By: Reshma M RMannam Foundation Centre for Education TechnologySocial ScienceReg No: 16915373009

Short for “malicious software.” Designed to infiltrate a system

without owner’s consent. General term that defines a

variety of hostile, intrusive, or annoying program code.

Creator’s perceived intent defines software as malware.

A 2008 report released by Symantec suggested: Releases of malicious code may be exceeding

rates of legitimate software applications. Primarily released through the Internet.

Email Web sites

Shaoxing, China was named the malware capital of the world by Symantec in 2010.

Early malware, including worms & viruses were written as pranks.

Today, most malware possesses intent to destroy systems including: Files Web pages

Estimated that about 1 in 10 web pages contain malicious code.

Many others create “zombie computers” that aid in advertising for profit motive. Tells infected computers to send spam email.

Spyware is a form of malware. It monitor’s web browsing & displays

unsolicited advertisements. Do not spread like viruses.

Simply exploit security holes

Basis of laws against malware include: Hacking Copyright Infringement Child Porn Privacy Fraud Destruction of property (Denial-of-Service

attacks) Harassment Identity theft

The basis for cybercrime laws is large in scope. As endless as non-cyber crime laws.

U.S. laws continually get passed at the state & Federal levels of government. Protect users of the web.

Civil and criminal means of prosecution Example:

http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=210602182

US cybercrime laws are catching up. Some that help to combat malware are not as

archaic. However, there are still hurdles when the

courts are out touch with reality. Example: Virginia anti-spam law struck down by

the state’s Supreme CourtoSaid it violated 1st Amendment right to freedom of

speech.ohttp://www.cybercrimelaw.org/2008/09/12/virginia-

supreme-court-strikes-down-states-anti-spam-law/

Technology is constantly changing. Creates concern that at any given time,

cybercrime legislation falls out of date.

Large amounts of malware originate in foreign countries. Extradition laws not always up-to-date. New treaties help to combat problems.

http://www.arnnet.com.au/article/345145/efa_cybercrime_treaty_will_trigger_tougher_laws/

Google said malicious software has been used to spy on Vietnamese computers

The malware targeted tens of thousands of people.

The malware has been used to attack blogs containing messages of political dissent.

Security Issues

The prevalence of broadband internet has

allowed for a wave of malware solely intended to

reap benefits.

Downloading programs & sharing software has

created opportunities for malware

Use of a standard password for access control can create vulnerabilities

A large percentage of users do not change their passwords from that established by the manufacturer causing the passwords to be easily obtainable

Public access points, such as airports & coffee shops, offer little or no security.

Penalties are depend on the level of severity of the attack.

In some cases, credit & debit card data is stolen; this level of mayhem constitutes malware fraud felony, which can lead the perpetrators to serve numerous years in prison as well as pay enormous fines.

If a site has links to malware sites, then the link is removed from their name in the SERPs (search engine results pages).

This feature is designed so that the site owners become aware of the malware issue.

Google Penalty Types There are various penalty types that have been

found as follows;I. The “Minus Thirty” Penalty II. The “950 Penalty”III. The Position 6 Penalty

A Google penalty is a punishment Google gives to sites they feel do not meet certain quality standards.

This can spell disaster for companies who run their business through their web sites.

Very difficult to identify the criminals who spy on Vietnamese’s websites as the other side are Chinese government.

Using Malware for damaging purposes:

To attack blogs containing messages of political dissent. (Invasion of Privacy)

Vietnam is lack of laws & investigators with the requisite experience or even the equipment to collect evidence to fight cyber crime which include malware through google.

Compromising Confidentiality: 18 U.S.C. § 1030(a)(2)(c)

Intentionally access a computer without or in excess of authorization

Penalties: Violations of section 1030(a)(2) are misdemeanors punishable by a fine or a one-year prison term, unless aggravating factors apply.

A violation or attempted violation of section 1030(a)(2) is a felony if: committed for commercial advantage or private financial gain, committed in furtherance of any criminal or tortuous act in violation of the Constitution or laws of the United States or of any State, or the value of the information obtained exceeds $5,000.

Historical Data: Computer crime cost Vietnam US$1.76 billion in 2008

Vietnam should have security systems& computer crime laws as fast as possible by using the U.S. laws as a benchmarking.

With penalties, cyber crime might be reduce.

Source:http://www.straitstimes.com/Breaking%2BNews/SE%2BAsia/Story/STIStory_354440.html

Must be aware at all times of potential attacks.

Must make employees aware of the dangers of malware.

Must take preventive measures against malware attacks.

Must be aware of the legal & reporting measures to stop the spread of malware.