1 / 15

Chapter 10 People and Communities

Chapter 10 People and Communities. Malware Authors. “... [virus writers] have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes.” --- Jan Hruska , Sophos Little is known about malware writers Why?. Malware Authors: Who?.

paiva
Download Presentation

Chapter 10 People and Communities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 10People and Communities

  2. Malware Authors • “... [virus writers] have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes.” --- Jan Hruska, Sophos • Little is known about malware writers • Why?

  3. Malware Authors: Who? • Stereotype: 16 year old male living in his parents’ basement in Norway • Also college students, professionals,… • “gender differences in moral development may partially explain the lack of females” • Many virus writers “grow out of it” • Among malware writers • General distaste for destructive code

  4. Malware Authors: Who? • Technical skill of virus writers? • AV community think little of virus writers skills • Skill level has probably improved since book written • Why?

  5. Malware Authors: Why? • Many possible reasons • Fascination with technology --- create software to outwit AV people (game) • Fame --- among malware writers • Graffiti --- “form of expression” • Revenge --- disgruntled employee, etc. • Ideology --- hard to assess, but perhaps Code Red is an example

  6. Malware Authors: Why? • Commercial sabotage --- e.g., attack to reduce company’s stock price • Extortion --- e.g., cryptovirology • Warfare and espionage --- info warfare, cyberterrorism • Malware battles --- for example, Mydoom/Netsky/Bagle in 2004 • 60 variants in 3 months, “attacked” each other • Commercial gain --- writers paid for their work, e.g., botnets for spam

  7. Malware Authors: Why? • Authorsays graffitiangle“interesting … deserves further research” • What do you think? • Virus writing as a glorified prank? • Maybe true in the past • Probably not so much today • Now there is more of a profit motive

  8. AV Community • Like virus writers, not a lot written about AV people either • Seems to me… • They’re just ordinary geeks • Like everybody else you know

  9. Perceptions • Conspiracy theory • AV people write/plant malware • No evidence to support this and… • …lots of evidence to contrary • Effort spent on “unknown” malware • Way more malware than “necessary”, etc. • AV people do need to keep up • Research, study VX sites, etc.

  10. Another Day in Paradise • AV workday is long • “80 hour work week is not uncommon” • Sounds like Silicon Valley to me… • AV company maintains • Databases of malware and goodware • Suspicious file arrives from honeypot, customer, or other source • File first compared to both databases • If not in either, analyze it

  11. Another Day in Paradise • If file is malware… • Update signatures, AV software, databases • Distribute updates • AV employee workday is long • AV company workday is endless • Around-the-clock coverage • Offices in different time zones, continuous threat monitoring, etc., etc.

  12. Customer Demands • What do customers want? • 100% detection with no false positives • What to detect? Malware and what? • Gray area detection --- “delicate issue” • Jokes and games • Cracking tools • Adware/Spyware • Remote administration tools (RATs) • Legal concerns wrt false positives

  13. Engineering • Malware can be classified as: • In the wild --- active in real world • In the zoo --- not active • WildList Organization • Much easier to only detect malware that is “in the wild”, i.e., active • Orders of magnitude less malware • So, is this a good idea for AV company?

  14. Open Questions • Should AV software also: • Provide a firewall? • Provide content filtering? • Perform spam detection? • Apply software patches? • Other?

  15. Open Questions • AV people reverse engineer software • Is this legal? • Users may look at quarantined files • Could this violate privacy laws? • What about false positives? • AV software is almost universally used • So, if you don’t use it, could you be held legally negligent?

More Related