Chapter 10 people and communities
1 / 15

Chapter 10 People and Communities - PowerPoint PPT Presentation

  • Uploaded on

Chapter 10 People and Communities. Malware Authors. “... [virus writers] have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes.” --- Jan Hruska , Sophos Little is known about malware writers Why?. Malware Authors: Who?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Chapter 10 People and Communities' - paiva

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 10 people and communities
Chapter 10People and Communities

Malware authors
Malware Authors

  • “... [virus writers] have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes.” --- Jan Hruska, Sophos

  • Little is known about malware writers

    • Why?

Malware authors who
Malware Authors: Who?

  • Stereotype: 16 year old male living in his parents’ basement in Norway

  • Also college students, professionals,…

    • “gender differences in moral development may partially explain the lack of females”

    • Many virus writers “grow out of it”

  • Among malware writers

    • General distaste for destructive code

Malware authors who1
Malware Authors: Who?

  • Technical skill of virus writers?

    • AV community think little of virus writers skills

    • Skill level has probably improved since book written

    • Why?

Malware authors why
Malware Authors: Why?

  • Many possible reasons

  • Fascination with technology --- create software to outwit AV people (game)

  • Fame --- among malware writers

  • Graffiti --- “form of expression”

  • Revenge --- disgruntled employee, etc.

  • Ideology --- hard to assess, but perhaps Code Red is an example

Malware authors why1
Malware Authors: Why?

  • Commercial sabotage --- e.g., attack to reduce company’s stock price

  • Extortion --- e.g., cryptovirology

  • Warfare and espionage --- info warfare, cyberterrorism

  • Malware battles --- for example, Mydoom/Netsky/Bagle in 2004

    • 60 variants in 3 months, “attacked” each other

  • Commercial gain --- writers paid for their work, e.g., botnets for spam

Malware authors why2
Malware Authors: Why?

  • Authorsays graffitiangle“interesting … deserves further research”

    • What do you think?

  • Virus writing as a glorified prank?

    • Maybe true in the past

    • Probably not so much today

    • Now there is more of a profit motive

Av community
AV Community

  • Like virus writers, not a lot written about AV people either

  • Seems to me…

    • They’re just ordinary geeks

    • Like everybody else you know


  • Conspiracy theory

    • AV people write/plant malware

  • No evidence to support this and…

  • …lots of evidence to contrary

    • Effort spent on “unknown” malware

    • Way more malware than “necessary”, etc.

  • AV people do need to keep up

    • Research, study VX sites, etc.

Another day in paradise
Another Day in Paradise

  • AV workday is long

    • “80 hour work week is not uncommon”

    • Sounds like Silicon Valley to me…

  • AV company maintains

    • Databases of malware and goodware

  • Suspicious file arrives from honeypot, customer, or other source

    • File first compared to both databases

    • If not in either, analyze it

Another day in paradise1
Another Day in Paradise

  • If file is malware…

    • Update signatures, AV software, databases

    • Distribute updates

  • AV employee workday is long

  • AV company workday is endless

    • Around-the-clock coverage

    • Offices in different time zones, continuous threat monitoring, etc., etc.

Customer demands
Customer Demands

  • What do customers want?

    • 100% detection with no false positives

  • What to detect? Malware and what?

  • Gray area detection --- “delicate issue”

    • Jokes and games

    • Cracking tools

    • Adware/Spyware

    • Remote administration tools (RATs)

  • Legal concerns wrt false positives


  • Malware can be classified as:

    • In the wild --- active in real world

    • In the zoo --- not active

  • WildList Organization

  • Much easier to only detect malware that is “in the wild”, i.e., active

    • Orders of magnitude less malware

    • So, is this a good idea for AV company?

Open questions
Open Questions

  • Should AV software also:

    • Provide a firewall?

    • Provide content filtering?

    • Perform spam detection?

    • Apply software patches?

    • Other?

Open questions1
Open Questions

  • AV people reverse engineer software

    • Is this legal?

  • Users may look at quarantined files

    • Could this violate privacy laws?

    • What about false positives?

  • AV software is almost universally used

    • So, if you don’t use it, could you be held legally negligent?