100 likes | 207 Views
The Ecology of Malware. CPIS 210 John Beckett. Is it Alive?. In a manner of speaking – it can reproduce and spread Not quite – it requires an active, artificial host. Why?. Curiosity “Hacker” used to mean simply someone who was curious enough to make a computer go beyond its design
E N D
The Ecology of Malware CPIS 210 John Beckett
Is it Alive? • In a manner of speaking – it can reproduce and spread • Not quite – it requires an active, artificial host
Why? • Curiosity • “Hacker” used to mean simply someone who was curious enough to make a computer go beyond its design • Fame/notoriety • Profit • Taking servers hostage • Attacking competing malware vendors’ reputations • Warfare
The Epidemiological Dilemma • If a virus is not very vigorous about spreading, it will die off • If a virus does nothing to affect its hosts’ activity, it will not be noticed • If a virus destroys its hosts, it will lose its deployment platform • The “ideal” virus spreads despite the damage it does • Perhaps delays damage until it has spread • Perhaps does all its damage to other devices
The Big Target • Infect an update of a widely-used piece of software, so that the malware is distributed by the vendor • This is why you should be careful where you get downloads from!
Infection Routes • Email • Encrypt the virus, and provide the decryption key in clear-text in the email • Seductive Web sites • Females: social networking, “cute” tools • Males: porn • Legitimate sources • Infect pdf, jpg, whatever…
The Signature Method • Determine a pattern indicating that a virus is present • Publish that in a “signature list” update • Software watches for that pattern • Oops – The malware got to you before the signature • Oops – The signature had a false positive on something good (like Excel.exe)
Hush! • An anti-virus company contains people with a great deal of skill in that field. • It is tempting to create a virus other AV products can’t handle. • Has this happened? • Are we getting trapped into an endless cycle of expense and trouble? • The real answer: “Baked-in” protection. • Microsoft is beginning this with Windows 8 • Recognizing that protection is a vital part of an OS
The Future of Malware(Beckett’s take) • Among elite, increasing focus on high-value targets • People with deep pockets • Military adversaries • Or potential adversaries • Continued phishing threats • “There’s a sucker born every minute” • Compromised accounts sold in bulk like corn or hogs • Increased blurring of lines between malware, annoy-ware, and remote-service back-doors • Creation of “good” viruses • Proprietary software “calling home” to report • Hard to distinguish from malware
Pathological User Behaviors • Trying things without considering the dangers. • Ignoring dangers one doesn’t understand. • Failing to take reasonable steps to protect oneself. • Self-justifying behaviors as being necessary, even after they are discovered to be dangerous. • Using perceived (perhaps illusory) dangers as an excuse not to use new technology. • Even if new tech is safer than old methods Why do I even have to deal with this? I was told this was a really great idea! That’s your problem, not mine