Chapter 1 We’ve Got Problems…
Four Horsemen … of the electronic apocalypse Spam --- unsolicited bulk o Over 70% of traffic Bugs --- software flaws DoS --- denial of service Malware --- malicious software o The “real war” is waged with malware
Why Study Malware? Deepest connections to other three o Propagated using spam o Used to send spam o Take advantage of bugs o Used to mount DoS attacks Addressing malware vital to improving computer security Computer security vital to protecting critical infrastructure
Myth of Absolute Security The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems. — Bruce Schneier
Risk Management Risk others pose to you: 6 factors 1. Importance of the information 2. Impact if the security is breached 3. Who is the potential attacker 4. Attacker’s skills and resources 5. Constraints imposed by legitimate use 6. Resources available for security Also, risk you pose to others…
Cost of Malware Difficult to assess “Real costs” and “hidden costs”? o We’ll say direct costs and indirect costs Direct costs --- computer is down, resources devoted to security, etc. Indirect costs --- reputation, leaked information, etc. Also costs to individuals
Cost of Malware According to Business Week… o From paper by Ross Anderson, et alpaper …cyber crime cost $100B in 2012 o Includes cost of direct, indirect, anticipation (i.e., AV), reputation, etc. Market for AV products o $29 billion in 2008 So, are people spending too much? o “Beware the prophet seeking profit”
Number of Threats Estimates vary by a factor of 2 What to count? o All metamorphic copies? o In 1998, 15,000 automatically generated viruses appeared overnight o May also be some unknown malware Malware is very target-specific o Should you care if you’re not affected?
Speed of Propagation In the past, o Propagation speed measured in months For some malware, speed now measured in minutes or seconds o Not so popular today as when book written Worm propagation
Speed of Propagation
To move curve to the left… o Attacker needs better search strategy o Warhol worm, flash worm, etc. To move curve to the right… o Good guys need better defenses To flatten curve… o Fewer vulnerable hosts/better defenses
People People are social, trusting, etc. o Good for friends, bad for security People are often the problem o Social engineering attacks scams People click on links o Some people cannot not click on a link…
People People don’t demand enough of software vendors o With respect to security, that is People want features, not security o Security is an anti-feature --- no attacks My perspective… o Don’t fight against human nature o Users don’t want to be security experts o We don’t expect everyone to service their car, repair their drywall, etc.
About this Book Chapter 2: groundwork o Definitions and malware timeline Chapter 3: viruses Chapter 4: anti-virus techniques Chapter 5: anti-anti-virus techniques Chapter 6: exploited weaknesses o Both technical and social
About this Book Chapter 7: worms Chapter 8: defenses against worms Chapter 9: applications of malware Chapter 10: people who create malware and defend against it Chapter 11: final thoughts
About this Book Endnotes o 1 thru additional related content o 100 and up --- citations and pointers Lots of “can”, “could”, “may”, “might” o Not because author is wishy-washy o Because malware is malleable Not a programming book, but programming knowledge is assumed
Words of Warning Working with malware is risky Do all work in a lab or virtual machine disconnected from the network Creating/distributing malware may violate local laws o Criminal and/or civil penalties possible Defensive techniques can cause legal trouble too (e.g., patents)