People and Communities Malware Authors virus writers have a chronic lack of girlfriends are usually socially inadequate and are drawn compulsively to write selfreplicating codes Jan ID: 269357
Download Presentation The PPT/PDF document "Chapter 10" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Chapter 10
People and CommunitiesSlide2
Malware Authors
“... [virus writers] have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes.” --- Jan
Hruska
,
Sophos
Little is known about malware writers
Why?Slide3
Malware Authors: Who?
Stereotype: 16 year old male living in his parents’ basement in Norway
Also college students, professionals,…
“gender differences in moral development may partially explain the lack of females”
Many virus writers “grow out of it”
Among malware writers
General distaste for destructive codeSlide4
Malware Authors: Who?
Technical skill of virus writers?
AV community think little of virus writers skills
Skill level has probably improved since book written
Why?Slide5
Malware Authors: Why?
Many possible reasons
Fascination with technology --- create software to outwit AV people (game)
Fame --- among malware writers
Graffiti --- “form of expression”
Revenge --- disgruntled employee, etc.
Ideology --- hard to assess, but perhaps Code Red is an exampleSlide6
Malware Authors: Why?
Commercial sabotage --- e.g., attack to reduce company’s stock price
Extortion --- e.g.,
cryptovirology
Warfare and espionage --- info warfare,
cyberterrorism
Malware battles --- for example,
Mydoom/Netsky/Bagle
in
2004
60 variants in 3 months, “attacked” each other
Commercial gain --- writers paid for their work, e.g.,
botnets
for spamSlide7
Malware Authors: Why?
Author
say
s
graffiti
angle
“
interesting
…
deserves
further research”
What do you think?
Virus writing as a glorified prank?
Maybe true in the past
Probably not so much today
Now there is more of a profit motiveSlide8
AV Community
Like virus writers, not a lot written about AV people either
Seems to me…
They’re just ordinary geeks
Like everybody else you knowSlide9
Perceptions
Conspiracy theory
AV people write/plant malware
No evidence to support this and…
…lots of evidence to contrary
Effort spent on “unknown” malware
Way more malware than “necessary”, etc.
AV people do need to keep up
Research, study VX sites, etc.Slide10
Another Day in Paradise
AV workday is long
“80 hour work week is not uncommon”
Sounds like Silicon Valley to me…
AV company maintains
Databases of malware and
goodware
Suspicious
file arrives
from
honeypot
, customer,
or other source
File first compared to both databases
If not in either, analyze itSlide11
Another Day in Paradise
If file is malware…
Update signatures, AV software, databases
Distribute updates
AV
employee
workday is long
AV
company
workday is endless
Around-the-clock coverage
Offices in different time zones, continuous threat monitoring, etc., etc.Slide12
Customer Demands
What do customers want?
100% detection with no false positives
What to detect? Malware
and
what
?
Gray area detection
--- “delicate issue”
Jokes and games
Cracking tools
Adware/Spyware
Remote administration tools (
RATs
)
Legal concerns
wrt
false positivesSlide13
Engineering
Malware can be classified as:
In the wild --- active in real world
In the zoo --- not active
WildList
Organization
Much easier to only detect malware that is “in the wild”, i.e., active
Orders of magnitude
less malware
So, i
s
this a good idea for AV company?Slide14
Open Questions
Should
AV
software also:
Provide a firewall?
Provide content filtering?
Perform spam detection?
Apply software patches?
Other?Slide15
Open Questions
AV people reverse engineer software
Is this legal?
Users may look at quarantined files
Could this violate privacy laws?
What about false positives?
AV software is almost universally used
So, if you don’t use it, could you be held legally negligent?