software. Theses, 2013.
URL : https://hal.archives-ouvertes.fr/tel-00922384

L. R. Caldwell, Assuring authority for courts to shut down botnets, 2015.

[. Botnet, Internet Census 2012 ? Port Scanning /0 Using Insecure Embedded Devices, 2013.

[. Certa, Terminologie d'usage au certa, 2006.

[. Campion, T. Fontvielle, and E. Freyssinet, Filtrage d'Arnaques dans un Corpus de Spams : Une application de Filtrar-S à la sécurité du citoyen, Workshop interdisciplinaire sur la sécurité globale (WISG), 2012.

J. Calvet, M. José, J. Fernandez, and . Marion, Aligot, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.169-182
DOI : 10.1145/2382196.2382217

URL : https://hal.archives-ouvertes.fr/hal-00762924

J. Caballero, C. Grier, C. Kreibich, and V. Paxson, Measuring pay-per-install : The commoditization of malware distribution, Proceedings of the 20th USENIX Conference on Security, pp.13-13, 2011.

C. Chen, X. Guo, F. Yuan, H. Merkle, T. Schaefer et al., OCEANS, Proceedings of the Eleventh Workshop on Visualization for Cyber Security, VizSec '14, pp.1-8, 2014.
DOI : 10.1145/2671491.2671493

A. Chen, The evil new tactic behind anonymous' massive megaupload revenge attack. http://gawker.com/5877707/the-evil-new- tactic-behind-anonymous-massive-revenge-attack, 2012.

[. Choi, H. Lee, and H. Kim, BotGAD, Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE '09, pp.1-2, 2009.
DOI : 10.1145/1621890.1621893

C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert, Zozzle : Fast and precise in-browser javascript malware detection, Proceedings of the 20th USENIX Conference on Security, pp.3-3, 2011.

[. Carettoni, C. Merloni, and S. Zanero, Studying Bluetooth Malware Propagation: The BlueBag Project, IEEE Security and Privacy Magazine, vol.5, issue.2, pp.17-25, 2007.
DOI : 10.1109/MSP.2007.43

[. Cnil, http://www.legifrance.gouv.fr/affichJuriAdmin.do?oldAction= rechJuriAdmin&idTexte=CETATEXT000030445581, mars 2015 Colombo : Cerberus : Detection and characterization of automatically-generated malicious domains, 2014.

L. Cai and R. Rojas-cessa, Mitigation of malware proliferation in p2p networks using double-layer dynamic trust (ddt) management scheme, Sarnoff Symposium, 2009. SARNOFF '09, pp.1-5, 2009.

B. [. Claise and P. Trammell, Aitken : Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information, RFC 7011 (INTERNET STANDARD), 2013.

C. Bibliographie, C. Collberg, D. Thomborson, and . Low, A taxonomy of obfuscating transformations. Rapport technique 148, 1997.

[. Cwg, Conficker working group : lessons learned

M. [. Dittrich, E. Bailey, and . Kenneally, Applying Ethical Principles to Information and Communication Technology Research: A Companion to the Menlo Report, SSRN Electronic Journal, 2013.
DOI : 10.2139/ssrn.2342036

R. Carlton, J. M. Davis, S. Fernandez, and . Neville, Optimising sybil attacks against p2p-based botnets, 4th International Conference on Malicious and Unwanted Software, pp.78-87, 2009.

[. Dagon, G. Gu, C. P. Lee, and W. Lee, A taxonomy of botnet structures, Computer Security Applications Conference ACSAC 2007. Twenty-Third Annual, pp.325-339, 2007.

A. Dainotti, A. King, F. Kc-claffy, A. Papale, and . Pescapè, Analysis of a "/0" stealth scan from a botnet, Proceedings of the 2012 ACM conference on Internet measurement conference, IMC '12, pp.1-14, 2012.
DOI : 10.1145/2398776.2398778

[. Dagon and W. Lee, Global internet monitoring using passive dns Conference For Homeland Security, Cybersecurity Applications & Technology, vol.0, pp.163-168, 2009.

[. Dingledine, N. Mathewson, and P. Syverson, Tor : The secondgeneration onion router, Proceedings of the 13th Conference on USENIX Security Symposium, pp.21-21, 2004.

[. Devi and S. Nandi, Detection of packed malware, Proceedings of the First International Conference on Security of Internet of Things, SecurIT '12, pp.22-26
DOI : 10.1145/2490428.2490431

R. John and . Douceur, The sybil attack, Revised Papers from the First International Workshop on Peer-to-Peer Systems, IPTPS '01, pp.251-260, 2002.

. J. Drf-+-11-]-c, C. Dietrich, F. C. Rossow, H. Freiling, M. Bos et al., On botnets that use dns for command and control, Computer Network Defense (EC2ND) Seventh European Conference on, pp.9-16, 2011.

[. Dunham, Mobile Malware Attacks and Defense, 2009.

[. Eckersley, How Unique Is Your Web Browser?, Proceedings of the 10th International Conference on Privacy Enhancing Technologies, PETS'10, pp.1-18, 2010.
DOI : 10.1007/978-3-642-14527-8_1

[. Rodionov and A. Matrosov, Hodprot : hot to bot, 2011.

[. Eset, Miniduke still duking it out, 2014.

M. Egele, T. Scholte, E. Kirda, and C. Kruegel, A survey on automated dynamic malware-analysis techniques and tools, ACM Computing Surveys, vol.44, issue.2, pp.6-7, 2008.
DOI : 10.1145/2089125.2089126

J. Esparza, Sopelka botnet : three banking trojans and one banking panel

G. Farnham, Detecting dns tunneling. http://info.opendns.com/rs/ opendns/images/OpenDNS_SecurityWhitepaper-DNSRoleInBotnets.pdf, 2013.

[. Fedynyshyn, M. Choo-chuah, and G. Tan, Detection and classification of different botnet c&#38 ;c channels, Proceedings of the 8th International Conference on Autonomic and Trusted Computing, pp.228-242, 2011.

[. Howard, Poisoned search results : How hackers have automated search engine poisoning attacks to distribute malware. https://www.sophos.com/medialibrary/PDFs, 2010.

[. Fox-it, Anunak :apt against financial institutions. https://www.fox-it.com/en/files, 2014.

. Fireeye, Poison ivy : assessing damage and extracting intelligence . https://www.fireeye.com/content/dam/fireeye-www/global/en/ current-threats/pdfs/rpt-poison-ivy.pdf, août 2014. [Fit09] Patrick Fitzgerald : Twitter + pastebin = malware update, 2009.

[. Freyssinet, Hébergeurs malhonnêtes : nouvelle fermeture (3fn) http://blog.crimenumerique.fr [Fre10] Éric Freyssinet : Réflexions pour un plan d'action contre les botnets, Symposium sur la sécurité des technologies de l'information et des communications, 2009.

[. Freyssinet, Vulnérabilité java cve-2012-4681 ? et si on devenait enfin responsables ! http://blog.crimenumerique.frvulnerabilite-java-cve-2012-4681-et-si-on-devenait-enfin- responsables/, août 2012. [Fre12c] Éric Freyssinet : La citadelle du crime, 2012.

[. Freyssinet, Les menaces se propagent silencieusement malgré les mises à jours (de java) http://blog.crimenumerique.frles- menaces-se-propagent-silencieusement-malgre-les-mises-a-joursde-java, 2013.

[. Guo, P. Ferrie, . Tzi-cker, and . Chiueh, A Study of the Packer Problem and Its Solutions, Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, RAID '08, pp.98-115, 2008.
DOI : 10.1007/978-3-540-87403-4_6

. Zhao, Detecting and characterizing social spam campaigns, Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC '10, pp.35-47, 2010.

[. Graziano, C. Leita, and D. Balzarotti, Towards network containment in malware analysis systems, Proceedings of the 28th Annual Computer Security Applications Conference on, ACSAC '12, pp.339-348
DOI : 10.1145/2420950.2421000

D. [. Greene and . Mcpherson, Sink holes : A swiss army knife isp security tool, 2003.

K. [. Guerid, A. Mittig, and . Serhrouchni, Privacy-preserving domainflux botnet detection in a large scale network, Communication Systems and Networks (COMSNETS), 2013 Fifth International Conference on, pp.1-9, 2013.

[. Gañán, O. Cetin, and . Michel-van-eeten, An empirical analysis of zeus c&c lifetime, Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '15, pp.97-108, 2015.

[. Goncharov, Traffic direction systems as malware distribution tools

J. Greenwood, Galileo rcs ? running an espionage operation . https://www.4armed.com/blog/galileo-rcs-running-espionage- operation A connection patternbased approach to detect network traffic anomalies in critical infrastructures, Proceedings of the Seventh European Workshop on System Security, Euro- Sec '14, pp.1-1, 2014.

C. Guarnieri and M. Schloesser, Skynet, a tor-powered botnet straight from reddit. https://community.rapid7.com/community/ infosec/blog, 2012.

[. Grier, K. Thomas, V. Paxson, and M. Zhang, @spam, Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pp.27-37, 2010.
DOI : 10.1145/1866307.1866311

G. Gu, J. Zhang, and W. Lee, BotSniffer : Detecting botnet command and control channels in network traffic, Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), 2008.

W. Harrop and G. Armitage, Greynets, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data , MineNet '05, pp.171-172, 2005.
DOI : 10.1145/1080173.1080177

[. Hensing, Wormbotdoorkit ? kitbotwormdoor ? trojwormrootbot ? malware by any other name . . . 2005 -the year of the rootkit ? http://blogs.technet.com/b/robert_hensing/archive, 2005.

[. Bibliographie, T. Hohlfeld, F. Graf, and . Ciucu, Longtime behavior of harvesting spam bots, Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC '12, pp.453-460

[. Hund, M. Hamann, and T. Holz, Towards Next-Generation Botnets, 2008 European Conference on Computer Network Defense, pp.33-40, 2008.
DOI : 10.1109/EC2ND.2008.11

[. Hu, M. Knysz, and K. G. Shin, Measurement and analysis of global ipusage patterns of fast-flux botnets, INFOCOM, pp.2633-2641, 2011.

[. Humphries, N. Prigent, C. Bidan, and F. Majorczyk, CORGI, Proceedings of the Eleventh Workshop on Visualization for Cyber Security, VizSec '14, pp.57-64, 2014.
DOI : 10.1145/2671491.2671494

URL : https://hal.archives-ouvertes.fr/hal-01096331

. Dr, D. Giles-hogben, E. Plohmann, F. Gerhards-padilla, and . Leder, Botnets : Detection, measurement, disinfection & defence, 2011.

. Hus-+-14-]-f, E. Haltas, N. Uzun, A. Siseci, and . Posul, Emre : An automated bot detection system through honeypots for large-scale, Cyber Conflict 6th International Conference On, pp.255-270, 2014.

[. Itabashi, Malware classification based on extracted api sequences using static analysis, Proceedings of the Asian Internet Engineeering Conference, AINTEC '12, pp.31-38, 2008.

[. Jelasity and V. Bilicki, Towards automated detection of peer-topeer botnets : On the limits of local approaches, Proceedings of the 2Nd USENIX Conference on Large-scale Exploits and Emergent Threats : Botnets, Spyware, Worms, and More, LEET'09, pp.3-3, 2009.

D. Jang, M. Kim, J. , and B. Noh, Analysis of HTTP2P botnet : case study waledac, Communications (MICC), 2009 IEEE 9th Malaysia International Conference on, pp.409-412, 2009.

J. P. John, A. Moshchuk, S. D. Gribble, and A. Krishnamurthy, Studying spamming botnets using botlab, Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI'09, pp.291-306, 2009.

[. Jian, K. Zheng, Y. Yang, and X. Niu, An Evaluation Model of Botnet Based on Peer to Peer, 2012 Fourth International Conference on Computational Intelligence and Communication Networks, pp.925-929, 2012.
DOI : 10.1109/CICN.2012.46

A. Kalafut, A. Acharya, and M. Gupta, A study of malware in peer-to-peer networks, Proceedings of the 6th ACM SIGCOMM on Internet measurement , IMC '06, pp.327-332, 2006.
DOI : 10.1145/1177080.1177124

[. Kamluk, The mystery of duqu : part six (the command and control servers) http://www.securelist.com/en/blog, 2011.

[. Katsuki, Malware targeting windows 8 uses google docs, 2012.

E. Brent-byunghoon-kang, C. P. Chan-tin, J. Lee, H. J. Tyra, C. Kang et al., Towards complete node enumeration in a peer-to-peer botnet, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, pp.23-34, 2009.

[. Konte, N. Feamster, and J. Jung, Dynamics of Online Scam Hosting Infrastructure, Proceedings of the 10th International Conference on Passive and Active Network Measurement, PAM '09, pp.219-228, 2009.
DOI : 10.1007/978-3-540-73614-1_8

[. Krueger, H. Gascon, N. Krämer, and K. Rieck, Learning stateful models for network honeypots, Proceedings of the 5th ACM workshop on Security and artificial intelligence, AISec '12, pp.37-48
DOI : 10.1145/2381896.2381904

[. Kharouni, Automating online banking fraud, 2012.

[. Krenc, O. Hohlfeld, and A. Feldmann, An internet census taken by an illegal botnet, ACM SIGCOMM Computer Communication Review, vol.44, issue.3, pp.103-111, 2014.
DOI : 10.1145/2656877.2656893

J. Kirk, Did dutch police break the law taking down a botnet

C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. M. Voelker et al., Spamalytics : An empirical analysis of spam marketing conversion, Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS '08, pp.3-14, 2008.

[. Krebs, Java : A Gift to Exploit Pack Makers, 2010.

[. Krebs, The target breach by the numbers, 2014.

[. Karasaridis, B. Rexroad, and D. Hoeflin, Wide-scale botnet detection and characterization, Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots'07, pp.7-7, 2007.

J. Kristoff, Experiences with conficker c sinkhole operation and analysis, AusCERT Conference, 2009.

G. H. Kim and H. Eugene, Spafford : The design and implementation of tripwire : A file system integrity checker, Proceedings of the 2Nd ACM Conference on Computer and Communications Security, CCS '94, pp.18-29, 1994.

I. Kelley and I. Taylor, A peer-to-peer architecture for data-intensive cycle sharing, Proceedings of the first international workshop on Network-aware data management, NDM '11, pp.65-72, 2011.
DOI : 10.1145/2110217.2110227

[. Kirat, G. Vigna, and C. Kruegel, BareBox, Proceedings of the 27th Annual Computer Security Applications Conference on, ACSAC '11, pp.403-412, 2011.
DOI : 10.1145/2076732.2076790

[. Kirat, G. Vigna, and C. Kruegel, Barecloud : Bare-metal analysis-based evasive malware detection, Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, pp.287-301

M. Kucherawy and E. Zwicky, Domain-based Message Authentication, Reporting, and Conformance (DMARC), RFC, vol.7489, 2015.
DOI : 10.17487/rfc7489

L. Liu, S. Chen, G. Yan, and Z. Zhang, BotTracer: Execution-Based Bot-Like Malware Detection, Proceedings of the 11th International Conference on Information Security, ISC '08, pp.97-113, 2008.
DOI : 10.1007/978-3-540-85886-7_7

A. Lelli and . Trojan, whitewell : what's your (bot) facebook status today ? http://www.symantec.com/connect/blogs/trojanwhitewell-whats-your-bot-facebook-status-today, 2009.

[. Liu, J. Gong, and W. Yang, Jakalan : A survey of botnet size measurement, Networking and Distributed Computing (ICNDC), 2011.

[. Lipovsky, Eset analyzes first android file-encrypting, tor-enabled ransomware, 2014.

[. Lee, K. Jeong, and H. Lee, Detecting metamorphic malwares using code graphs, Proceedings of the 2010 ACM Symposium on Applied Computing, SAC '10, pp.1970-1977, 2010.
DOI : 10.1145/1774088.1774505

W. Lin and D. Lee, Traceback Attacks in Cloud -- Pebbletrace Botnet, 2012 32nd International Conference on Distributed Computing Systems Workshops, pp.417-426, 2012.
DOI : 10.1109/ICDCSW.2012.61

[. Mokube and M. Adams, Honeypots, Proceedings of the 45th annual southeast regional conference on , ACM-SE 45, pp.321-326, 2007.
DOI : 10.1145/1233341.1233399

. Malwaretech, Infamous skynet botnet author allegedly arrested

[. Martin, Botnets controladas por twitter, 2015.

[. Matrosov, Mysterious avatar rootkit with api, sdk, and yahoo groups for c&c communicationmysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups- for-cc-communication, 2013.

[. Matrosov, The rise of tor-based botnetsthe-rise-of-tor-based-botnets, 2013.

M. [. Martignoni, S. Christodorescu, and . Jha, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp.431-441, 2007.
DOI : 10.1109/ACSAC.2007.15

[. Mcwhorter, Apt1, exposing one of china's cyber espionage units. Rapport technique, MANDIANT, 2013.

[. Malatras, E. Freyssinet, and L. Beslay, Mobile Botnets Taxonomy and Challenges, 2015 European Intelligence and Security Informatics Conference, p.2015, 2015.
DOI : 10.1109/EISIC.2015.13

URL : https://hal.archives-ouvertes.fr/hal-01180705

]. S. Mfw-+-12, J. Marchal, C. Francois, R. Wagner, A. State et al., Dnssm : A large scale passive dns security monitoring framework, Network Operations and Management Symposium (NOMS), 2012 IEEE, pp.988-993, 2012.

[. Mohan and K. W. Hamlen, Frankenstein : Stitching malware from benign binaries, Proceedings of the 6th USENIX Conference on Offensive Technologies, WOOT'12, pp.8-8

[. Miller, Battery firmware hacking, Black Hat USA 2011, 2011.

M. Peter, K. Mell, J. Kent, and . Nusbaum, Sp 800-83. guide to malware incident prevention and handling. Rapport technique, National Institute of Standards & Technology, 2005.

B. Mao, C. Lin, J. Pan, K. Chang, C. Faloutsos et al., EigenBot, Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics, ISI-KDD '12, pp.1-5, 2012.
DOI : 10.1145/2331791.2331796

M. Motoyama, D. Mccoy, K. Levchenko, S. Savage, and M. Geoffrey, Voelker : An analysis of underground forums, Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp.71-80, 2011.

[. Meer and M. Slaviero, Bring back the honeypots

C. Miller and C. Valasek, Remote exploitation of an unaltered passenger vehicle, 2015.

M. Nadji, R. Antonakakis, D. Perdisci, W. Dagon, and . Lee, Beheading hydras, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.121-132, 2013.
DOI : 10.1145/2508859.2516749

[. Naraine, Five charged in largest hacking scheme ever prosecuted in us. http://www.securityweek.com/five-charged-largest-hackingscheme-ever-prosecuted-us, 2013.

M. Vincent-nicomette, E. Kaâniche, M. Alata, and . Herrb, Set-up and deployment of a high-interaction honeypot: experiment and lessons learned, Journal in Computer Virology, vol.39, issue.5, pp.143-157, 2011.
DOI : 10.1007/s11416-010-0144-2

[. Oberheide, M. Bailey, and F. Jahanian, Polypack : An automated online packing service for optimal antivirus evasion, Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT'09, pp.9-9, 2009.

O. Gavin and . Gorman, Google groups trojan. http://www.symantec.com/ connect/blogs/google-groups-trojan, septembre, 2009.

[. Pantanilla, Disttrack malware overwrites files, infects mbr. http://blog.trendmicro.com/disttrack-malware-overwrites-filesinfects-mbr , août 2012. [Par13] Parlement Européen et Conseil de l'Union Européenne : Directive 2013/40/ue du parlement europÉen et du conseil du 12 août 2013 relative aux attaques contre les systèmes d'information et remplaçant la décision-cadre, pp.32013-32053, 2005.

V. Pearce, C. Dave, K. Grier, S. Levchenko, D. Guha et al., Voelker : Characterizing large-scale click fraud in zeroaccess, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pp.141-152, 2014.

E. [. Plohmann and . Gerhards-padilla, Case study of the miner botnet, Cyber Conflict (CYCON), 2012 4th International Conference on, pp.1-16, 2012.

A. Pathak, Y. C. Hu, and Z. M. Mao, Peeking into spammer behavior from a unique vantage point, Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET'08, pp.1-3, 2008.

A. [. Palme and . Hopmann, Shelness : MIME Encapsulation of Aggregate Documents, such as HTML (MHTML), RFC, vol.2557, 1999.

[. Porras, H. Saïdi, and V. Yegneswaran, A foray into conficker's logic and rendezvous points, Proceedings of the 2Nd USENIX Conference on Large-scale Exploits and Emergent Threats : Botnets, Spyware, Worms, and More, LEET'09, pp.7-7, 2009.

[. Rascagnères, Icoscript : using webmail to control mal- ware. https://www.virusbtn.com/virusbulletin/archive, 2014.

L. Moheeb-abu-rajab, N. Ballard, and . Jagpal, Panayiotis Mavrommatis , Daisuke Nojiri, Niels Provos et Ludwig Schmidt : Trends in circumventing web-malware detection, 2011.

[. Rossow, C. Dietrich, and H. Bos, Large-Scale Analysis of Malware Downloaders, Proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIM- VA'12, pp.42-61, 2013.
DOI : 10.1007/978-3-642-37300-8_3

[. Ramachandran and N. Feamster, Understanding the network-level behavior of spammers, ACM SIGCOMM Computer Communication Review, vol.36, issue.4, pp.291-302, 2006.
DOI : 10.1145/1151659.1159947

A. Rafael, G. Rodríguez-gómez, P. Maciá-fernández, and . García-teodoro, Survey and taxonomy of botnet research through lifecycle, ACM Comput. Surv, vol.4545, issue.4, pp.1-4533, 2013.

[. Riley, Science of cybersecurity, developing scientific foundations for the operational cybersecurity ecosystem. Rapport technique, 2015.

A. Kevin, . Roundy, and P. Barton, Miller : Binary-code obfuscations in prevalent packer tools, ACM Comput. Surv, vol.464, issue.1, pp.1-4, 2013.

R. Romera, Discerning relationships : the mexican botnet connection. Rapport technique, Trend Micro, 2010.

[. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li, Peerrush : Mining for unwanted p2p traffic, Proceedings of the 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment , DIMVA'13, pp.62-82, 2013.

J. Roman, B. Radek, V. Radek, and S. Libor, Launching distributed denial of service attacks by network protocol exploitation, Proceedings of the 2Nd International Conference on Applied Informatics and Computing Theory, pp.210-216, 2011.

B. [. Ramachandran and . Sikdar, Dynamics of malware spread in decentralized peer-to-peer networks. Dependable and Secure Computing, IEEE Transactions on, vol.8, issue.4, pp.617-623, 2011.

J. Moheeb-abu-rajab and . Zarfoss, Fabian Monrose et Andreas Terzis : My botnet is bigger than yours (maybe, better than yours) : Why size estimates remain challenging, Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots'07, pp.5-5, 2007.

[. Sandee, Gameover zeus : Backgrounds on the badguys and the backends. Rapport technique, Fox-IT, 2015.

[. Stirparo and L. Beslay, Participatory honeypots : A paradigm shift in the fight against mobile botnets, Proceedings of Botconf 2013 -First edition of the Botnet fighting conference, 2013.

]. F. Scr15 and . Scrinzi, Behavioral analysis of obfuscated code, 2015.

J. Selvi, Covert channels over social networks. http://www.sans. org/reading-room/whitepapers/threats/covert-channels-social- networks-33960, 2012.

[. Soumenkov and S. Golovanov, Tdl-4 top bot. https:// securelist.com/analysis, p.4, 2011.

[. Stone-gross, The lifecycle of peer-to-peer (gameover) zeus. http://www.secureworks.com/cyber-threat-intelligence/threats, 2012.

M. Brett-stone-gross, L. Cova, B. Cavallaro, M. Gilbert, R. Szydlowski et al., Your botnet is my botnet, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pp.635-647, 2009.
DOI : 10.1145/1653662.1653738

B. [. Siaterlis, M. Genge, and . Hohenadel, Epic : A testbed for scientifically rigorous cyber-physical security experimentation. Emerging Topics in Computing, IEEE Transactions on, vol.1, issue.2, pp.319-330, 2013.

[. Shin, G. Gu, N. Reddy, and C. P. , Lee : A large-scale empirical study of conficker. Information Forensics and Security, IEEE Transactions on, vol.7, issue.2, pp.676-690, 2012.

T. Stringhini, B. Holz, C. Stone-gross, G. Kruegel, and . Vigna, Botmagnifier : Locating spambots on the internet, Proceedings of the 20th USENIX Conference on Security, pp.28-28, 2011.

. [. Stalmans, Irwin : A framework for dns based detection and mitigation of malware infections on a network, pp.1-8, 2011.

B. Jerome, Simandle : Indictment of vladimir drinkman, aleksandr kalinin, roman kotov, mikhail rytikov, dimitriy smilianets,. http://www.justice.gov/usao-nj/pr/five-indicted-new-jerseylargest-known-data-breach-conspiracy , juillet 2013 The waledac protocol : The how and why, Malicious and Unwanted Software (MALWARE) 4th International Conference on, pp.69-77, 2009.

A. K. Sood, Exploiting fundamental weaknesses in botnet command and control (c&c) panels, Blackhat, 2014.

S. C. Sérgio, R. M. Silva, R. C. Silva, . Pinto, and M. Ronaldo, Salles : Botnets : A survey, Comput. Netw, vol.57, issue.2, pp.378-403, 2013.

D. J. Sufatrio, . Tan, and L. L. Tong-wei-chua-et-vrizlynn, Thing : Securing android : A survey, taxonomy, and challenges, ACM Comput. Surv, vol.4758, issue.4, pp.1-5845, 2015.

[. Talos, Your files are encrypted with a " windows 10 upgrade, 2015.

[. Tamaña, Backdoor uses evernote as command and control server . http://blog.trendmicro.com/trendlabs-security-intelligence/ backdoor-uses-evernote-as-command-and-control-server, 2013.

M. Tsai, K. Chang, C. Lin, C. Mao, and H. Lee, C&C tracer: Botnet command and control behavior tracing, 2011 IEEE International Conference on Systems, Man, and Cybernetics, pp.1859-1864, 2011.
DOI : 10.1109/ICSMC.2011.6083942

[. Tegeler, X. Fu, G. Vigna, and C. Kruegel, BotFinder, Proceedings of the 8th international conference on Emerging networking experiments and technologies, CoNEXT '12, pp.349-360, 2012.
DOI : 10.1145/2413176.2413217

H. T. , T. Truong, E. Lagerspetz, P. Nurmi, A. J. Oliner et al., The company you keep : Mobile malware infection rates and inexpensive risk indicators, Proceedings of the 23rd International Conference on World Wide Web, pp.39-50, 2014.

. [. Bibliographie, D. M. Thomas, and . Nicol, The koobface botnet and the rise of social malware, Malicious and Unwanted Software (MALWARE) 5th International Conference on, pp.63-70, 2010.

[. Wang, Msrt april 2014 ? ramdo. http://blogs.technet.com/b/ mmpc/archive, 2014.

F. Jean-luc-wybo, C. Fogelman-soulié, and . Gouttas, Impact of social media in security and crisis management: a review, International Journal of Emergency Management, vol.11, issue.2, pp.105-128, 2015.
DOI : 10.1504/IJEM.2015.071045

[. Weigert, M. Hiltunen, and C. Fetzer, Mining large distributed log data in near real time In Managing Large-scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques, pp.1-5, 2011.

[. Wang, S. Sparks, and C. C. Zou, An advanced hybrid peer-topeer botnet, Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots'07, pp.2-2, 2007.

. Xya-+-08-]-yinglian, F. Xie, K. Yu, R. Achan, G. Panigrahy et al., Spamming botnets : Signatures and characteristics, SIG- COMM Comput. Commun. Rev, vol.38, issue.4, pp.171-182, 2008.

J. Yang, X. Liu, and S. Bose, Preventing Cyber-induced Irreversible Physical Damage to Cyber-Physical Systems, Proceedings of the 10th Annual Cyber and Information Security Research Conference on, CISR '15, pp.1-8, 2015.
DOI : 10.1145/2746266.2746274

A. Ting-fang-yen, K. Oprea, T. Onarlioglu, W. Leetham, A. Robertson et al., Beehive : Large-scale log analysis for detecting suspicious activity in enterprise networks, Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC '13, pp.199-208, 2013.

[. Yip, N. Shadbolt, and C. Webber, Why forums?, Proceedings of the 5th Annual ACM Web Science Conference on, WebSci '13, pp.453-462, 2013.
DOI : 10.1145/2464464.2464524

L. Zhuang, J. Dunagan, D. R. Simon, H. J. Wang, and J. D. Tygar, Characterizing botnets from email spam records, Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET'08, pp.1-2, 2008.

Z. Zhang, B. Lu, P. Liao, C. Liu, and X. Cui, A hierarchical hybrid structure for botnet control and command, 2011 IEEE International Conference on Computer Science and Automation Engineering, pp.483-489, 2011.
DOI : 10.1109/CSAE.2011.5953266

D. Zhao, I. Traore, A. Ghorbani, B. Sayed, S. Saad et al., Peer to peer botnet detection based on flow intervals éditeurs : Information Security and Privacy Research, volume 376 de IFIP Advances in Information and Communication Technology, Dimitris Gritzalis, Steven Furnell et Marianthi Theoharidou, pp.87-102