Malware: Technical Details
- The number of strains of malicious code is unknown
- In 2010 there were over 1 million different "signatures"
- Infecting everything from word processors to cash registers and usb memory sticks.
- Categories of harm from malware
- Three categories
- Non-destructive
- Showing off
- Flash a message on the screen.
- Destructive
- Corrupts files, deletes files, ...
- Commercial or criminal
- Stealing information
- Acting as a platform for attack
- Ransomware
- They have specific lists of harm that can be done
- To Users
- Deleting files to stealing information.
- To Systems
- Hiding files on the system
- Inserting commands into scripts or other interpreted programs.
- Replacing files
- Modifying system configuration files (windows registry)
- To the world.
- The number of computers infected by several pieces of malware are given.
- Conflicker build a network of an estimated 1.5 million hosts under the creator's control.
- Trust is also an issue
- Estimates of damage
- Remember, this book is from 2015
- But they state that a major infection can cost over $1 Million.
- How do you estimate this?
- First compute the tangible losses
- But also consider employee time to clean it up
- Time to investigate the extent of the break in
- Loss of data
- Loss of reputation
- Loss of time reacting to the attack
- How much time do you spend retyping your password
- Or working with 2fa
- Time/effort money spent defending against the next attack.
- The provide some estimates
- Code Red
- A worm that exploited an buffer overflow in the IIS server.
- Caused a site to display a message that it had been hacked.
- Launched DOS attacks on selected websites
- Looked for other targets to attack.
- At the peak of the attack it infected nearly 400,000 hosts.
- The book estimates $500 Million to $2.6 billion
- Conficker
- Worm
- Attacked windows.
- Dictionary attack on administrator passwords.
- Performed many different types activities to hide itself.
- The book estimates $9.2 billion in damage.