1. Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce at Uni of Hong Kong, Computer Science at A.N.U. http://www.anu.edu.au/people/Roger.Clarke/...... / EC/SecyMq-Malware.ppt LAW 868 – Electronic Commerce and the Law Macquarie University – 14 September 2006

2. Copyright, 1995-2006 2 The Malware Menagerie Agenda Virus Worm Trojan Horse Spyware Bots / Robots / Agents Backdoor / Trapdoor Zombie Exploit Bug Phishing http://www.wikipedia.org/

3. Copyright, 1995-2006 3 Infiltration by Software with a Payload Software (the Vector) Pre-Installed User-Installed Virus Worm... Payload Trojan: Undocumented Documented Spyware: Software Monitor Adware Keystroke Logger...

4. Copyright, 1995-2006 4 Viruses and Worms A Virus is a block of code that inserts copies of itself into other programs. A virus generally carries a payload, which may have nuisance value, or serious consequences. To avoid early detection, viruses may delay the performance of functions other than replication A Worm is a program that propagates copies of itself over networks. It does not infect other programs. Viruses and Worms flourish because of: the naiveté of users inadequate care by some I.S. professionals OS and apps distributed in a culpably insecure state

5. Copyright, 1995-2006 5 Trojan Horses A program that purports to perform a useful function (and may do so) but certainly performs malicious functions e.g. keystroke recorders embedded in utilities

6. Copyright, 1995-2006 6 Spyware Software that surreptitiously: gathers data within a device e.g. about its user, or the uses made of it makes it available to some other party Key applications: keystroke loggers (esp. for passwords) monitoring of user behaviour for consumer marketing purposes (adware) monitoring of uses of copyright works (software, audio, video)

7. Copyright, 1995-2006 7 Bots / Robots / Agents Software that interacts with other software or human users as though it were a human Web crawlers or spiders Re enquiries / requests / incident reports Auto-acknowledgement Auto-response Automated Trading Online Games

8. Copyright, 1995-2006 8 Backdoors / Trapdoors Any planned means whereby a user can surreptitiously gain unauthorised access to an Internet node e.g. a feature of a package intended to enable maintenance programmers to gain access, or a feature added into a program by a virus

9. Copyright, 1995-2006 9 Zombies A common use of Trojan Horses Establishes a large number of processors, scattered around the Internet, that are under central or timed control (hence zombies) These are referred to as a Botnet They can be used to: perform DDoS attacks send Spam

10. Copyright, 1995-2006 10 Exploits An Exploit is an established way of performing an attack on a vulnerability Standard techniques are supported by established guidelines and programming code, which circulate on the Internet Code that enables easy performance of an exploit is expressed in a script Script Kiddies is a derogatory term for relatively unskilled crackers who rely on techniques and program code developed by others

11. Copyright, 1995-2006 11 Bugs Errors in software (systems software esp. MS Windows) or applications (esp. MSIE) They may create vulnerabilities The vulnerabilities may be attacked by crackers This gives rise to the need for urgent patches http://www.microsoft.com/technet/security/current.aspx AusCERT Security Alerts http://national.auscert.org.au/render.html?cid=2998 Commercial Services, e.g. http://secunia.com/advisories/

12. Copyright, 1995-2006 12 Phishing Sending people e-mail messages in order to lure them into divulging sensitive data The data sought is commonly passwords and credit-card details The sender commonly assumes a relatively highly trusted identity e.g. a finl institution The data is commonly keyed into a web-form on a site that purports to be operated by the trusted identity