1. Chapter 1 We’ve Got Problems…

2. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs --- software flaws  DoS --- denial of service  Malware --- malicious software o The “real war” is waged with malware

3. Why Study Malware?  Deepest connections to other three o Propagated using spam o Used to send spam o Take advantage of bugs o Used to mount DoS attacks  Addressing malware vital to improving computer security  Computer security vital to protecting critical infrastructure

4. Myth of Absolute Security  The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford  People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems. — Bruce Schneier

5. Risk Management  Risk others pose to you: 6 factors 1. Importance of the information 2. Impact if the security is breached 3. Who is the potential attacker 4. Attacker’s skills and resources 5. Constraints imposed by legitimate use 6. Resources available for security  Also, risk you pose to others…

6. Cost of Malware  Difficult to assess  “Real costs” and “hidden costs”? o We’ll say direct costs and indirect costs  Direct costs --- computer is down, resources devoted to security, etc.  Indirect costs --- reputation, leaked information, etc.  Also costs to individuals

7. Cost of Malware  According to Business Week… o From paper by Ross Anderson, et alpaper  …cyber crime cost $100B in 2012 o Includes cost of direct, indirect, anticipation (i.e., AV), reputation, etc.  Market for AV products o $29 billion in 2008  So, are people spending too much? o “Beware the prophet seeking profit”

8. Number of Threats  Estimates vary by a factor of 2  What to count? o All metamorphic copies? o In 1998, 15,000 automatically generated viruses appeared overnight o May also be some unknown malware  Malware is very target-specific o Should you care if you’re not affected?

9. Speed of Propagation  In the past, o Propagation speed measured in months  For some malware, speed now measured in minutes or seconds o Not so popular today as when book written Worm propagation

10. Speed of Propagation

11.  To move curve to the left… o Attacker needs better search strategy o Warhol worm, flash worm, etc.  To move curve to the right… o Good guys need better defenses  To flatten curve… o Fewer vulnerable hosts/better defenses

12. People  People are social, trusting, etc. o Good for friends, bad for security  People are often the problem o Social engineering attacks  Email scams  People click on links o Some people cannot not click on a link…

13. People  People don’t demand enough of software vendors o With respect to security, that is  People want features, not security o Security is an anti-feature --- no attacks  My perspective… o Don’t fight against human nature o Users don’t want to be security experts o We don’t expect everyone to service their car, repair their drywall, etc.

14. About this Book  Chapter 2: groundwork o Definitions and malware timeline  Chapter 3: viruses  Chapter 4: anti-virus techniques  Chapter 5: anti-anti-virus techniques  Chapter 6: exploited weaknesses o Both technical and social

15. About this Book  Chapter 7: worms  Chapter 8: defenses against worms  Chapter 9: applications of malware  Chapter 10: people who create malware and defend against it  Chapter 11: final thoughts

16. About this Book  Endnotes o 1 thru 99 --- additional related content o 100 and up --- citations and pointers  Lots of “can”, “could”, “may”, “might” o Not because author is wishy-washy o Because malware is malleable  Not a programming book, but programming knowledge is assumed

17. Words of Warning  Working with malware is risky  Do all work in a lab or virtual machine disconnected from the network  Creating/distributing malware may violate local laws o Criminal and/or civil penalties possible  Defensive techniques can cause legal trouble too (e.g., patents)