Israeli Test on Worm Called Crucial in Iran Nuclear Delay“The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex—and ingenious—than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.”— New York Times, January 15, 2011Malcode
❖Problem: lots of code has the potential to do damage•Not always intentional!❖“Malicious Code” is a bad name•Code has no intent•Programmer’s intent doesn’t matter, either!•What the code doesis all that matters•As networks get more programmable, accidentally harmful code will become common❖We’ll call it “malcode” (mal = bad)•It’s not a great name either...What is malcode?2
Code taxonomy3(occasionally, programs are actually useful, too)All CodeMalcodeHarmless Created by malicious authorAccidentally harmful
❖People get into stupid arguments over whether something is a “worm” or a “virus”•Is the Internet a host program?•See Mark W. Eichin and Jon A. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988”•Is Outlook a host program for an email?❖Similarly, for worms/viruses/Trojans•If the user must open it (e.g., ILoveYou) it is self-replicating?❖Terms like “worm” and “virus” are most useful for describing behaviors•Individual pieces of code may exhibit many different behaviors...Worms and viruses5
❖Greeks and Trojans at war •Eris (Discord), Paris, Aphroditie, Helen❖Greeks attacking Troy, bombarded city for 10 years, but couldn’t get through city walls.❖Pretended to leave, left big wooden horse as gift❖Trojans brought horse into city (had to tear down part of wall to do this), got silly drunk celebrating victory❖Greeks jumped out, killed sentries, and let in Greek army❖Became part of a best-selling story•Too bad the movie wasn’t so good…Trojan Horses6
❖User runs program that looks harmless•Program pretends to be “cool, dancing bears”, also erases your hard drive❖Many attacks today are Trojan Horses•ILoveYou, Melissa, Fizzer❖Rely on modern humans being as dumb as mythical Trojans•No matter how good your city/fire walls are, they don’t do any good if you can’t stop users from running random code•Moral: don’t run code you don’t trust!Modern Trojan Horses7
❖Rule: don’t run anything you didn’t get from a trusted source!