Security: Mal-Ware

Vainstein Maxim & Emanuel Hahamov

Seminar in Software Design 2005/6, CS, Hebrew University

Malicious Software Definition

“Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

Material changes that affect their user experience, privacy, or system security;

Use of their system resources, including what programs are installed on their computers; and/or

Collection, use, and distribution of their personal or other sensitive information.”

Anti-Spyware Coalition, Working Report October 27, 2005

Computer Virus Timeline

1949 Theories for self-replicating programs are first developed.

1960 Experimental self-replicating programs were first produced.

1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.

1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.”

1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive.

Computer Virus Timeline – Cont.

1987 The Lehigh virus, one of the first file viruses, infects command.com files.

1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks.

1990 Symantec launches Norton AntiVirus, one of the first antivirus programs developed by a large company.

1991 Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

Motives of Malicious Coders

Fun / Hobbyists

Fame And Fortune

Experienced Coders Pushing the Envelope (Security Forum)

The Disgruntled Loner (Criminals)

Underlying Technology

Tracking Software Advertising Display Software Remote Control Software Dialing Software System Modifying Software Security Analysis Software Automatic Download Software Passive Tracking Technologies

Tracking Software

Used to monitor user behavior or gather information about the user, sometimes including personally

identifiable or other sensitive information.

Spyware / Snoopware

Keylogger (Unauthorized)

Screen Scraper (Unauthorized)

Advertising Display Software

Any program that causes advertising content to be displayed.

Remote Control Software

Used to allow remote access or control of computer systems

Backdoors Botnets (a jargon term for a

collection of software robots, or

bots, which run autonomously)

Droneware (Programs

used to take remote control of

a computer and typically use to

send spam remotely or to host

offensive web images)

Dialing Software

Used to make calls or access services through a modem or Internet connection.

Unauthorized Dialers

System Modifying Software

Used to modify system and change user experience: e.g. home page, search page, default media player, or

lower level system functions Hijackers Rootkits Exploit

Security Analysis Software

Used by a computer user to analyze or circumvent security protections

Hacker Tools (including port scanners)

Automatic Download Software

Used to download and install software without user interaction

Trickles

Passive Tracking Technologies

Used to gather limited information about user activities

without installing any software on the user’s computers

Unauthorized Tracking Cookies

Detection & Protection

AntivirusFirewallAntispyware Gateway (VPN, Proxy, Router etc)Advanced Techniques

Antivirus

Symantec AV (NAV) AVG Kaspersky AV Avast AV McAfee AV NOD32 AV E-Trust AV Trend Micro AV Panda AV

Free Online Scan (All AVs)

Firewall

Zone Alarm Sygate Kerio Personal FW Windows FW (XP-SP2) Norton Internet Security Tiny Personal FW Outpost

Antispyware

MS Windows Antispyware

AdAware SE Personal Spyware Doctor A-Square (a2)

Antivirus vs. Antispyware

“Antispyware systems deals with groups of not so harmful, but really annoying pests. Such file, like annoying and unwanted toolbars, is the main aim of such type security system. Antispyware simply ignores destructive viruses (just like antiviral systems ignore spyware) and concentrates on detecting spies, pop-ups, tracking cookies and other junk, which sometimes may harm the infected PC.”

Gateway

NAT / Router

(Network Address Translation) ADSL Alcotel Windows 2000/2003 Server

VPN (Virtual Private Network) Checkpoint VPN-1 Cisco VPN Instant VPN Win-Gate VPN

Proxy

Advanced Techniques

Group Policy Management Windows 2000/2003 Domain Server

Intrusion Detection Systems (IDS) Cisco IPS Sensor Software

DMZ (Demilitarized Zone / Virtualization) VE2 / VELITE SecureOL Shadow User VMWare / MS Virtual PC

SandBox Terminal Servers