The Malware Menagerie

Roger Clarke, Xamax Consultancy, Canberra
Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce at Uni of Hong Kong, Computer Science at A.N.U. http://www.anu.edu.au/people/Roger.Clarke/ ... ... / EC/SecyMq-Malware.ppt

LAW 868 ± Electronic Commerce and the Law Macquarie University ± 14 September 2006
Copyright, 1995-2006 1

The Malware Menagerie Agenda
‡ ‡ ‡ ‡ ‡

Virus Worm Trojan Horse Spyware Bots / Robots / Agents

‡ ‡ ‡ ‡ ‡

Backdoor / Trapdoor Zombie Exploit Bug Phishing

Copyright, 1995-2006

http://www.wikipedia.org/<term>

2

Infiltration by Software with a Payload
Software (the µVector¶) ‡ Pre-Installed ‡ User-Installed ‡ Virus ‡ Worm ‡ ... Payload ‡ Trojan: ‡ Undocumented ‡ Documented ‡ Spyware: ‡ Software Monitor ‡ Adware ‡ Keystroke Logger ‡ ...

Copyright, 1995-2006

3

Viruses and Worms
‡

‡

‡

A Virus is a block of code that inserts copies of itself into other programs. A virus generally carries a payload, which may have nuisance value, or serious consequences. To avoid early detection, viruses may delay the performance of functions other than replication A Worm is a program that propagates copies of itself over networks. It does not infect other programs. Viruses and Worms flourish because of: ‡ the naiveté of users ‡ inadequate care by some I.S. professionals ‡ OS and apps distributed in a culpably insecure state
Copyright, 1995-2006 4

Trojan Horses
A program that purports to perform a useful function (and may do so) but certainly performs malicious functions e.g. keystroke recorders embedded in utilities

Copyright, 1995-2006

5

Spyware
‡

‡

Software that surreptitiously: ‡ gathers data within a device e.g. about its user, or the uses made of it ‡ makes it available to some other party Key applications: ‡ keystroke loggers (esp. for passwords) ‡ monitoring of user behaviour for consumer marketing purposes (µadware¶) ‡ monitoring of uses of copyright works (software, audio, video)
6

Copyright, 1995-2006

Bots / Robots / Agents
‡

Software that interacts with other software or human users as though it were a human ‡ Web crawlers or spiders ‡ Re enquiries / requests / incident reports ‡ Auto-acknowledgement ‡ Auto-response ‡ Automated Trading ‡ Online Games

Copyright, 1995-2006

7

Backdoors / Trapdoors
Any planned means whereby a user can surreptitiously gain unauthorised access to an Internet node e.g. a feature of a package intended to enable maintenance programmers to gain access, or a feature added into a program by a virus

Copyright, 1995-2006

8

µZombies¶
‡ ‡

‡ ‡

A common use of Trojan Horses Establishes a large number of processors, scattered around the Internet, that are under central or timed control (hence µzombies¶) These are referred to as a Botnet They can be used to: ‡ perform DDoS attacks ‡ send Spam

Copyright, 1995-2006

9

Exploits
‡

‡

‡

‡

An Exploit is an established way of performing an attack on a vulnerability Standard techniques are supported by established guidelines and programming code, which circulate on the Internet Code that enables easy performance of an exploit is expressed in a script µScript Kiddies¶ is a derogatory term for relatively unskilled crackers who rely on techniques and program code developed by others
10

Copyright, 1995-2006

Bugs
‡

‡ ‡ ‡

Errors in software (systems software esp. MS Windows) or applications (esp. MSIE) They may create vulnerabilities The vulnerabilities may be attacked by crackers This gives rise to the need for urgent patches
http://www.microsoft.com/technet/security/current.aspx AusCERT Security Alerts http://national.auscert.org.au/render.html?cid=2998 Commercial Services, e.g. http://secunia.com/advisories/

Copyright, 1995-2006

11

Phishing
‡

‡

‡

‡

Sending people e-mail messages in order to lure them into divulging sensitive data The data sought is commonly passwords and credit-card details The sender commonly assumes a relatively highly trusted identity e.g. a fin¶l institution The data is commonly keyed into a web-form on a site that purports to be operated by the trusted identity

Copyright, 1995-2006

12

Sign up to vote on this title
UsefulNot useful