Presentation on theme: "A Case Study on Malware By: Jill Lehman Tracy Clegg Clayton Nichols Nattapon Nattigon Robert Loggins."— Presentation transcript:
A Case Study on Malware By: Jill Lehman Tracy Clegg Clayton Nichols Nattapon Nattigon Robert Loggins
Malware - Defined Short for “malicious software.” Designed to infiltrate a system without owner’s consent. General term that defines a variety of hostile, intrusive, or annoying program code. Creator’s perceived intent defines software as malware. Pop-Up Example
Malware - Origins A 2008 report released by Symantec suggested: Releases of malicious code may be exceeding rates of legitimate software applications. Primarily released through the Internet. Email Web sites Shaoxing, China was named the malware capital of the world by Symantec in 2010.
Malware - Nature Early malware, including worms & viruses were written as pranks. Today, most malware possesses intent to destroy systems including: Files Web pages Estimated that about 1 in 10 web pages contain malicious code.
Malware – Nature (cont.) Many others create “zombie computers” that aid in advertising for profit motive. Tells infected computers to send spam email. Spyware is a form of malware. It monitor’s web browsing & displays unsolicited advertisements. Do not spread like viruses. Simply exploit security holes
Cybercrime Laws – U.S. Basis of laws against malware include: Hacking Copyright Infringement Child Porn Privacy Fraud Destruction of property (Denial-of-Service attacks) Harassment Identity theft
Cybercrime Laws – U.S. The basis for cybercrime laws is large in scope. As endless as non-cyber crime laws. U.S. laws continually get passed at the state & Federal levels of government. Protect users of the web. Civil and criminal means of prosecution Example: http://www.informationweek.com/news/security/cyber crime/showArticle.jhtml?articleID=210602182
Cybercrime Laws – U.S. US cybercrime laws are catching up. Some that help to combat malware are not as archaic. However, there are still hurdles when the courts are out touch with reality. Example: Virginia anti-spam law struck down by the state’s Supreme Court o Said it violated 1 st Amendment right to freedom of speech. o http://www.cybercrimelaw.org/2008/09/12/virginia- supreme-court-strikes-down-states-anti-spam-law/
Cybercrime Laws - World Technology is constantly changing. Creates concern that at any given time, cybercrime legislation falls out of date. Large amounts of malware originate in foreign countries. Extradition laws not always up-to-date. New treaties help to combat problems. http://www.arnnet.com.au/article/345145/efa_cyber crime_treaty_will_trigger_tougher_laws/
Example Case Study: “Google Claims Vietnam Malware Attack” Google said malicious software has been used to spy on Vietnamese computers The malware targeted tens of thousands of people. The malware has been used to attack blogs containing messages of political dissent.
Issues enabling this Behavior Security Issues The prevalence of broadband internet has allowed for a wave of malware solely intended to reap benefits. Downloading programs & sharing software has created opportunities for malware
Security Issues Continued Use of a standard password for access control can create vulnerabilities A large percentage of users do not change their passwords from that established by the manufacturer causing the passwords to be easily obtainable Public access points, such as airports & coffee shops, offer little or no security.
Malware Penalties in General Penalties are depend on the level of severity of the attack. In some cases, credit & debit card data is stolen; this level of mayhem constitutes malware fraud felony, which can lead the perpetrators to serve numerous years in prison as well as pay enormous fines. Eg. Steal data such as credit card inf., login to banks and passwords, etc. If a site has links to malware sites, then the link is removed from their name in the SERPs (search engine results pages). This feature is designed so that the site owners become aware of the malware issue.
What is a Google penalty? Google Penalty Types There are various penalty types that have been found as follows; I.The “Minus Thirty” Penalty II.The “950 Penalty” III.The Position 6 Penalty Drop in rankings to the end of the listings for that keyword A Google penalty is a punishment Google gives to sites they feel do not meet certain quality standards. This can spell disaster for companies who run their business through their web sites. Above google penalties can be fixed by following google’s webmaster guidelines.
How these penalties related to this case? Very difficult to identify the criminals who spy on Vietnamese’s websites as the other side are Chinese government. Using Malware for damaging purposes: To attack blogs containing messages of political dissent. (Invasion of Privacy) Vietnam is lack of laws & investigators with the requisite experience or even the equipment to collect evidence to fight cyber crime which include malware through google.
The U.S. Penalties on Cyber Crime Compromising Confidentiality: 18 U.S.C. § 1030(a)(2)(c) Intentionally access a computer without or in excess of authorization Penalties: Violations of section 1030(a)(2) are misdemeanors punishable by a fine or a one-year prison term, unless aggravating factors apply. A violation or attempted violation of section 1030(a)(2) is a felony if: committed for commercial advantage or private financial gain, committed in furtherance of any criminal or tortuous act in violation of the Constitution or laws of the United States or of any State, or the value of the information obtained exceeds $5,000.
Conclusion about the Penalties Historical Data: Computer crime cost Vietnam US$1.76 billion in 2008 Vietnam should have security systems& computer crime laws as fast as possible by using the U.S. laws as a benchmarking. With penalties, cyber crime might be reduce. Better Economic Situation as investors will have more confidence to invest in Vietnam bec less cyber crime issues. Source:http://www.straitstimes.com/Breaking%2BNews/SE%2BAsia/Story/STIStory_354440.html
Effects on Management Must be aware at all times of potential attacks. Must make employees aware of the dangers of malware. Must take preventive measures against malware attacks. Must be aware of the legal & reporting measures to stop the spread of malware.