Cyber Crime (CS 795 / ISA 797) Fall 2012

Instructor: Damon McCoy (mccoy(at)
Grader: Shawn Marsh (smarsh3(at)
Time: Tuesday 4:30 pm - 7:10 pm
Room: Robinson Hall B111 [map]
Office Hours: Tuesday 2:00 pm - 4:00 pm also by appointment
Office: 5328 Engineering Building

Course Website:
Course Forum: piazza We will be using piazza for discussions on current security topics, and if you have a question this is the best place to ask it. We will check the page regularly and other students will be able to help as well.

Course Description:

Profit-fueled cybercrime drives a large part of the innovation in the cybercrime landscape. Understanding the underlying economics and associated business practices has the potential to identify new methods to intervene at an economic, policy level that might prove far more ef.cient for countering attacks than purely technical measures. This research seminar will delve into our current understanding of the economics of cyber-crime.


Technical understanding of network protocols at a high level (DNS/HTTP/...) and enthusiasm to learn.


Presentation(s): 20%
Short summary of papers: 20%
Class participation: 20%
Final Project: 40% (You will work in groups of 2-3 on a class project with a writeup/presentation due at the end)

This is a seminar class where we will focus on reading current research in the field of cybercrime. We will cover 3-4 papers a class and students will volunteer to present some of the papers and lead the discussions. A large part of the grade will be based on participation and this will be more of an interactive class with longer discussions.

Lectures (tentative)

The topic and list of readings will be posted below. Here are some example papers that will cover:

week and date Topic and Required Reading
week 1, Aug. 28th Course Overview and Introduction to cyber crime
week 2, Sept. 4th Spam Infrastructure and Presentation Assignments
Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna, The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns, LEET 2011

Chris Kanich, Christian Kreibich, Kiril Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, Stefan Savage, Spamalytics: An Empirical Analysis of Spam Marketing Conversion, CCS 2008

Kiril Levchenko, et al., Click Trajectories: End-to-End Analysis of the Spam Value Chain,S&P 2011
week 3, Sept. 11th Spam Infrastructure and Revenue Measurements
Presenter: Gaurav Singh
Kurt Tomas, et al., Suspended Accounts in Retrospect: An Analysis of Twitter Spam, IMC 2011

Presenter: Chris Everett
Chris Kanich, et al., Show Me the Money: Characterizing Spam-advertised Revenue, Usenix Security 2011

Presenter: Damon McCoy
Damon McCoy, et al., PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs, Usenix Security 2012

Presenter: Andre' Abadie
Brett Stone-Gross, et al., The Underground Economy of Fake Antivirus Software, WEIS 2011

week 4, Sept. 18th Revenue Measurements and Phishing
Ross Anderson, et al., Measuring the Cost of Cybercrime, WEIS 2012

Presenter: Randall Sylvertooth
Cormac Herley, Why do Nigerian Scammers Say They are from Nigeria?

Presenter: Peter Steinmann
Rachna Dhamija, Doug Tygar and Marti Hearst, Why Phishing Works, CHI 2006

Presenter: Jackie Jones
Steve Sheng, et al.,Who Falls for Phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions, CHI 2010
week 5, Sept. 25th Malware
Presenter: Thomas McAfee
Chia Yuan Cho, et al., Insights from the Inside: A View of Botnet Management from Infiltration, LEET 2010

Presenter: Chad Andersen
Brett Stone-Gross, et al., Your Botnet is My Botnet: Analysis of a Botnet Takeover, CCS 2009

Presenter: Alyssa Krauss
Brad Miller, Paul Pearce, Chris Grier, Christian Kreibich, and Vern Paxson, What's Clicking What? Techniques and Innovations of Today's Clickbots, DIMVA 2011

Presenter: Tom Luong
Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson, Measuring Pay-per-Install: The Commoditization of Malware Distribution, Usenix Security 2011
week 6, Oct. 2nd Web Spam
Presenter: Elisabetta Rush
John P John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi , deSEO: Combating Search-Result Poisoning, Usenix Security 2011

Presenter: Kyle Forsyth
David Y. Wang, Stefan Savage, and Geoffrey M. Voelker, Cloak and Dagger: Dynamics of Web Search Cloaking, CCS 2011

Presenter: Faisal Askari
Marti Motoyama, Damon McCoy, Kirill Levchenko, Geoffrey M. Voelker, Stefan Savage, Dirty Jobs: The Role of Freelance Labor in Web Service Abuse, Usenix Security 2011

Presenter: Rich Bajusz
Gang Wang, et al., Serf and Turf: Crowdturfing for Fun and Profit, WWW 2012

week 7, Oct. 9th No Class
week 8, Oct. 16th Underground Forums
Presenter: Robert Tarlecki
Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage, An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, CCS 2007

Presenter: Jordan Hatchell
Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage and Geoffrey M. Voelker, An Analysis of Underground Forums, IMC 2011

Presenter: Miroslav Bartik
Thorsten Holz, Markus Engelberth, Felix Freiling, Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones

Presenter: Joshua Franklin
Chris Kanich, et al., No Plan Survives Contact: Experience with Cybercrime Measurement, CSET 2011
week 9, Oct. 23rd Guest Speaker:Brian Krebs
week 10, Oct. 30th Sandy
week 11, Nov. 6th Legal and Ethics
Presenter: Dennis Bailey
Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, Stefan Savage, Re: CAPTCHAs -- Understanding CAPTCHA Solving from an Economic Context, Usenix Security 2010

Presenter: Will Nguyen
iDefense, Money Mules: Sophisticated Global Cyber Criminal Operations, iDefense White Paper, 2006

Presenter: Gena Thorn
The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research

Presenter: Justin Novak
Majid Yar, The Novelty of 'Cybercrime': An Assessment in Light of Routine Activity Theory, European Journal of Criminology, vol. 2, no. 4, pages 407-427, 2005
week 12, Nov. 13th Politics and E-Crime
Presenter: Ahmad Qushmaq
Kurt Thomas, Chris Grier, and Vern Paxson, Adapting Social Spam Infrastructure for Political Censorship, LEET 2012

Presenter: Franklin Cui
Stuxnet (Stuxnet Under the Microscope, Bruce Schneier on Stuxnet)

Presenter: Matthew Jablonski
Flame(sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks, Budapest University of Technology and Economics, Meet Flame, The Massive Spy Malware Infiltrating Iranian Computers, Wired

Presenter: Shiva Ghaemi
Hong Lu, Et al., A Comparative Analysis of Cybercrimes and Governmental Law Enforcement in China and the United States,Asian Journal of Criminology, vol. 5, no. 2, pages 123-135, 2010
week 13, Nov. 20th Fraud
Presenter: Alex Mbaziira
Chris Grier+16, Manufacturing Compromise: The Emergence of Exploit-as-a-Service, CCS 2012

Presenter: Maureen Guild
Tyler Moore, Jie Han and Richard Clayton, The Postmodern Ponzi Scheme: Empirical Analysis of High-Yield Investment Programs, FC 2012

Presenter: Ahmed S Ahmed
Yi-Min Wang, et al., Spam Double-Funnel: Connecting Web Spammers with Advertisers, WWW 2007

Presenter: Atul Darooka
Grant Jordan, Stealing Profits from Stock Market Spammers, DefCon 2009

week 14, Nov. 27th Effectiveness of Interventions
Presenter: Hamza Sirag
Jart Armin, et al., Tracking the Russian Business Network (RBN), 2007

Presenter: Jon Shutt
Kim Zetter, I Was a Cybercrook for the FBI, 2007

Presenter: Mohammad Karami
He Liu, et al., On the Effects of Registrar-level Intervention, LEET 2011

Presenter: Nihant
Mineshafts on Treasure Island: A Relief Map of the eBay Fraud Landscape

week 15, Dec. 4th Final Project Presentations
week 16, Dec. 11th Final Paper due at 10pm

Honor Code:

Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code

Disability Statement:

If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS.
2) Talk with me to discuss your accommodation needs.

Other Usefull Resources:

Writing Center: A114 Robinson Hall; (703) 993-1200;
University Libraries: .Ask a Librarian.
Counseling and Phychological Services (CAPS): (703) 993-2380;
University Policies: The University Catalog,, is the central resource for university policies affecting student, faculty, and staff conduct in university affairs.