View
213
Download
1
Category
Preview:
Citation preview
A Case Study on Malware
By:Jill Lehman
Tracy Clegg
Clayton Nichols
Nattapon Nattigon
Robert Loggins
Malware - Defined
Short for “malicious software.” Designed to infiltrate a system without
owner’s consent. General term that defines a variety of
hostile, intrusive, or annoying program code.
Creator’s perceived intent defines
software as malware.
Pop-Up Example
Malware - Origins
A 2008 report released by Symantec suggested: Releases of malicious code may be exceeding rates of
legitimate software applications.
Primarily released through the Internet. Email Web sites
Shaoxing, China was named the malware capital of the world by Symantec in 2010.
Malware - Nature
Early malware, including worms & viruses were written as pranks.
Today, most malware possesses intent to destroy systems including: Files Web pages
• Estimated that about 1 in 10 web pages contain malicious code.
Malware – Nature (cont.)
Many others create “zombie computers” that aid in advertising for profit motive. Tells infected computers to send spam email.
Spyware is a form of malware. It monitor’s web browsing & displays
unsolicited advertisements. Do not spread like viruses.
• Simply exploit security holes
Cybercrime Laws – U.S.
Basis of laws against malware include: Hacking Copyright Infringement Child Porn Privacy Fraud Destruction of property (Denial-of-Service attacks) Harassment Identity theft
Cybercrime Laws – U.S.
The basis for cybercrime laws is large in scope. As endless as non-cyber crime laws.
U.S. laws continually get passed at the state & Federal levels of government. Protect users of the web.
• Civil and criminal means of prosecution
Example: http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=210602182
Cybercrime Laws – U.S.
US cybercrime laws are catching up. Some that help to combat malware are not as
archaic. However, there are still hurdles when the
courts are out touch with reality.• Example: Virginia anti-spam law struck down by
the state’s Supreme Courto Said it violated 1st Amendment right to freedom of
speech.o http://www.cybercrimelaw.org/2008/09/12/virginia-
supreme-court-strikes-down-states-anti-spam-law/
Cybercrime Laws - World Technology is constantly changing.
Creates concern that at any given time, cybercrime legislation falls out of date.
Large amounts of malware originate in foreign countries. Extradition laws not always up-to-date. New treaties help to combat problems.
• http://www.arnnet.com.au/article/345145/efa_cybercrime_treaty_will_trigger_tougher_laws/
Example Case Study: “Google Claims Vietnam Malware Attack”
Google said malicious software has been used to spy on Vietnamese computers
The malware targeted tens of thousands of people.
The malware has been used to attack blogs containing messages of political dissent.
Issues enabling this Behavior
Security Issues
The prevalence of broadband internet has
allowed for a wave of malware solely
intended to reap benefits.
Downloading programs & sharing software
has created opportunities for malware
Security Issues Continued
Use of a standard password for access control can create vulnerabilities
A large percentage of users do not change their passwords from that established by the manufacturer causing the passwords to be easily obtainable
Public access points, such as airports & coffee shops, offer little or no security.
Malware Penalties in General Penalties are depend on the level of severity of the attack.
In some cases, credit & debit card data is stolen; this level of mayhem constitutes malware fraud felony, which can lead the perpetrators to serve numerous years in prison as well as pay enormous fines.
Eg. Steal data such as credit card inf., login to banks and passwords, etc.
If a site has links to malware sites, then the link is removed from their name in the SERPs (search engine results pages).
This feature is designed so that the site owners become aware of the malware issue.
What is a Google penalty?
Google Penalty Types There are various penalty types that have been found as
follows;I. The “Minus Thirty” Penalty II. The “950 Penalty”III.The Position 6 Penalty
Drop in rankings to the end of the listings for that keyword
A Google penalty is a punishment Google gives to sites they feel do not meet certain quality standards.
This can spell disaster for companies who run their business through their web sites.
Above google penalties can be fixed by following google’s webmaster guidelines.
How these penalties related to this case?
Very difficult to identify the criminals who spy on Vietnamese’s websites as the other side are Chinese government.
Using Malware for damaging purposes:
To attack blogs containing messages of political dissent. (Invasion of Privacy)
Vietnam is lack of laws & investigators with the requisite experience or even the equipment to collect evidence to fight cyber crime which include malware through google.
The U.S. Penalties on Cyber Crime
Compromising Confidentiality: 18 U.S.C. § 1030(a)(2)(c)
Intentionally access a computer without or in excess of authorization
Penalties: Violations of section 1030(a)(2) are misdemeanors punishable by a fine or a one-year prison term, unless aggravating factors apply.
A violation or attempted violation of section 1030(a)(2) is a felony if: committed for commercial advantage or private financial gain, committed in furtherance of any criminal or tortuous act in violation of the Constitution or laws of the United States or of any State, or the value of the information obtained exceeds $5,000.
Conclusion about the Penalties
Historical Data: Computer crime cost Vietnam US$1.76 billion in 2008
Vietnam should have security systems& computer crime laws as fast as possible by using the U.S. laws as a benchmarking.
With penalties, cyber crime might be reduce.
Better Economic Situation as investors will have more confidence to invest in Vietnam bec less cyber crime issues.
Source:http://www.straitstimes.com/Breaking%2BNews/SE%2BAsia/Story/STIStory_354440.html
Effects on Management
Must be aware at all times of potential attacks.
Must make employees aware of the dangers of malware.
Must take preventive measures against malware attacks.
Must be aware of the legal & reporting measures to stop the spread of malware.
Recommended