Copyright,1995-2006

1

The Malware Menagerie

Roger Clarke, Xamax Consultancy, CanberraVisiting Professor in Cyberspace Law & Policy at

U.N.S.W., eCommerce at Uni of Hong Kong, Computer Science at

A.N.U.

http://www.anu.edu.au/people/Roger.Clarke/ ...

... / EC/SecyMq-Malware.ppt

LAW 868 – Electronic Commerce and the Law

Macquarie University – 14 September 2006

Copyright,1995-2006

2

The Malware MenagerieAgenda

• Virus• Worm• Trojan Horse• Spyware• Bots / Robots /

Agents

• Backdoor / Trapdoor• Zombie• Exploit• Bug• Phishing

http://www.wikipedia.org/<term>

Copyright,1995-2006

3

Infiltration by Software with a Payload

Software (the ‘Vector’)

• Pre-Installed• User-Installed• Virus• Worm• ...

Payload• Trojan:

• Undocumented• Documented

• Spyware:• Software Monitor• Adware• Keystroke Logger• ...

Copyright,1995-2006

4

Viruses and Worms• A Virus is a block of code that inserts copies of itself

into other programs. A virus generally carries a payload, which may have nuisance value, or serious consequences. To avoid early detection, viruses may delay the performance of functions other than replication

• A Worm is a program that propagates copies of itself over networks. It does not infect other programs.

• Viruses and Worms flourish because of:• the naiveté of users• inadequate care by some I.S. professionals• OS and apps distributed in a culpably insecure state

Copyright,1995-2006

5

Trojan Horses

A program thatpurports to perform a useful function

(and may do so)but certainly performs malicious

functionse.g. keystroke recorders embedded in

utilities

Copyright,1995-2006

6

Spyware• Software that surreptitiously:

• gathers data within a devicee.g. about its user, or the uses made of it

• makes it available to some other party• Key applications:

• keystroke loggers (esp. for passwords)• monitoring of user behaviour for

consumer marketing purposes (‘adware’)

• monitoring of uses of copyright works(software, audio, video)

Copyright,1995-2006

7

Bots / Robots / Agents

• Software that interacts with other software or human users as though it were a human

• Web crawlers or spiders• Re enquiries / requests / incident reports

• Auto-acknowledgement• Auto-response

• Automated Trading• Online Games

Copyright,1995-2006

8

Backdoors / Trapdoors

Any planned means whereby a user can surreptitiously

gain unauthorised access to an Internet node

e.g. a feature of a package intended to enable maintenance programmers to gain access, or a feature added into a

program by a virus

Copyright,1995-2006

9

‘Zombies’

• A common use of Trojan Horses• Establishes a large number of

processors, scattered around the Internet, that are under central or timed control (hence ‘zombies’)

• These are referred to as a Botnet• They can be used to:

• perform DDoS attacks• send Spam

Copyright,1995-2006

10

Exploits

• An Exploit is an established way of performing an attack on a vulnerability

• Standard techniques are supported by established guidelines and programming code, which circulate on the Internet

• Code that enables easy performance of an exploit is expressed in a script

• ‘Script Kiddies’ is a derogatory term for relatively unskilled crackers who rely on techniques and program code developed by others

Copyright,1995-2006

11

Bugs

• Errors in software (systems software esp. MS Windows) or applications (esp. MSIE)

• They may create vulnerabilities• The vulnerabilities may be attacked by

crackers• This gives rise to the need for urgent patches

http://www.microsoft.com/technet/security/current.aspx

AusCERT Security Alertshttp://national.auscert.org.au/render.html?cid=2998Commercial Services, e.g. http://secunia.com/advisories/

Copyright,1995-2006

12

Phishing

• Sending people e-mail messages in order to lure them into divulging sensitive data

• The data sought is commonly passwords and credit-card details

• The sender commonly assumes a relatively highly trusted identity e.g. a fin’l institution

• The data is commonly keyed into a web-form on a site that purports to be operated by the trusted identity