This preview shows page 1. Sign up to view the full content.
Unformatted text preview: nlike viruses, wo rms do no t require an executable. So me wo rms scan f o r and install
themselves o n vulnerable systems with stunning speed (in an extreme example, the SQL
Slammer wo rm inf ected 90 percent o f vulnerable so f tware wo rldwide within just ten
minutes).M. Bro ersma, “Slammer—the First ‘Warho l’ Wo rm?” CNET, February 3, 2003.
Tro jans. Explo its that, like the mythical Tro jan ho rse, try to sneak in by masquerading as
so mething they’re no t. The paylo ad is released when the user is duped into do wnlo ading and
installing the malware cargo , o f tentimes via phishing explo its. While the terms abo ve co ver metho ds f o r inf ectio n, the terms belo w address the go al o f the
malware: Bo tnets o r zo mbie netw o rks. Ho rdes o f surreptitio usly inf ected co mputers linked and
co ntro lled remo tely by a central co mmand. Bo tnets are used in crimes where co ntro lling many
dif f icult-to -identif y P Cs is usef ul, such as when perpetrating click f raud, sending spam,
registering acco unts that use CAPT CHAsG. Keizer, “Bo tnet Busts Newest Ho tmail
CAP TCHA,” Co mputerw o rld, February 19, 2009. (tho se scrambled character images meant to
thwart things like auto mated acco unt setup o r ticket buying), executing “dictio nary” passwo rd
cracking attempts, o r launching denial-o f -service attacks.
Malicio us adw are. P ro grams installed witho ut f ull user co nsent o r kno wledge that later serve
Spyw are. So f tware that surreptitio usly mo nito rs user actio ns, netwo rk traf f ic, o r scans f o r
Keylo gger. Type o f spyware that reco rds user keystro kes. Keylo ggers can be either so f twarebased o r hardware, such as a reco rding “do ngle” that is plugged in between a keybo ard and a
Screen capture. Variant o f the keylo gger appro ach. This catego ry o f so f tware reco rds the pixels
that appear o n a user’s screen f o r later playback in ho pes o f identif ying pro prietary
inf o rmatio n.
Blended threats. Attacks co mbining multiple malware o r hacking explo its. All the News Fit to Print (Brought to You by Scam Artists)
In f all 2009, bad guys po sing as the teleco m f irm Vo nage signed up to distribute ads thro ugh
the New Yo rk Times Web site. Many f irms that display o nline ads o n their Web sites simply
create placeho lders o n their Web pages, with the actual ad co ntent served by the advertisers
themselves (see Chapter 14 "Go o gle in Three P arts: Search, Online Advertising, and Beyo nd"
f o r details). In this particular case, the scam artists po sing as Vo nage switched o f f the
legitimate-lo o king ads and switched o n co de that, acco rding to the New Yo rk Times, “to o k o ver
the bro wsers o f many peo ple visiting the site, as their screens f illed with an image that seemed
to sho w a scan f o r co mputer viruses. The visito rs were then to ld that they needed to buy
antivirus so f tware to f ix a pro blem, but the so f tware was mo re snake o il than a usef ul
pro gram.”A. Vance, “Times Web Ads Sho w Security Breach,” New Yo rk Times, September 14,
2009. Sites ranging f ro m Fo x News, the San Francisco Chro nicle, and British tech site The
Register have also been hit with ad scams in the past. In the Times case, malware wasn’t
distributed directly to user P Cs, but by passing thro ugh ads f ro m third parties to co nsumers,
the Times became a co nduit f o r a scam. In the same way that manuf acturers need to audit their
supply chain to ensure that partners aren’t engaged in sweatsho p labo r o r disgracef ul
po llutio n, sites that ho st ads need to audit their partners to ensure they are legitimate and
behaving with integrity. The Virus in Your Pocket
Mo st mo bile pho nes are really po cket co mputers, so it’s no t surprising that these devices have
beco me malware targets. And there are a lo t o f pathways to explo it. Malware might inf iltrate a
smartpho ne via e-mail, Internet surf ing, MMS attachments, o r even Blueto o th. The
“co mmwarrio r” mo bile virus spread to at least eight co untries, pro pagating f ro m a
co mbinatio n o f MMS messages and Blueto o th.J. Charney, “Co mmwarrio r Cell P ho ne Virus
Marches On,” CNET, June 5, 2005. Mo st smartpho nes have layers o f security to blo ck the spread o f malware, so hackers typically
hunt f o r the weakest victims. Easy marks include “jail-bro ken” iP ho nes, devices with warranty- vo iding mo dif icatio ns in which security restrictio ns are o verridden to allo w pho nes to be used
o f f netwo rk, and f o r the installatio n o f unsanctio ned applicatio ns. Estimates suggest so me 10
percent o f iP ho nes are jail-bro ken, and early viruses explo iting the co mpro mised devices
ranged f ro m a “Rick ro ll” that replaced the ho me screen image with a pho to o f 1980s cro o ner
Rick AstleyS. Steade, “It’s Shameless Ho w They Flirt,” Go o d Mo rning Silico n Valley,
No vember 9, 2009. to the mo re nef ario us Ikee.B, which scanned text messages and hunted o ut
banking co des, f o rwarding the nabbed data to a server in Lithuania.R. Lemo s, “Nasty iP ho ne
Wo rm Hints at the Future,” Techno lo gy Rev iew , No vembe...
View Full Document
This document was uploaded on 01/31/2014.
- Winter '14