1 / 21

Chapter 2 Definitions and Timeline

Chapter 2 Definitions and Timeline. Categorizing Malware. No agreed upon definitions Even for “virus” and “worm” Consider categories based on… Self-replicating Population growth Parasitic Then we name the different types As defined by Aycock. Self-replicating Malware.

olinda
Download Presentation

Chapter 2 Definitions and Timeline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 2Definitions and Timeline

  2. Categorizing Malware • No agreed upon definitions • Even for “virus” and “worm” • Consider categories based on… • Self-replicating • Population growth • Parasitic • Then we name the different types • As defined by Aycock

  3. Self-replicating Malware • Self-replicating malware • Actively attempts to propagate by creating new copies • May also propagate passively • But this isn't self-replication • We called these “worms”

  4. Population Growth • Population growth • Describes change in the number of instances due to self-replication • Malware that doesn't self-replicate will have a zero population growth • But malware with a zero population growth may self-replicate

  5. Parasitic • Parasitic malware • Requires some other executable code • "Executable” taken very broadly • Boot block code on a disk • Binary code in applications • Application scripting languages • Source code that may require compilation before executing, etc.

  6. Types of Malware • Logic Bomb • Trojan • Back Door • Virus • Worm • Rabbit • Spyware/Adware • Other

  7. Logic Bomb • Self-replicating: no • Population growth: 0 • Parasitic: possibly • Consists of 2 parts • Payload --- action to be performed • Trigger --- event to execute payload • Donald Gene Burleson case (CS 265)

  8. Trojan Horse • Self-replicating: no • Population growth: 0 • Parasitic: yes • Name comes from ancient world • Pretends to be innocent, but it’s not • Example: fake login prompt that steals passwords

  9. Back Door • Self-replicating: no • Population growth: 0 • Parasitic: possibly • Bypasses normal security checks • So enables unauthorized access • Example: Remote Administration Tool, or RAT

  10. Virus • Self-replicating: yes • Population growth: positive • Parasitic: yes • When executed, tries to replicate itself into other executable code • So, it relies in some way on other code • Does not propagate via a network • Nice virus history given by Aycock

  11. Worm • Self-replicating: yes • Population growth: positive • Parasitic: no • Like a virus, except… • Spreads over network • Worm is standalone, does not rely on other code • Good history in Aycock’s book

  12. Rabbit • Self-replicating: yes • Population growth: 0 • Parasitic: no • Two kinds of rabbits • One uses up system resources • One uses up network resources (special case of a worm)

  13. Spyware • Self-replicating: no • Population growth: 0 • Parasitic: no • Collects info and sends it to someone • Username/password, bank info, credit card info, software license info, etc. • First mention is about 1995 • May arrive via “drive-by download”

  14. Adware • Self-replicating: no • Population growth: 0 • Parasitic: no • Similar to spyware but focused on marketing

  15. Hybrids, Droppers, etc. • Hybrid is combination of different types of malware • Worm that is a rabbit, trojan that acts like a virus, etc., etc. • Dropper is malware that deposits other malware • Worm might leave behind a back door…

  16. Zombies • Compromised machines that can be used by an attacker • Spam • Denial of service (DoS) • Distributed denial of service (DDoS) • Today, usually part of a botnet

  17. Naming • No agreed on naming convention • Virus writer might suggest a name • “Your PC is now stoned!” • Different vendors might use different names • Different variants might get different names, etc.

  18. Naming • Factors related to naming • Malware type • Family name • Variant • Modifiers (e.g., “mm” for “mass mailer”) • But many different names applied to same virus (or family) • See book for examples

  19. Authorship • Author and distributor may differ • Is malware author a “hacker” or “cracker”? • It depends on malware and definitions… • So, Aycock does not use terms like hacker or cracker • Instead, boring terms like malware author, malware writer, virus writer, etc.

  20. Malware Writers • Botnet hacker caught in Slovenia (2010) • Japanese Virus Writer Arrested for the Second Time (2010) • "I wanted to see how much my computer programming skills had improved since the last time I was arrested." • Teen Arrested in Blaster Case (2003) • No 'sorry' from Love Bug author (2005)

  21. Timeline

More Related