1 / 20

Chapter 9 Applications

Chapter 9 Applications. Benevolent Malware. Benevolent malware? “Obviously a contradiction in terms” Malware characteristics, but tries to do “good” Den Zuk --- 1988, removed Brain virus Later versions would reformat disk… Cheese --- 2001, remove li0n worm

natan
Download Presentation

Chapter 9 Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 9Applications

  2. Benevolent Malware • Benevolent malware? • “Obviously a contradiction in terms” • Malware characteristics, buttries to do“good” • Den Zuk --- 1988, removed Brain virus • Later versions would reformat disk… • Cheese --- 2001, remove li0n worm • Created lots of network traffic • Welchia --- 2003, patched problem that Blaster exploited (used official MS patch) • Lots of traffic, cure worse than disease

  3. Predator Worms • Like Cheese and Welchia • Destroy malware and/or immunize • Trying to do good, but it’s still illegal • Previous “predators” caused problems • Might be OK on local network • But how to prevent spread to Internet? • Other technical problems • Control, bandwidth use, monitoring, etc.

  4. Benevolent Malware • No “killer app” for benevolent malware • Everything can be done by more controlled means • Many unresolved issues… • Legal issues • Ethical issues • Technical issues • Mobile agents --- a niche application?

  5. Mobile Agents • Program transfers itself over network • It does things on behalf of a user • For example, propagate to various airline sites in search of best airfare • Questions about mobile agent security • Has a lot in common with malware • A “solution in search of a problem”? • Mobile agents have some advantages, but what they do can be done by other means

  6. Mobile Agents • Previous master’s project • Platform for Privacy Preferences Project (P3P) • Privacy policies that websites follow • Student developed an “agent-based privacy enhancing model” • Used agents to analyze P3P preferences • Essentially, a reputation system • Research papers are here and here

  7. Spam • Infection may be “means to an end” • For example, DDoS attacks or • May use zombies/bots for spam • Harvest your email address • Customized spam so that it looks like it came from you , and so on • Aycock has lots of interest in spam • Spam simulator: Spamulator

  8. Access-for-Sale Worms • “Scalable, targeted intrusion” • Compromise machine, install back door • Access to the back door is for sale • Might, for example, use key for access • Can’t allow unauthorized access • So, patch flaws once access obtained • Good for ID theft, blackmail, etc. • Like a botnet, but single machine(s)

  9. Access-for-Sale Worms • Two “business models” • Organized crime • Attacker and cyberthieves work together • Defenses? • Disorganized crime • Attacker sells access to cyberthieves • How to advertise? • Defenses?

  10. Access-for-Sale Worms • Organized crime

  11. Access-for-Sale Worms • Disorganized crime

  12. Access-for-Sale Worms • Good idea to use public key crypto • That is, worm carries public key, and… • Private key used to access back door • What is the advantage of public key crypto over symmetric key crypto?

  13. Cryptovirology • Use malware for extortion • Example: virus encrypts valuable data • Victim must pay to get decryption key • Again, public key crypto is best here • Note that data encrypted with symmetric key, and symmetric key is encrypted with a public key (we call this “hybrid crypto” in CS 265) • Password-protected may be good enough

  14. Cryptovirology • Examples • AIDS Trojan --- 1989 • Floppy disk, sent by mail, with “curious software license” • Encrypted files if user didn’t pay • PGPCoder Trojan (Gpcode, 2006) • Encrypted files having various extensions • Cost $200 to buy decryptor

  15. Information Warfare • Use computers to supplement (or supplant?) conventional warfare • Acquire info from adversary’s computers • Plant false info, corrupt data, denial of service, etc. • Laws and such are not clear • Of limited use if communication infrastructure is damaged…

  16. Information Warfare • Electronic countermeasures (ECM) • Deny enemy use of electronic technology • For example, radar jamming • Information warfare analog of ECM? • Denial of service • Comparison with traditional ECM?

  17. Information Warfare • ECM vsDoS • Persistence --- jamming usually temporary, malware can last longer • Targeting --- ECM uses direct targeting, malware could be direct or indirect • Deception --- possible in both cases • Range of effects --- limited in ECM, much broader with malware (logic bomb, DoS, precision attack, intelligence gathering, forced quarantine, …)

  18. Information Warfare • ECM vsDoS • Reliability --- ECM may be more difficult to test, so reliability is less certain • Continuity --- ECM subject to “ECCM”, while malware only has to succeed once and can attack weakest link • Indirect ways to insert malware? • Software vendors, dormant in systems, deliberately leak infected systems, etc.

  19. Cyberterrorism • Difficult to define? • Create fear, not just irritate users • Inability to use facebook does not strike fear of death into (most) users • So cyberterrorist must somehow create tangible results in real world • Nuclear power plants, utility grid, … ???

  20. Cyberterrorism • Similar uses as info warfare • That is, supplement to real attacks • For example, attack communication infrastructure during physical attack to delay response, cause confusion, etc. • Disinformation before and during attack • Other?

More Related