Upload
olinda
View
28
Download
1
Embed Size (px)
DESCRIPTION
Chapter 2 Definitions and Timeline. Categorizing Malware. No agreed upon definitions Even for “virus” and “worm” Consider categories based on… Self-replicating Population growth Parasitic Then we name the different types As defined by Aycock. Self-replicating Malware. - PowerPoint PPT Presentation
Citation preview
Chapter 2
Definitions and Timeline
Categorizing Malware No agreed upon definitions
o Even for “virus” and “worm” Consider categories based on…
o Self-replicatingo Population growtho Parasitic
Then we name the different typeso As defined by Aycock
Self-replicating Malware Self-replicating malware Actively attempts to propagate by
creating new copies May also propagate passively
o But this isn't self-replication Called these “worms” (in CS 265)
Population Growth Population growth Describes change in the number of
instances due to self-replication Malware that doesn't self-replicate
will have a zero population growth o But malware with a zero population
growth may self-replicate
Parasitic Parasitic malware Requires some other executable
code "Executable” taken very broadly
o Boot block code on a disko Binary code in applicationso Application scripting languageso Source code that may require
compilation before executing, etc.
Types of Malware Logic Bomb Trojan Back Door Virus Worm Rabbit Spyware/Adware Other
Logic Bomb Self-replicating: no Population growth: 0 Parasitic: possibly Consists of 2 parts
o Payload --- action to be performedo Trigger --- event to execute payload
Donald Gene Burleson case (CS 265)
Trojan Horse Self-replicating: no Population growth: 0 Parasitic: yes Name comes from ancient world
o Pretends to be innocent, but it’s not Example: fake login prompt that
steals passwords
Back Door Self-replicating: no Population growth: 0 Parasitic: possibly Bypasses normal security checks
o So enables unauthorized access Example: Remote Administration
Tool, or RAT
Virus Self-replicating: yes Population growth: positive Parasitic: yes When executed, tries to replicate
itself into other executable codeo So, it relies in some way on other
code Does not propagate via a network Nice virus history given by Aycock
Worm Self-replicating: yes Population growth: positive Parasitic: no Like a virus, except…
o Spreads over networko Worm is standalone, does not rely on
other code Good history in Aycock’s book
Rabbit Self-replicating: yes Population growth: 0 Parasitic: no Two kinds of rabbits
o One uses up system resourceso One uses up network resources
(special case of a worm)
Spyware Self-replicating: no Population growth: 0 Parasitic: no Collects info and sends it to
someoneo Username/password, bank info, credit
card info, software license info, etc. First mention is about 1995 May arrive via “drive-by download”
Adware Self-replicating: no Population growth: 0 Parasitic: no Similar to spyware but focused on
marketing
Hybrids, Droppers, etc. Hybrid is combination of different
types of malwareo Worm that is a rabbit, trojan that acts
like a virus, etc., etc. Dropper is malware that deposits
other malwareo For example, a worm might leave
behind a back door…
Zombies Compromised machines that can
be used by an attackero Spamo Denial of service (DoS)o Distributed denial of service (DDoS)
Today, usually part of a botnet
Naming No agreed on naming convention Virus writer might suggest a name
o “Your PC is now stoned!” Different vendors might use
different names Different variants might get
different names, etc.
Naming Factors related to naming
o Malware typeo Family nameo Varianto Modifiers (e.g., “mm” for “mass
mailer”) But many different names applied
to same virus (or family)o See book for examples
Authorship Author and distributor may differ Is malware author a “hacker” or
“cracker”?o It depends on your definitions…
So, Aycock does not use terms like hacker or crackero Instead, uses boring terms like
malware author, malware writer, virus writer, etc.
Malware Writers Botnet hacker caught in Slovenia
(2010) Japanese Virus Writer Arrested for th
e Second Time (2010)o "I wanted to see how much my
computer programming skills had improved since the last time I was arrested."
Teen Arrested in Blaster Case (2003) No 'sorry' from Love Bug author
(2005)
Timeline