copyright, 1995-2006 1 the malware menagerie roger clarke, xamax consultancy, canberra visiting...
TRANSCRIPT
![Page 1: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/1.jpg)
Copyright,1995-2006
1
The Malware Menagerie
Roger Clarke, Xamax Consultancy, CanberraVisiting Professor in Cyberspace Law & Policy at
U.N.S.W., eCommerce at Uni of Hong Kong, Computer Science at
A.N.U.
http://www.anu.edu.au/people/Roger.Clarke/ ...
... / EC/SecyMq-Malware.ppt
LAW 868 – Electronic Commerce and the Law
Macquarie University – 14 September 2006
![Page 2: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/2.jpg)
Copyright,1995-2006
2
The Malware MenagerieAgenda
• Virus• Worm• Trojan Horse• Spyware• Bots / Robots /
Agents
• Backdoor / Trapdoor• Zombie• Exploit• Bug• Phishing
http://www.wikipedia.org/<term>
![Page 3: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/3.jpg)
Copyright,1995-2006
3
Infiltration by Software with a Payload
Software (the ‘Vector’)
• Pre-Installed• User-Installed• Virus• Worm• ...
Payload• Trojan:
• Undocumented• Documented
• Spyware:• Software Monitor• Adware• Keystroke Logger• ...
![Page 4: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/4.jpg)
Copyright,1995-2006
4
Viruses and Worms• A Virus is a block of code that inserts copies of itself
into other programs. A virus generally carries a payload, which may have nuisance value, or serious consequences. To avoid early detection, viruses may delay the performance of functions other than replication
• A Worm is a program that propagates copies of itself over networks. It does not infect other programs.
• Viruses and Worms flourish because of:• the naiveté of users• inadequate care by some I.S. professionals• OS and apps distributed in a culpably insecure state
![Page 5: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/5.jpg)
Copyright,1995-2006
5
Trojan Horses
A program thatpurports to perform a useful function
(and may do so)but certainly performs malicious
functionse.g. keystroke recorders embedded in
utilities
![Page 6: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/6.jpg)
Copyright,1995-2006
6
Spyware• Software that surreptitiously:
• gathers data within a devicee.g. about its user, or the uses made of it
• makes it available to some other party• Key applications:
• keystroke loggers (esp. for passwords)• monitoring of user behaviour for
consumer marketing purposes (‘adware’)
• monitoring of uses of copyright works(software, audio, video)
![Page 7: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/7.jpg)
Copyright,1995-2006
7
Bots / Robots / Agents
• Software that interacts with other software or human users as though it were a human
• Web crawlers or spiders• Re enquiries / requests / incident reports
• Auto-acknowledgement• Auto-response
• Automated Trading• Online Games
![Page 8: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/8.jpg)
Copyright,1995-2006
8
Backdoors / Trapdoors
Any planned means whereby a user can surreptitiously
gain unauthorised access to an Internet node
e.g. a feature of a package intended to enable maintenance programmers to gain access, or a feature added into a
program by a virus
![Page 9: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/9.jpg)
Copyright,1995-2006
9
‘Zombies’
• A common use of Trojan Horses• Establishes a large number of
processors, scattered around the Internet, that are under central or timed control (hence ‘zombies’)
• These are referred to as a Botnet• They can be used to:
• perform DDoS attacks• send Spam
![Page 10: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/10.jpg)
Copyright,1995-2006
10
Exploits
• An Exploit is an established way of performing an attack on a vulnerability
• Standard techniques are supported by established guidelines and programming code, which circulate on the Internet
• Code that enables easy performance of an exploit is expressed in a script
• ‘Script Kiddies’ is a derogatory term for relatively unskilled crackers who rely on techniques and program code developed by others
![Page 11: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/11.jpg)
Copyright,1995-2006
11
Bugs
• Errors in software (systems software esp. MS Windows) or applications (esp. MSIE)
• They may create vulnerabilities• The vulnerabilities may be attacked by
crackers• This gives rise to the need for urgent patches
http://www.microsoft.com/technet/security/current.aspx
AusCERT Security Alertshttp://national.auscert.org.au/render.html?cid=2998Commercial Services, e.g. http://secunia.com/advisories/
![Page 12: Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce](https://reader035.vdocuments.us/reader035/viewer/2022062618/55146413550346494e8b5a89/html5/thumbnails/12.jpg)
Copyright,1995-2006
12
Phishing
• Sending people e-mail messages in order to lure them into divulging sensitive data
• The data sought is commonly passwords and credit-card details
• The sender commonly assumes a relatively highly trusted identity e.g. a fin’l institution
• The data is commonly keyed into a web-form on a site that purports to be operated by the trusted identity