DOCSLIB.ORG

Identifying and Detecting Attacks in Industrial Control Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Identifying and Detecting Attacks in Industrial Control Systems Identifying and Detecting Attacks in Industrial Control Systems Nilufer Tuptuk A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy of University College London. UCL DEPARTMENT OF COMPUTER SCIENCE UCL DEPARTMENT OF SECURITY AND CRIME SCIENCE University College London May 29, 2019 2 I, Nilufer Tuptuk, confirm that the work presented in this thesis is my own. Where information has been derived from other sources, I confirm that this has been indicated in the work. Abstract The integrity of industrial control systems (ICS) found in utilities, oil and natural gas pipelines, manufacturing plants and transportation is critical to national well- being and security. Such systems depend on hundreds of field devices to manage and monitor a physical process. Previously, these devices were specific to ICS but they are now being replaced by general purpose computing technologies and, increasingly, these are being augmented with Internet of Things (IoT) nodes. Whilst there are benefits to this approach in terms of cost and flexibility, it has attracted a wider community of adversaries. These include those with significant domain knowledge, such as those responsible for attacks on Iran’s Nuclear Facil- ities, a Steel Mill in Germany, and Ukraine’s power grid; however, non-specialist attackers are becoming increasingly interested in the physical damage it is possible to cause. At the same time, the approach increases the number and range of vulnera- bilities to which ICS are subject; regrettably, conventional techniques for analysing such a large attack space are inadequate, a cause of major national concern. In this thesis we introduce a generalisable approach based on evolutionary mul- tiobjective algorithms to assist in identifying vulnerabilities in complex heteroge- neous ICS systems. This is both challenging and an area that is currently lack- ing research. Our approach has been to review the security of currently deployed ICS systems, and then to make use of an internationally recognised ICS simulation testbed for experiments, assuming that the attacking community largely lack spe- cific ICS knowledge. Using the simulator, we identified vulnerabilities in individual components and then made use of these to generate attacks. A defence against these attacks in the form of novel intrusion detection systems were developed, based on Abstract 4 a range of machine learning models. Finally, this was further subject to attacks cre- ated using the evolutionary multiobjective algorithms, demonstrating, for the first time, the feasibility of creating sophisticated attacks against a well-protected adver- sary using automated mechanisms. Impact Statement The objective of the research described in this thesis is to develop an approach that can be used to identify vulnerabilities in Industrial Control Systems (ICS). ICS are used to monitor and control many of the national critical services, including energy production, manufacturing plants, chemical processing, financial services, trans- portation and healthcare, to a name but a few. Any failures or disruptions can have severe consequences, from economic damage and lost production, through injury and loss of life, to catastrophic nation-wide effects. The security of these systems is therefore important to national security as well as individual manufacturing enter- prises. As a result, research in this area is of significant interest to policy makers, industry and academia. Given the novelty of Internet-facing ICS to the attacker communities, the po- tential variety of attacks is extensive and unknown. The only way we can begin to understand our exposure to the risk of attack is to conduct practical research studies in which systems and countermeasures are actively attacked in advance of deployment. Recognising that conducting experiments on real systems is not safe and is often not feasible, this research offers an alternative: to create realistic ICS testbeds, and carry out attacks diagnosed to identify vulnerabilities proactively in- stead of waiting for the adversaries to find these vulnerabilities. Our methodology is a new approach to the design of better security. It can be implemented by those that do not have special security knowledge needed to test their systems for vul- nerabilities, in a more conventional manner to help them in making security related decisions. This research has further benefits for academia. The research carried out ap- Impact Statement 6 plies to several academic domains: control engineering, information security and evolutionary computation. Control engineers can use the insight gained from this work to analyse the implications of security on process control, and to design security-aware control algorithms. The detection models we built will interest the information security, machine learning and the fault detection and diagnosis com- munities. The training dataset we have generated in this thesis contains a rich set of attacks; this will be made opensource and will provide a new resource to the research community in this area who are currently reliant on a limited set of exam- ples. We designed a methodology for securing ICS using evolutionary multiobjec- tive optimisation algorithms, and applied this to a domain that is more realistic than has been. Existing studies that make use of adversarial machine learning and evo- lutionary computation tend to focus on simplified examples. ICS security is currently on the agenda of many governmental bodies, stan- dards bodies and business. This research will be beneficial in understanding some of the security threats we are facing, both as the community of attackers changes and as ICS become increasingly Internet facing. Finally, the potential of our ap- proach to handle complexity makes it ideal for application to the IoT systems that underpin Industry 4.0 since these have more complex dynamics and a much larger attack surface. Acknowledgements Firstly, I would like to express my sincere gratitude to my supervisor, Prof. Stephen Hailes for his constant guidance, patience, motivation and support throughout the completion of this thesis. Thank you for always being available, you were always very generous, kind and helpful. Thank you to my second supervisor Prof. David Pym. Thank you to Dr. Bill Langdon and Dr. Hector Menendez for showing interest in my work, and helping me to understand the field of evolutionary computation. I am grateful to Prof. Richard Wortley for his valuable support throughout the years, and giving me the opportunity to do this PhD as part of the UCL Security Science Doctoral Training Centre (SECReT). I would like to also say thank you to administrative staff for their support, and my fellow PhD students at the Department of Security and Crime Science for all the good times and laughs. Thank you to staff and students at the Department of Computer Science for creating a positive and enjoyable work environment. To all my friends: thank you for your friendship, support and patience through- out the years, with special thanks to Rae and Veronika, for always cheering me up and listening to me. I am thankful to my parents, my sisters, my three year and a half old niece Aliya (for reminding me that “a good rabbit never gives up”), and my extended family for their love, support and encouragement, without them none of this would have been possible. Finally, I would like to express my gratitude for the generous funding awarded by the Engineering and Physical Sciences Research Council (EPSRC). The research Acknowledgements 8 presented here was made possible through the grant provided via the EPSRC Secu- rity Science Doctoral Training Centre with reference number EP/G037264/1. The final year of this work was supported by the PETRAS – EPSRC IoT Research Hub. Contents 1 Introduction 23 1.1 Motivation . 24 1.1.1 Attacks against Industrial Control Systems . 27 1.1.2 Security of Industrial Control Systems . 29 1.2 Research Questions . 31 1.3 Thesis Structure and Key Contributions . 32 1.4 List of Publications . 35 2 Background 37 2.1 Terminology . 38 2.2 History of Attacks . 39 2.2.1 Nuclear Power Plants . 40 2.2.2 Petrochemical Plants . 41 2.2.3 Wind Turbines and Solar Systems . 42 2.2.4 Factories . 43 2.2.5 Tunnels . 44 2.2.6 Electricity Industry . 45 2.2.7 Oil and Gas Industry . 46 2.2.8 Water Treatment Systems and Canals . 48 2.2.9 Defence Industry . 49 2.2.10 Traffic Lights . 49 2.2.11 Transportation Systems . 50 2.2.12 Ports . 51 Contents 10 2.3 ICS Attack Taxonomy . 52 2.3.1 Threat Origin . 52 2.3.2 Threats . 54 2.3.3 Attack Vectors . 56 2.3.4 Vulnerabilities . 58 2.3.5 Initial Infection . 60 2.3.6 Attack Impact . 60 2.3.7 Countermeasures . 61 2.4 Summary . 61 3 Literature Review 63 3.1 Detecting Attacks on Industrial Control Systems . 63 3.1.1 Performance Metrics for Intrusion Detection Systems . 63 3.1.2 Intrusion Detection for ICS Network and Hosts . 65 3.1.3 Anomaly Detection in Process Control . 68 3.2 Evolutionary Computation . 73 3.2.1 Evasion and Adversarial Learning . 74 3.2.2 Coevolution Approaches . 78 3.3 Summary . 79 4 Case Study, Threat Model and Methods 80 4.1 Case Study: Tennessee Eastman Process Control Problem . 81 4.1.1 Disturbances . 86 4.2 Threat Model . 89 4.2.1 Denial of Service Attacks . 90 4.2.2 Integrity Attacks . 91 4.2.3 Replay Attacks . 92 4.2.4 Attack Model . 92 4.3 Evolutionary Algorithms and Multiobjective Optimisation . 95 4.3.1 Multiobjective Optimisation . 97 4.3.2 Evolutionary Multiobjective Optimisation Algorithms . 99 Contents 11 4.4 Machine Learning Methods . 108 4.4.1 Decision Trees . 111 4.4.2 Ensemble Learning using Decision Trees . 114 4.4.3 Support Vector Machines . 116 4.4.4 Deep Learning and Deep Neural Network . 125 4.4.5 Recurrent Neural Networks .
Load more

Recommended publications
  • Hacking the Industrial Network
    Hacking the industrial network A White Paper presented by: Phoenix Contact P.O. Box 4100 Harrisburg, PA 17111-0100 Phone: 717-944-1300 Fax: 717-944-1625 Website: www.phoenixcontact.com © PHOENIX CONTACT 1 Hacking the Industrial Network Is Your Production Line or Process Management System at Risk? The Problem Malicious code, a Trojan program deliberately inserted into SCADA system software, manipulated valve positions and compressor outputs to cause a massive natural gas explosion along the Trans-Siberian pipeline, according to 2005 testimony before a U.S. House of Representatives subcommittee by a Director from Sandia National Laboratories.1 According to the Washington Post, the resulting fireball yielded “the most monumental non-nuclear explosion and fire ever seen from space.”2 The explosion was subsequently estimated at the equivalent of 3 kilotons.3 (In comparison, the 9/11 explosions at the World Trade Center were roughly 0.1 kiloton.) According to Internet blogs and reports, hackers have begun to discover that SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems) are “cool” to hack.4 The interest of hackers has increased since reports of successful attacks began to emerge after 2001. A security consultant interviewed by the in-depth news program, PBS Frontline, told them “Penetrating a SCADA system that is running a Microsoft operating system takes less than two minutes.”5 DCS, SCADA, PLCs (Programmable Logic Controllers) and other legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic and railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and beverage lines, industrial processes, automotive assembly lines, and water treatment plants.
    [Show full text]
  • Computer Viruses, in Order to Detect Them
    Behaviour-based Virus Analysis and Detection PhD Thesis Sulaiman Amro Al amro This thesis is submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy Software Technology Research Laboratory Faculty of Technology De Montfort University May 2013 DEDICATION To my beloved parents This thesis is dedicated to my Father who has been my supportive, motivated, inspired guide throughout my life, and who has spent every minute of his life teaching and guiding me and my brothers and sisters how to live and be successful. To my Mother for her support and endless love, daily prayers, and for her encouragement and everything she has sacrificed for us. To my Sisters and Brothers for their support, prayers and encouragements throughout my entire life. To my beloved Family, My Wife for her support and patience throughout my PhD, and my little boy Amro who has changed my life and relieves my tiredness and stress every single day. I | P a g e ABSTRACT Every day, the growing number of viruses causes major damage to computer systems, which many antivirus products have been developed to protect. Regrettably, existing antivirus products do not provide a full solution to the problems associated with viruses. One of the main reasons for this is that these products typically use signature-based detection, so that the rapid growth in the number of viruses means that many signatures have to be added to their signature databases each day. These signatures then have to be stored in the computer system, where they consume increasing memory space. Moreover, the large database will also affect the speed of searching for signatures, and, hence, affect the performance of the system.
    [Show full text]
  • Media Diffusion of Computer Security Threats
    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1-1-2006 It came from the Internet : media diffusion of computer security threats Adam Paul Patridge Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Recommended Citation Patridge, Adam Paul, "It came from the Internet : media diffusion of computer security threats" (2006). Retrospective Theses and Dissertations. 19035. https://lib.dr.iastate.edu/rtd/19035 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. It came from the Internet: Media diffusion of computer security threats by Adam Paul Patridge A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Human Computer Interaction Program of Study Committee: Chad Harms, Major Professor Kim Smith Anthony Townsend Iowa State University Ames, Iowa 2006 Copyright ©Adam Paul Patridge, 2006. All rights reserved. 11 Graduate College Iowa State University This is to certify that the master's thesis of Adam Paul Patridge has met the thesis requirements of Iowa State University Signatures have been redacted for privacy 111 TABLE OF CONTENTS CHAPTER 1. INTRODUCTION 1 CHAPTER 2. LITERATURE REVIEW 4 COMPUTER SECURITY 4 Computer Security Threats 4 Lifespan of a Threat 6 DIFFUSION OF INNOVATION 7 History of Diffusion Research 8 Innovation Adoption Process 10 Diffusion of Innovation Components 12 Diffusion Criticisms 18 RESEARCH QUESTIONS 19 CHAPTER 3.
    [Show full text]
  • Progress Made, Trends Observed a White Paper from the Microsoft Antimalware Team Msrwindows Malicious Software Removalt Tool
    Progress Made, Trends Observed A White Paper from the Microsoft Antimalware Team MSRWindows Malicious Software RemovalT Tool Matthew Braverman Program Manager Microsoft Antimalware Team Acknowledgements I would like to thank the following individuals for their contribution to this paper: Mike Chan, Brendan Foley, Jason Garms, Robert Hensing, Ziv Mador, Mady Marinescu, Michael Mitchell, Adam Overton, Matt Thomlinson, and Jeff Williams The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photo- copying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Copyright © 2006 Microsoft Corporation. All rights reserved.
    [Show full text]
  • Yui Kee Computing Ltd
    Yui Kee Computing Ltd. Newsletter August 2005 Contents Contents..................................................................................................................................... 1 Incident Update ......................................................................................................................... 1 Editors Notes............................................................................................................................. 1 First MSH Viruses..................................................................................................................... 2 Mobile Virus Outbreak.............................................................................................................. 2 Malware Outbreaks Targeting Recent Microsoft Vulnerability ................................................ 2 GIMP reveals PINs.................................................................................................................... 3 German Association for Technical Inspection certifies Sophos Anti-Virus.............................. 4 “Good Worms” are a Bad Idea .................................................................................................. 4 The Devil’s InfoSec Dictionary ................................................................................................ 4 Two Zotob Arrests..................................................................................................................... 4 The End of the Internet?...........................................................................................................
    [Show full text]
  • March 18, Softpedia – (International) Two Ukrainians and One American
    Cyber News for Counterintelligence / Information Technology / Security Professionals 19 March 2014 Purpose March 18, Softpedia – (International) Two Ukrainians and one American charged for role Educate recipients of cyber events to aid in the protection in global cybercrime operation. Two Ukrainians and one American were charged by federal of electronically stored authorities with hacking into the systems of several U.S. banks, government agencies, corporate proprietary, DoD and/or Personally Identifiable payroll processing companies, and brokerage firms in an attempt to steal at least $15 Information from theft, compromise, espionage, and / million between 2012 and 2013. Source: http://news.softpedia.com/news/Two-Ukrainians- or insider threat and-One-American-Charged-for-Role-in-Global-Cybercrime-Operation-432716.shtml Source This publication incorporates March 17, Help Net Security – (International) Mt. Gox CEO doxing was a ploy to spread open source news articles educate readers on security Bitcoin-stealing malware. A researcher at Kaspersky Lab reported that an archive file matters in compliance with USC Title 17, section 107, Para purporting to contain financial and personal information relating to the Mt. Gox Bitcoin a. All articles are truncated to avoid the appearance of service also contains a Windows and a Mac trojan designed to steal users Bitcoin virtual copyright infringement currency. Source: http://www.net-security.org/malware_news.php?id=2733 Publisher * SA Jeanette Greene March 17, Associated Press – (Maryland) Md. nonprofit serving disabled reports data Albuquerque FBI breach. Frederick, Maryland-based Service Coordination Inc., notified about 9,700 clients Editor * CI SA Scott Daughtry March 14 after an individual hacked the computers of the provider and stole Social Security DTRA Counterintelligence numbers and medical information.
    [Show full text]
  • VB100 REVIEW on WINDOWS XP 7 BOOK REVIEW a Bumper Crop of 37 Products Were Let’S Kick Some Bot! Submitted for This Month’S Comparative Review on Windows XP
    JUNE 2007 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT HAPPY FEET AV industry comments on anti-malware testing Péter Ször describes Podloso, the first iPod Linux virus, and looks 3 NEWS at other possible attacks on the iPod. Vulnerabilities galore page 4 IMPROVING THE STATUS QUO 3 VIRUS PREVALENCE TABLE Anti-virus researchers and testers were brought together last month in the first International Antivirus Testing Workshop. Randy Abrams 4 VIRUS ANALYSIS summarizes the AV industry’s thoughts on the Attacks on iPod current state of anti-malware testing. page 2 VB100 REVIEW ON WINDOWS XP 7 BOOK REVIEW A bumper crop of 37 products were Let’s kick some bot! submitted for this month’s comparative review on Windows XP. John Hawes June 2007 has the details. 10 COMPARATIVE REVIEW page 10 Windows XP SP2 28 END NOTES & NEWS This month: anti-spam news & events, and Jessica Baumgart describes the lesser-known, but increasing problem of blog spam. ISSN 1749-7027 COMMENT ‘Agreement was virtually firmly rooted in marketing does not depict the reality of his sponsor’s situation. Despite this, Bit9 may be able to unanimous that the WildList is no contribute valuable false-positive feedback to the AV longer useful as a metric of the community for the benefit of users. ability of a product to protect users.’ The hot topic of the event was the impending demise of the WildList. As Andrew Lee pointed out, anti-virus Randy Abrams, Eset testing exists primarily for marketing. Myles Jordan of Microsoft stated that the reason the industry has hung on AV INDUSTRY COMMENTS ON to the WildList for so long, and will fight to continue ANTI-MALWARE TESTING doing so, is because WildList testing is easy to pass.
    [Show full text]
  • Using Host-Based Antivirus Software
    NIST Special Publication 1058 Using Host-Based Antivirus Software on Industrial Control Systems: Integration Guidance and a Test Methodology for Assessing Performance Impacts Joe Falco, NIST Steve Hurd, SNL Dave Teumim, Teumim Technical, LLC. Using Host-Based Antivirus Software on Industrial Control Systems: Integration Guidance and a Test Methodology for Assessing Performance Impacts Version 1.0 September 18, 2006 Joe Falco, National Institute of Standards and Technology Steve Hurd, Sandia National Laboratories (SNL) Dave Teumim, Teumim Technical, LLC (Consultant for Sandia National Laboratories) Acknowledgments The authors wish to thank their colleagues who contributed to the development of this document and reviewed drafts. Without their insightful guidance and generous help this project would not be possible. A special note of thanks goes out to the companies that hosted site visits in support of our work, and to Pacific Northwest National Laboratory (PNNL) for providing test validation data. The following is a partial list of companies and organizations that contributed to this project: Aspen Technology, Inc The Dow Chemical Company DuPont Company Honeywell Process Solutions Invensys Process Systems Invensys Wonderware Kinder Morgan Operating L.P. “D” McAfee, Inc The Procter & Gamble Company Symantec Corporation Telvent This work is the result of a collaborative effort between the National Institute of Standards and Technology (NIST) and Sandia National Laboratories, with funding support and guidance from the Department of Energy
    [Show full text]
  • Software Updating: Hitting the Mark
    Software Updating: Hitting the Mark Ravi Sankar Technology Evangelist | Microsoft Corporation [email protected] Agenda Update Management Overview Update Management Process Update Management Tools The Business Case • While determining the financial impact of poor update management consider the following –Downtime –Remediation time –Data integrity –Lost credibility with customers and partners –Negative public relations –Legal defenses –Stolen Intellectual Property Understanding the Vulnerability Timeline Most Attacks occur here Update Product Vulnerability Vulnerability Update Discovered Disclosed Made Shipped Available Deployed Malware Attack Days between (Year) update and exploit Nimda (2000) 336 Days between update and exploit have decreased SQLP (2002) 185 MSBLAST(2003) 26 SASSER(2004) 17 ZOTOB(2005) 5 Agenda Update Management Overview Update Management Process Update Management Tools Requirements for Successful Update Management Project management, four-phase update management process Effective Processes People who understand their roles and responsibilities Tools and Effective Technologies Operations Products, tools, automation Update Management Process Assess Identify • Inventory computing assets 1234 AssessIdentifyEvaluateDeploy and Plan • Discover new updates • Assess threats and vulnerabilities • Determine whether updates are relevant to • DetermineInventoryDiscoverDeterminePrepare the best forsource computingnew whether deployment forupdates theassets your environment information about new update is actually required •
    [Show full text]
  • Types of Malware and Its Analysis
    International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 1 ISSN 2229-5518 Types of Malware and its Analysis Samanvay Gupta ABSTRACT The paper explores the still-growing threat of website malware, specifically how hackers compromise websites and how users become infected. The consequences of malware attacks—including Google blacklisting—are also explored with an introduction describing the evolution, history & various types of malware. Types of malware described include Virus, Worms, Trojans, Adware, Spyware, Backdoors and Rootkits that can disastrously affect a Microsoft Windows operating system. Keywords: Evolution of malware, Malware analysis, types of malware analysis, tools —————————— —————————— INTRODUCTION In the obfuscation/DE obfuscation game played Malware–the increasingly common vehicle by between attackers and defenders, numerous anti- which criminal organizations facilitate online evasion techniques have been applied in the crime–has become an artifact whose use intersects creation of robust in-guest API call tracers and multiple major security threats (e.g., botnets) faced automated DE obfuscation tools [7, 8, 9, and 10]. by information security practitioners. Given the More recent frameworks [11, 12, 13] and their financially motivated nature of these threats, discrete components [15, 19] attempt to offer or methods of recovery now mandate more than just mimic a level of transparency analogous to that of remediation: knowing what occurred after an asset a non-instrumented OS running on physical became compromised is as valuable as knowing it hardware. However, given that nearly all of these was compromised. Concisely, independent of approaches reside in or emulate part of the guest simple detection, there exists a pronounced need to OS or its underlying hardware, little effort is understand the intentions or runtime behavior of required by a knowledgeable adversary to detect modern malware.
    [Show full text]
  • The Use of Malware Analysis in Support of Law Enforcement
    The Use of Malware Analysis in Support of Law Enforcement ® CERT Coordination Center Nicholas Ianelli, CERT/CC Ross Kinder, CERT/CC Christian Roylo, USSS July 11, 2007 CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office. Copyright 2007 Carnegie Mellon University Table of Contents EXECUTIVE SUMMARY .......................................................................................................................... 3 BACKGROUND........................................................................................................................................... 3 WHAT IS MALWARE? .................................................................................................................................. 3 WHERE DOES MALWARE COME FROM? ....................................................................................................... 4 EXTRACTING ACTIONABLE INTELLIGENCE.................................................................................. 5 GATHERING INTELLIGENCE FROM NETWORK INTERACTIONS ..................................................................... 6 Identify Advertising Revenue ................................................................................................................ 6 Identify Data Drop Sites ....................................................................................................................... 8 Identify Sites Used for Command and Control ................................................................................... 15
    [Show full text]
  • Contents in This Issue
    OCTOBER 2005 The International Publication on Computer Virus Prevention, Recognition and Removal CONTENTS IN THIS ISSUE 2 COMMENT UNDER ATTACK Time to embrace the digital age Apart from being large multinationals, what do CNN, UPS, the New York Times, General Electric 3 NEWS and ABC News have in common? The answer is that they (reportedly) were all infected by Zotob. Martin AVIEN virtual conference Overton provides an overview of this summer’s Symantec snaps up WholeSecurity most fast-spreading network worm. CME initiative sets forth page 4 GATHERING CLOUDS VIRUS PREVALENCE TABLE 3 PSGuard is a ‘virus and spyware remover’ program which is promoted through the Win32/Nsag FEATURES infectors. While questionable in terms of motive, the program itself has no malicious payload. Roel 4 Zo-to-business Schouwenberg considers the problems ‘light grey’ 6 Grey clouds on the horizon applications such as this pose for the AV industry. page 6 11 BOOK REVIEW COMPARATIVE REVIEW Vers & virus 27 products squeeze onto the Windows 2003 Advanced Server testing bench 12 COMPARATIVE REVIEW this month. Matt Ham has the details. Windows 2003 Advanced Server page 12 20 END NOTES & NEWS This month: anti-spam news and events, we review Jonathan Zdziarski’s Ending Spam, and Des Cahill explains the benefits of trust and accountability. ISSN 0956-9979 COMMENT ‘This new format will thus allowing us to include the most up-to-the-minute material each month. enable us to deliver For those who lovingly maintain a back catalogue of Virus Bulletin almost hard copy VBs, this is without doubt the end of an era, but it also marks the start of a new chapter.
    [Show full text]