CSC 379 SUM2008:Week 3, Group 2: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
Line 19: Line 19:
An additional form of malware is BOTS.  BOTS infect a computer and lie dormant until instructions are sent.  BOTS are responsible for most of the spam that is propogated.  Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond.
An additional form of malware is BOTS.  BOTS infect a computer and lie dormant until instructions are sent.  BOTS are responsible for most of the spam that is propogated.  Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond.


===Evolution of Malware Distribution===


(THIS IS A DRAFT AND WILL BE CHANGED SHORTLY)
===Evolution of Threat Speed===


Back at the dawn of the scan age, when the first antivirus products crawled out of the primordial ooze, a model arose for the efficient detection of computer viruses.
<working...>


File infecting viruses spread upon a system by infecting innocent files in a fairly chaotic confusion. So a virus could exist almost anywhere on the drive system. Often they existed all over the drive system.
Based on a report in the Wall Street Journal [1], in 1999 it would take up to 281 days from the time that a computer system security flaw was announced until a malicious code would take advantage of that. However as of January 2004 this number declined to 10. The rate of the distribution has changed dramatically as well. Based on an article that was published by the CERT Coordination Center at Carnegie Mellon University, as of January 2003 a SQL based worm (slammer) infected ninety percent of the vulnerable servers within the first 10 minutes of the distribution. Currently it takes only 6 days between the revelation of a vulnerability and the release of its exploit. Given that the average time that it takes to release a patch for the exploited flaw is 54 days [2] which means that it is not very effective.


As numbers increased, and antivirus companies battled it out by claiming they detected more viruses, a model arose for testing antivirus claims. The model correctly focused on testing how viruses really spread and how antivirus products actually scanned. And of course "big numbers" was construed as a good thing. However, the majority of viruses never actually infected users systems, and thus did not constitute a real world threat.


Then, in 1993, a system of cooperative reporting arose that enabled developers and testers to focus more on the actual threat. It was called the WildList and allowed testers to fine tune testing, by moving away from mere numbers and focusing on the reality of the virus threat.


Since the original WildList appeared, the nature of the actual threat to users has changed dramatically. Viruses (that is true viruses that infect files all over the system) are now nearly extinct. Recent WildLists have only a handful of true viruses. Most threats on the WildList today are actually worms. However in today's reality, viruses and worms are comparatively rare. They are a miniscule part of the real and present threats to users.
===Evolution of Threat Stealth===
 
Financial motivations cause malwares to become more advanced in hiding and preventing detection. Rootkits and bots are some of the tools that malwares are using to hide themselves [3]. Since the number of different viruses and worms is doubling every six month [4], the chance of persisting undiscovered malwares increases dramatically. However as the antivirus and anti spyware applications evolving and providing a better protection for the operating systems, most of the malware authors have focused on higher level web applications which are more vulnerable due to the lack of defense, and that has caused lot of privacy violation incidents [5, 6].
For example, at the time of this writing, the WildList (August 2007) says that 580 threats have been reported during the past six months. By contrast, at the time of this writing, the malware research lab at Lavasoft received 1500 new threats over the past weekend.


===Ethical Concerns of New Malware===
===Ethical Concerns of New Malware===

Revision as of 01:11, 26 July 2008

Costs and Benefits of Malware Countermeasures

Examine the changing nature of malware distribution and forms. What ethical concerns are raised by this new set range of threats? Examine the effects (costs and benefits) of countermeasures designed to address these new threats.

Evolution of Malware

Many early viruses were not written to cause serious harm to computers, but were rather written as experiments or pranks meant to be annoying. For instance, the first internet worm was not intended to cause the millions in damage, but was rather written to gauge the size of the internet. Even the Melissa virus, written in 1999, was originally intended as a prank.

Another category of malware that appeared is the type intended to cause data loss. These can either delete files on a hard disk or corrupt a file system by writing junk data. This can be compared to graffiti, as the author's tag follows the malware as it spreads.

Since 2003, another form of malware that has become increasingly widespread is software intended for profit. The rise of broadband internet access has allowed this form of malware to spread. These can include viruses and worms designed to take control of computers for exploitation or denial-of-service attacks designed for extortion.

Furthermore, a new form of for-profit malware that has emerged is spyware. Unlike other viruses, spyware is not spread through email, but rather installed through exploiting security holes or packaged with software. Spyware is designed to monitor a user's web-surfing, display advertisements, or redirect affiliate marketing revenue to the creator.

An additional form of malware is BOTS. BOTS infect a computer and lie dormant until instructions are sent. BOTS are responsible for most of the spam that is propogated. Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond.


Evolution of Threat Speed

<working...>

Based on a report in the Wall Street Journal [1], in 1999 it would take up to 281 days from the time that a computer system security flaw was announced until a malicious code would take advantage of that. However as of January 2004 this number declined to 10. The rate of the distribution has changed dramatically as well. Based on an article that was published by the CERT Coordination Center at Carnegie Mellon University, as of January 2003 a SQL based worm (slammer) infected ninety percent of the vulnerable servers within the first 10 minutes of the distribution. Currently it takes only 6 days between the revelation of a vulnerability and the release of its exploit. Given that the average time that it takes to release a patch for the exploited flaw is 54 days [2] which means that it is not very effective.


Evolution of Threat Stealth

Financial motivations cause malwares to become more advanced in hiding and preventing detection. Rootkits and bots are some of the tools that malwares are using to hide themselves [3]. Since the number of different viruses and worms is doubling every six month [4], the chance of persisting undiscovered malwares increases dramatically. However as the antivirus and anti spyware applications evolving and providing a better protection for the operating systems, most of the malware authors have focused on higher level web applications which are more vulnerable due to the lack of defense, and that has caused lot of privacy violation incidents [5, 6].

Ethical Concerns of New Malware

<Work in Progress>

As malware has evolved over the years, so have the ethical concerns associated with them.

Costs and Benefits of Countermeasures

working

Links and Sources