Contents in This Issue

Total Page:16

File Type:pdf, Size:1020Kb

Contents in This Issue OCTOBER 2005 The International Publication on Computer Virus Prevention, Recognition and Removal CONTENTS IN THIS ISSUE 2 COMMENT UNDER ATTACK Time to embrace the digital age Apart from being large multinationals, what do CNN, UPS, the New York Times, General Electric 3 NEWS and ABC News have in common? The answer is that they (reportedly) were all infected by Zotob. Martin AVIEN virtual conference Overton provides an overview of this summer’s Symantec snaps up WholeSecurity most fast-spreading network worm. CME initiative sets forth page 4 GATHERING CLOUDS VIRUS PREVALENCE TABLE 3 PSGuard is a ‘virus and spyware remover’ program which is promoted through the Win32/Nsag FEATURES infectors. While questionable in terms of motive, the program itself has no malicious payload. Roel 4 Zo-to-business Schouwenberg considers the problems ‘light grey’ 6 Grey clouds on the horizon applications such as this pose for the AV industry. page 6 11 BOOK REVIEW COMPARATIVE REVIEW Vers & virus 27 products squeeze onto the Windows 2003 Advanced Server testing bench 12 COMPARATIVE REVIEW this month. Matt Ham has the details. Windows 2003 Advanced Server page 12 20 END NOTES & NEWS This month: anti-spam news and events, we review Jonathan Zdziarski’s Ending Spam, and Des Cahill explains the benefits of trust and accountability. ISSN 0956-9979 COMMENT ‘This new format will thus allowing us to include the most up-to-the-minute material each month. enable us to deliver For those who lovingly maintain a back catalogue of Virus Bulletin almost hard copy VBs, this is without doubt the end of an era, but it also marks the start of a new chapter. VB will instantaneously.’ revert to the practice of producing an annual CD-ROM and in future every subscriber will receive a CD-ROM in Helen Martin January containing all the issues of Virus Bulletin published Editor, Virus Bulletin in the previous 12 months (January to December). Alongside the new format, a new pricing and licensing TIME TO EMBRACE THE structure will be introduced from January 2006 – the first time the basic price of VB has changed in 16 years. DIGITAL AGE Individual subscribers will see a significant cost saving, Virus Bulletin has seen a few changes over the years – with the new subscription costing $175. Corporate editors have come and gone, the days of listing all customers will see a change too – from January a known viruses along with descriptions and their corporate subscription (or ‘licence’) will allow hexadecimal search patterns are long gone (indeed the subscribers to post Virus Bulletin issues on their days of being able to list all known viruses within the company intranet or otherwise circulate them internally, confines of a 24-page publication are over – when VB thus allowing all employees access to the magazine. The was first published in July 1989 the total was a new pricing structure will be as follows: manageable 14), the design and layout of the • Individual subscribers (the magazine may be magazine have been updated, while features such as the accessed only by the named individual): $175 VB 100% award scheme and the VB Spam Supplement have been introduced and become part of the furniture • Corporate subscriber whose company’s annual along the way. turnover is $0–10 million (the magazine may be circulated internally/posted on intranet): $500 The next major change is that, from January 2006 Virus Bulletin will become a wholly electronic publication, • Corporate subscriber whose company’s annual delivered in PDF format to all subscribers. turnover is $10–100 million (the magazine may be circulated internally/posted on intranet): $1000 Every month all subscribers will receive notification via email that the new issue of Virus Bulletin has been • Corporate subscriber whose company’s annual released, and a simple click of the mouse will take the turnover is $100+ million (the magazine may be subscriber to www.virusbtn.com where the latest issue circulated internally/posted on intranet): $2000 will be available in PDF format to be read online, • Bona fide educational institutions/charities: $175 saved to disk or downloaded and printed. This new • Public libraries: $500 format will enable us to deliver Virus Bulletin almost instantaneously, cutting out the inevitable postal delays As previously, individual subscribers will qualify for a as well as the limits imposed by the printing schedule, discount on the cost of registration for the Virus Bulletin conference, and corporate subscribers will be assigned a block of discounted conference registrations, the number depending on their subscription type. Editor: Helen Martin While this will almost certainly qualify as the greatest Technical Consultant: Matt Ham change the magazine has seen so far, subscribers should Technical Editor: Dr Morton Swimmer rest assured that, as the adage goes, the more things change Consulting Editors: the more they remain the same: there will be no change Nick FitzGerald, Independent consultant, NZ in the nature of the magazine, its content, or its purpose. Ian Whalley, IBM Research, USA As ever, Virus Bulletin will remain dedicated to its quest Richard Ford, Florida Institute of Technology, USA to provide unbiased and exceptional reporting of all Edward Wilding, Data Genetics, UK matters relevant to the anti-virus and anti-spam industries. More information about the changes will be sent to subscribers over the coming months. 2 OCTOBER 2005 VIRUS BULLETIN www.virusbtn.com NEWS AVIEN VIRTUAL CONFERENCE The organisers of the inaugural AVIEN/AVIEWS virtual Prevalence Table – August 2005 conference have issued a call for papers. The conference, which will take place on 18 January 2006 by webcast, will Virus Type Incidents Reports be based on the theme ‘Battling malware – a view from the trenches’. The organisers are seeking submissions for Win32/Netsky File 16,929 47.35% 30-minute presentations on a range of subjects (a full list Win32/Bagle File 6,537 18.28% can be found at http://www.avien.org/conf2006cfp.html). Win32/Mytob File 3,985 11.14% Abstracts should be sent in RTF or plain text format to Win32/Mydoom File 2,928 8.19% [email protected] by 10 October 2005. Win32/Zafi File 2,287 6.40% While the conference will be open only to members of the Win32/Lovgate File 520 1.45% AVIEN/AVIEWS forums, members may sponsor non-members, who will be vetted for approval. Registration Win32/Klez File 275 0.77% details will be circulated in the forums and on the website in Win32/Funlove File 226 0.63% due course. Win32/Dumaru File 218 0.61% Win32/Bagz File 215 0.60% SYMANTEC SNAPS UP WHOLESECURITY Win32/Pate File 123 0.34% Symantec has announced that it plans to purchase privately Win32/Bugbear File 119 0.33% held behavioural endpoint security solutions provider Win32/Mabutu File 109 0.30% WholeSecurity Inc. Win32/MyWife File 104 0.29% WholeSecurity’s behavioural detection technology identifies Win32/Agobot File 95 0.27% both known and unknown threats without requiring users to Win32/Reatle File 94 0.26% install or update signatures, and can be used against Win32/Mimail File 93 0.26% traditional malware threats such as viruses and worms, as well as against phishing threats. WholeSecurity’s customers Win32/Fizzer File 90 0.25% include eBay, Deutsche Bank and Visa. Symantec plans to Win32/Swen File 83 0.23% offer standalone products using WholeSecurity’s technology Win32/Sdbot File 82 0.23% as well as incorporate it into its security software suites. The Win32/Valla File 79 0.22% acquisition is expected to complete later this month. Redlof Script 72 0.20% Win32/Mota File 64 0.18% CME INITIATIVE SETS FORTH Win32/Bobax File 46 0.13% US-CERT will officially unveil its Common Malware Win32/Yaha File 45 0.13% Enumeration (CME) initiative this month. The scheme, which will be operated by MITRE, and will work very much Win32/Randex File 23 0.06% like the current Common Vulnerabilities and Exposures Win32/Wurmark File 19 0.05% (CVE) initiative, aims to reduce the public’s confusion Psyme Script 18 0.05% during malware incidents, enhance communication between Win32/Hybris File 16 0.04% anti-virus vendors and improve communication and information sharing between anti-virus vendors and the rest Win32/Magistr File 16 0.04% of the information security community (see VB, September Win32/Maslan File 15 0.04% 2005, p.14). This month sees the debut of the CME website, Laroux Macro 11 0.03% which will host information about threats, together with the Others[1] 220 0.62% all-important CME tag for each major threat – which it is hoped security companies will incorporate into the names Total 35,756 100% they assign to the threats. The first version of the CME website will include descriptions of a couple of dozen [1]The Prevalence Table includes a total of 220 reports across threats, but a more comprehensive collection is planned for 60 further viruses. Readers are reminded that a complete listing is posted at http://www.virusbtn.com/Prevalence/. later in the year. Information about the initiative can be found at http://cme.mitre.org/. OCTOBER 2005 3 VIRUS BULLETIN www.virusbtn.com FEATURE 1 ZO-TO-BUSINESS Any system that shows the port to be open (Windows 2000 and XP) is sent a copy of the exploit code, regardless of Martin Overton whether it has been patched, or is vulnerable. Independent Researcher, UK If the system is an unpatched Windows 2000 system, then the exploit code should run and cause a buffer overflow On Monday 15 August something started to spread quickly unless the system is protected in other ways. If the exploit on the Internet, causing many companies’ Windows 2000 code runs successfully, this will create a shell (CMD.EXE) systems to reboot themselves without human assistance.
Recommended publications
  • IYIR for HTML
    INFOSEC UPDATE 2006 Student Workbook Norwich University June 19-20, 2006 M. E. Kabay, PhD, CISSP-ISSMP Assoc. Prof. Information Assurance Program Director, MSIA BSIA Division of Business Management Norwich University [email protected] Copyright © 2006 M. E. Kabay. All rights reserved. Page 1 INFOSEC UPDATE 2006 -- June 19-20, 2006 01 Introduction Category 01 Introduction 2006-06-12 Introduction M. E. Kabay, PhD, CISSP WELCOME Welcome to the 2005 edition of the Information Security Year in Review (IYIR) project. In 1993 and 1994, I was an adjunct professor in the Institute for Government Informatics Professionals in Ottawa, Canada under the aegis of the University of Ottawa. I taught a one-semester course introducting information security to government personnel and enjoyed the experience immensely. Many of the chapters of my 1996 textbook, _The NCSA Guide to Enterprise Security_ published by McGraw-Hill were field-tested by my students. In 1995, I was asked if I could run a seminar for graduates of my courses to bring them up to date on developments across the entire field of information security. Our course had twenty students and I so enjoyed it that I continued to develop the material and teach the course with the NCSA (National Computer Security Association; later called ICSA and then eventually renamed TruSecure Corporation and finally CyberTrust, its current name) all over the United States, Canada, Europe, Asia and the Caribbean. After a few years of working on this project, it became obvious that saving abstracts in a WordPerfect file was not going to cut it as an orderly method for organizing the increasing mass of information that I was encountering in my research.
    [Show full text]
  • Hacking the Industrial Network
    Hacking the industrial network A White Paper presented by: Phoenix Contact P.O. Box 4100 Harrisburg, PA 17111-0100 Phone: 717-944-1300 Fax: 717-944-1625 Website: www.phoenixcontact.com © PHOENIX CONTACT 1 Hacking the Industrial Network Is Your Production Line or Process Management System at Risk? The Problem Malicious code, a Trojan program deliberately inserted into SCADA system software, manipulated valve positions and compressor outputs to cause a massive natural gas explosion along the Trans-Siberian pipeline, according to 2005 testimony before a U.S. House of Representatives subcommittee by a Director from Sandia National Laboratories.1 According to the Washington Post, the resulting fireball yielded “the most monumental non-nuclear explosion and fire ever seen from space.”2 The explosion was subsequently estimated at the equivalent of 3 kilotons.3 (In comparison, the 9/11 explosions at the World Trade Center were roughly 0.1 kiloton.) According to Internet blogs and reports, hackers have begun to discover that SCADA (Supervisory Control and Data Acquisition) and DCS (Distributed Control Systems) are “cool” to hack.4 The interest of hackers has increased since reports of successful attacks began to emerge after 2001. A security consultant interviewed by the in-depth news program, PBS Frontline, told them “Penetrating a SCADA system that is running a Microsoft operating system takes less than two minutes.”5 DCS, SCADA, PLCs (Programmable Logic Controllers) and other legacy control systems have been used for decades in power plants and grids, oil and gas refineries, air traffic and railroad management, pipeline pumping stations, pharmaceutical plants, chemical plants, automated food and beverage lines, industrial processes, automotive assembly lines, and water treatment plants.
    [Show full text]
  • Computer Viruses, in Order to Detect Them
    Behaviour-based Virus Analysis and Detection PhD Thesis Sulaiman Amro Al amro This thesis is submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy Software Technology Research Laboratory Faculty of Technology De Montfort University May 2013 DEDICATION To my beloved parents This thesis is dedicated to my Father who has been my supportive, motivated, inspired guide throughout my life, and who has spent every minute of his life teaching and guiding me and my brothers and sisters how to live and be successful. To my Mother for her support and endless love, daily prayers, and for her encouragement and everything she has sacrificed for us. To my Sisters and Brothers for their support, prayers and encouragements throughout my entire life. To my beloved Family, My Wife for her support and patience throughout my PhD, and my little boy Amro who has changed my life and relieves my tiredness and stress every single day. I | P a g e ABSTRACT Every day, the growing number of viruses causes major damage to computer systems, which many antivirus products have been developed to protect. Regrettably, existing antivirus products do not provide a full solution to the problems associated with viruses. One of the main reasons for this is that these products typically use signature-based detection, so that the rapid growth in the number of viruses means that many signatures have to be added to their signature databases each day. These signatures then have to be stored in the computer system, where they consume increasing memory space. Moreover, the large database will also affect the speed of searching for signatures, and, hence, affect the performance of the system.
    [Show full text]
  • Media Diffusion of Computer Security Threats
    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1-1-2006 It came from the Internet : media diffusion of computer security threats Adam Paul Patridge Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Recommended Citation Patridge, Adam Paul, "It came from the Internet : media diffusion of computer security threats" (2006). Retrospective Theses and Dissertations. 19035. https://lib.dr.iastate.edu/rtd/19035 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. It came from the Internet: Media diffusion of computer security threats by Adam Paul Patridge A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Human Computer Interaction Program of Study Committee: Chad Harms, Major Professor Kim Smith Anthony Townsend Iowa State University Ames, Iowa 2006 Copyright ©Adam Paul Patridge, 2006. All rights reserved. 11 Graduate College Iowa State University This is to certify that the master's thesis of Adam Paul Patridge has met the thesis requirements of Iowa State University Signatures have been redacted for privacy 111 TABLE OF CONTENTS CHAPTER 1. INTRODUCTION 1 CHAPTER 2. LITERATURE REVIEW 4 COMPUTER SECURITY 4 Computer Security Threats 4 Lifespan of a Threat 6 DIFFUSION OF INNOVATION 7 History of Diffusion Research 8 Innovation Adoption Process 10 Diffusion of Innovation Components 12 Diffusion Criticisms 18 RESEARCH QUESTIONS 19 CHAPTER 3.
    [Show full text]
  • Progress Made, Trends Observed a White Paper from the Microsoft Antimalware Team Msrwindows Malicious Software Removalt Tool
    Progress Made, Trends Observed A White Paper from the Microsoft Antimalware Team MSRWindows Malicious Software RemovalT Tool Matthew Braverman Program Manager Microsoft Antimalware Team Acknowledgements I would like to thank the following individuals for their contribution to this paper: Mike Chan, Brendan Foley, Jason Garms, Robert Hensing, Ziv Mador, Mady Marinescu, Michael Mitchell, Adam Overton, Matt Thomlinson, and Jeff Williams The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photo- copying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Copyright © 2006 Microsoft Corporation. All rights reserved.
    [Show full text]
  • Yui Kee Computing Ltd
    Yui Kee Computing Ltd. Newsletter August 2005 Contents Contents..................................................................................................................................... 1 Incident Update ......................................................................................................................... 1 Editors Notes............................................................................................................................. 1 First MSH Viruses..................................................................................................................... 2 Mobile Virus Outbreak.............................................................................................................. 2 Malware Outbreaks Targeting Recent Microsoft Vulnerability ................................................ 2 GIMP reveals PINs.................................................................................................................... 3 German Association for Technical Inspection certifies Sophos Anti-Virus.............................. 4 “Good Worms” are a Bad Idea .................................................................................................. 4 The Devil’s InfoSec Dictionary ................................................................................................ 4 Two Zotob Arrests..................................................................................................................... 4 The End of the Internet?...........................................................................................................
    [Show full text]
  • March 18, Softpedia – (International) Two Ukrainians and One American
    Cyber News for Counterintelligence / Information Technology / Security Professionals 19 March 2014 Purpose March 18, Softpedia – (International) Two Ukrainians and one American charged for role Educate recipients of cyber events to aid in the protection in global cybercrime operation. Two Ukrainians and one American were charged by federal of electronically stored authorities with hacking into the systems of several U.S. banks, government agencies, corporate proprietary, DoD and/or Personally Identifiable payroll processing companies, and brokerage firms in an attempt to steal at least $15 Information from theft, compromise, espionage, and / million between 2012 and 2013. Source: http://news.softpedia.com/news/Two-Ukrainians- or insider threat and-One-American-Charged-for-Role-in-Global-Cybercrime-Operation-432716.shtml Source This publication incorporates March 17, Help Net Security – (International) Mt. Gox CEO doxing was a ploy to spread open source news articles educate readers on security Bitcoin-stealing malware. A researcher at Kaspersky Lab reported that an archive file matters in compliance with USC Title 17, section 107, Para purporting to contain financial and personal information relating to the Mt. Gox Bitcoin a. All articles are truncated to avoid the appearance of service also contains a Windows and a Mac trojan designed to steal users Bitcoin virtual copyright infringement currency. Source: http://www.net-security.org/malware_news.php?id=2733 Publisher * SA Jeanette Greene March 17, Associated Press – (Maryland) Md. nonprofit serving disabled reports data Albuquerque FBI breach. Frederick, Maryland-based Service Coordination Inc., notified about 9,700 clients Editor * CI SA Scott Daughtry March 14 after an individual hacked the computers of the provider and stole Social Security DTRA Counterintelligence numbers and medical information.
    [Show full text]
  • VB100 REVIEW on WINDOWS XP 7 BOOK REVIEW a Bumper Crop of 37 Products Were Let’S Kick Some Bot! Submitted for This Month’S Comparative Review on Windows XP
    JUNE 2007 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT HAPPY FEET AV industry comments on anti-malware testing Péter Ször describes Podloso, the first iPod Linux virus, and looks 3 NEWS at other possible attacks on the iPod. Vulnerabilities galore page 4 IMPROVING THE STATUS QUO 3 VIRUS PREVALENCE TABLE Anti-virus researchers and testers were brought together last month in the first International Antivirus Testing Workshop. Randy Abrams 4 VIRUS ANALYSIS summarizes the AV industry’s thoughts on the Attacks on iPod current state of anti-malware testing. page 2 VB100 REVIEW ON WINDOWS XP 7 BOOK REVIEW A bumper crop of 37 products were Let’s kick some bot! submitted for this month’s comparative review on Windows XP. John Hawes June 2007 has the details. 10 COMPARATIVE REVIEW page 10 Windows XP SP2 28 END NOTES & NEWS This month: anti-spam news & events, and Jessica Baumgart describes the lesser-known, but increasing problem of blog spam. ISSN 1749-7027 COMMENT ‘Agreement was virtually firmly rooted in marketing does not depict the reality of his sponsor’s situation. Despite this, Bit9 may be able to unanimous that the WildList is no contribute valuable false-positive feedback to the AV longer useful as a metric of the community for the benefit of users. ability of a product to protect users.’ The hot topic of the event was the impending demise of the WildList. As Andrew Lee pointed out, anti-virus Randy Abrams, Eset testing exists primarily for marketing. Myles Jordan of Microsoft stated that the reason the industry has hung on AV INDUSTRY COMMENTS ON to the WildList for so long, and will fight to continue ANTI-MALWARE TESTING doing so, is because WildList testing is easy to pass.
    [Show full text]
  • Using Host-Based Antivirus Software
    NIST Special Publication 1058 Using Host-Based Antivirus Software on Industrial Control Systems: Integration Guidance and a Test Methodology for Assessing Performance Impacts Joe Falco, NIST Steve Hurd, SNL Dave Teumim, Teumim Technical, LLC. Using Host-Based Antivirus Software on Industrial Control Systems: Integration Guidance and a Test Methodology for Assessing Performance Impacts Version 1.0 September 18, 2006 Joe Falco, National Institute of Standards and Technology Steve Hurd, Sandia National Laboratories (SNL) Dave Teumim, Teumim Technical, LLC (Consultant for Sandia National Laboratories) Acknowledgments The authors wish to thank their colleagues who contributed to the development of this document and reviewed drafts. Without their insightful guidance and generous help this project would not be possible. A special note of thanks goes out to the companies that hosted site visits in support of our work, and to Pacific Northwest National Laboratory (PNNL) for providing test validation data. The following is a partial list of companies and organizations that contributed to this project: Aspen Technology, Inc The Dow Chemical Company DuPont Company Honeywell Process Solutions Invensys Process Systems Invensys Wonderware Kinder Morgan Operating L.P. “D” McAfee, Inc The Procter & Gamble Company Symantec Corporation Telvent This work is the result of a collaborative effort between the National Institute of Standards and Technology (NIST) and Sandia National Laboratories, with funding support and guidance from the Department of Energy
    [Show full text]
  • Software Updating: Hitting the Mark
    Software Updating: Hitting the Mark Ravi Sankar Technology Evangelist | Microsoft Corporation [email protected] Agenda Update Management Overview Update Management Process Update Management Tools The Business Case • While determining the financial impact of poor update management consider the following –Downtime –Remediation time –Data integrity –Lost credibility with customers and partners –Negative public relations –Legal defenses –Stolen Intellectual Property Understanding the Vulnerability Timeline Most Attacks occur here Update Product Vulnerability Vulnerability Update Discovered Disclosed Made Shipped Available Deployed Malware Attack Days between (Year) update and exploit Nimda (2000) 336 Days between update and exploit have decreased SQLP (2002) 185 MSBLAST(2003) 26 SASSER(2004) 17 ZOTOB(2005) 5 Agenda Update Management Overview Update Management Process Update Management Tools Requirements for Successful Update Management Project management, four-phase update management process Effective Processes People who understand their roles and responsibilities Tools and Effective Technologies Operations Products, tools, automation Update Management Process Assess Identify • Inventory computing assets 1234 AssessIdentifyEvaluateDeploy and Plan • Discover new updates • Assess threats and vulnerabilities • Determine whether updates are relevant to • DetermineInventoryDiscoverDeterminePrepare the best forsource computingnew whether deployment forupdates theassets your environment information about new update is actually required •
    [Show full text]
  • 2001-2013: Survey and Analysis of Major Cyberattacks Arxiv
    2001-2013: Survey and Analysis of Major Cyberattacks Tavish Vaidya Georgetown University Abstract Widespread and extensive use of computers and their interconnections in almost all sectors like communications, finance, transportation, military, governance, education, energy etc., they have become attractive targets for adversaries to spy, disrupt or steal information by presses of keystrokes from any part of the world. This paper presents a survey of major cyberattacks from 2001 to 2013 and analyzes these attacks to understand the motivation, targets and technique(s) employed by the attackers. Observed trends in cyberattacks have also been discussed in the paper. 1 Introduction Cyberattacks are computer-to-computer attacks undermining the confidentiality, integrity, and/or availability of computers and/or the information they hold[1]. Computer networks have no geo- graphical borders that need to be crossed for an attacker to steal information. This grants freedom to any attacker to pick his target anywhere in the world and carry out a cyberattack. Therefore, se- curing computer systems is as important as securing physical entities from being attacked. In terms arXiv:1507.06673v2 [cs.CY] 1 Sep 2015 of money, Ponemon Institute[2] estimated the average cost of cyberattacks to be $11.6 million per organization for 2013, which was 26 percent more than 2012. Cyberattacks have not only caused losses in billions of dollars[3], but also had psychological impact on human psyche. As an example, in August 2004, fear of cyberattacks during Olympic games in Greece kept people from attending the Olympic events[4]. With Internet of Things1 al- ready here, securing computer networks and end devices becomes a paramount concern to prevent cyberattacks from disrupting and hijacking them for malicious purposes.
    [Show full text]
  • Types of Malware and Its Analysis
    International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 1 ISSN 2229-5518 Types of Malware and its Analysis Samanvay Gupta ABSTRACT The paper explores the still-growing threat of website malware, specifically how hackers compromise websites and how users become infected. The consequences of malware attacks—including Google blacklisting—are also explored with an introduction describing the evolution, history & various types of malware. Types of malware described include Virus, Worms, Trojans, Adware, Spyware, Backdoors and Rootkits that can disastrously affect a Microsoft Windows operating system. Keywords: Evolution of malware, Malware analysis, types of malware analysis, tools —————————— —————————— INTRODUCTION In the obfuscation/DE obfuscation game played Malware–the increasingly common vehicle by between attackers and defenders, numerous anti- which criminal organizations facilitate online evasion techniques have been applied in the crime–has become an artifact whose use intersects creation of robust in-guest API call tracers and multiple major security threats (e.g., botnets) faced automated DE obfuscation tools [7, 8, 9, and 10]. by information security practitioners. Given the More recent frameworks [11, 12, 13] and their financially motivated nature of these threats, discrete components [15, 19] attempt to offer or methods of recovery now mandate more than just mimic a level of transparency analogous to that of remediation: knowing what occurred after an asset a non-instrumented OS running on physical became compromised is as valuable as knowing it hardware. However, given that nearly all of these was compromised. Concisely, independent of approaches reside in or emulate part of the guest simple detection, there exists a pronounced need to OS or its underlying hardware, little effort is understand the intentions or runtime behavior of required by a knowledgeable adversary to detect modern malware.
    [Show full text]