The ecology of malware
1 / 10

The Ecology of Malware - PowerPoint PPT Presentation

  • Uploaded on

The Ecology of Malware. CPIS 210 John Beckett. Is it Alive?. In a manner of speaking – it can reproduce and spread Not quite – it requires an active, artificial host. Why?. Curiosity “Hacker” used to mean simply someone who was curious enough to make a computer go beyond its design

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' The Ecology of Malware' - ossie

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The ecology of malware

The Ecology of Malware

CPIS 210

John Beckett

Is it alive
Is it Alive?

  • In a manner of speaking – it can reproduce and spread

  • Not quite – it requires an active, artificial host


  • Curiosity

    • “Hacker” used to mean simply someone who was curious enough to make a computer go beyond its design

  • Fame/notoriety

  • Profit

    • Taking servers hostage

    • Attacking competing malware vendors’ reputations

  • Warfare

The epidemiological dilemma
The Epidemiological Dilemma

  • If a virus is not very vigorous about spreading, it will die off

  • If a virus does nothing to affect its hosts’ activity, it will not be noticed

  • If a virus destroys its hosts, it will lose its deployment platform

  • The “ideal” virus spreads despite the damage it does

    • Perhaps delays damage until it has spread

    • Perhaps does all its damage to other devices

The big target
The Big Target

  • Infect an update of a widely-used piece of software, so that the malware is distributed by the vendor

  • This is why you should be careful where you get downloads from!

Infection routes
Infection Routes

  • Email

    • Encrypt the virus, and provide the decryption key in clear-text in the email

  • Seductive Web sites

    • Females: social networking, “cute” tools

    • Males: porn

  • Legitimate sources

    • Infect pdf, jpg, whatever…

The signature method
The Signature Method

  • Determine a pattern indicating that a virus is present

  • Publish that in a “signature list” update

  • Software watches for that pattern

  • Oops – The malware got to you before the signature

  • Oops – The signature had a false positive on something good (like Excel.exe)


  • An anti-virus company contains people with a great deal of skill in that field.

  • It is tempting to create a virus other AV products can’t handle.

  • Has this happened?

    • Are we getting trapped into an endless cycle of expense and trouble?

  • The real answer: “Baked-in” protection.

    • Microsoft is beginning this with Windows 8

    • Recognizing that protection is a vital part of an OS

The future of malware beckett s take
The Future of Malware(Beckett’s take)

  • Among elite, increasing focus on high-value targets

    • People with deep pockets

    • Military adversaries

      • Or potential adversaries

  • Continued phishing threats

    • “There’s a sucker born every minute”

    • Compromised accounts sold in bulk like corn or hogs

  • Increased blurring of lines between malware, annoy-ware, and remote-service back-doors

  • Creation of “good” viruses

  • Proprietary software “calling home” to report

    • Hard to distinguish from malware

Pathological user behaviors
Pathological User Behaviors

  • Trying things without considering the dangers.

  • Ignoring dangers one doesn’t understand.

  • Failing to take reasonable steps to protect oneself.

  • Self-justifying behaviors as being necessary, even after they are discovered to be dangerous.

  • Using perceived (perhaps illusory) dangers as an excuse not to use new technology.

    • Even if new tech is safer than old methods

Why do I even have to deal with this?

I was told this was a really great idea!

That’s your problem, not mine