SlideShare a Scribd company logo

Rapid malware defenses

Rahul Amabadkar
Rahul Amabadkar
Technology
1 of 8
Rapid Malware Defenses • Master IDS watches over network – “Infection” proceeds on part of network – Determines whether an attack or not – If so, IDS saves most of the network – If not, only a slight delay • Beneficial worm – Disinfect faster than the worm infects • Other approaches? Part 4  Software 1
Push vs Pull Malware • Viruses/worms examples of “push” • Recently, a lot of “pull” malware • Scenario – A compromised web server – Visit a website at compromised server – Malware loaded on you machine • Good paper: Ghost in the Browser Part 4  Software 2
Botnet • Botnet: a “network” of infected machines • Infected machines are “bots” – Victim is unaware of infection (stealthy) • Botmaster controls botnet – Generally, using IRC – P2P botnet architectures exist • Botnets used for… – Spam, DoS attacks, key logging, ID theft, etc. Part 4  Software 3
Botnet Examples • XtremBot – Similar bots: Agobot, Forbot, Phatbot – Highly modular, easily modified – Source code readily available (GPL license) • UrXbot – Similar bots: SDBot, UrBot, Rbot – Less sophisticated than XtremBot type • GT-Bots and mIRC-based bots – mIRC is common IRC client for Windows Part 4  Software 4
More Botnet Examples • Mariposa – Used to steal credit card info – Creator arrested in July 2010 • Conficker – Estimated 10M infected hosts (2009) • Kraken – Largest as of 2008 (400,000 infections) • Srizbi – For spam, one of largest as of 2008 Part 4  Software 5
Computer Infections • Analogies are made between computer viruses/worms and biological diseases • There are differences – Computer infections are much quicker – Ability to intervene in computer outbreak is more limited (vaccination?) – Bio disease models often not applicable – “Distance” almost meaningless on Internet • But there are some similarities… Part 4  Software 6
Computer Infections • Cyber “diseases” vs biological diseases • One similarity – In nature, too few susceptible individuals and disease will die out – In the Internet, too few susceptible systems and worm might fail to take hold • One difference – In nature, diseases attack more-or-less at random – Cyber attackers select most “desirable” targets – Cyber attacks are more focused and damaging Part 4  Software 7
Future Malware Detection? • Likely that malware outnumbers “good ware” – Metamorphic copies of existing malware – Many virus toolkits available – Trudy: recycle old viruses, different signature • So, may be better to “detect” good code – If code not on “good” list, assume it’s bad – That is, use white list instead of blacklist Part 4  Software 8

Recommended

Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horsejyoti_lakhani
 
Security
SecuritySecurity
SecurityRenu Ananya
 
Viruses worms
Viruses wormsViruses worms
Viruses wormsGreater Noida Institute Of Technology
 
computer viruses
computer virusescomputer viruses
computer virusesishan2shawn
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & wormsvivek pratap singh
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12kiranlohakare2
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti virusesMohit Jaiswal
 

Recommended

Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horsejyoti_lakhani
 
Security
SecuritySecurity
SecurityRenu Ananya
 
Viruses worms
Viruses wormsViruses worms
Viruses wormsGreater Noida Institute Of Technology
 
computer viruses
computer virusescomputer viruses
computer virusesishan2shawn
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & wormsvivek pratap singh
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12kiranlohakare2
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti virusesMohit Jaiswal
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar pptvipinkumar940
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
Malwares
MalwaresMalwares
MalwaresIshaq Ticklye
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Eh34803812
Eh34803812Eh34803812
Eh34803812IJERA Editor
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitHossein Yavari
 
Viruses And Hacking
Viruses And HackingViruses And Hacking
Viruses And HackingMuhammad Fahd Un-Nabi Khan
 
Computer viruses
Computer virusesComputer viruses
Computer virusesAbdul Wadood Khan
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Malware
MalwareMalware
MalwareMohsinHusenManasiya
 
Virus
VirusVirus
Virusargusacademy
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentationtbrown123
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and DefenseMd.Tanvir Ul Haque
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their typesNeha Kurale
 
Computer Virus
Computer VirusComputer Virus
Computer Virusdiarfirstdiarfirst
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 

More Related Content

What's hot

computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar pptvipinkumar940
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitHossein Yavari
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentationtbrown123
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their typesNeha Kurale
 

What's hot (20)

computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malwares
MalwaresMalwares
Malwares
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Eh34803812
Eh34803812Eh34803812
Eh34803812
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Viruses And Hacking
Viruses And HackingViruses And Hacking
Viruses And Hacking
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Malicious
MaliciousMalicious
Malicious
 
Malware
MalwareMalware
Malware
 
Virus
VirusVirus
Virus
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 

Similar to Rapid malware defenses

Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacksgocybersec
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Computer viruses - A daily harm
Computer viruses - A daily harmComputer viruses - A daily harm
Computer viruses - A daily harmAnubhav125
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxZarwashgulrez
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against RansomwareKevo Meehan
 

Similar to Rapid malware defenses (20)

Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
10 malware
10 malware10 malware
10 malware
 
Computer worm
Computer wormComputer worm
Computer worm
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Lecture 19
Lecture 19Lecture 19
Lecture 19
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Computer viruses - A daily harm
Computer viruses - A daily harmComputer viruses - A daily harm
Computer viruses - A daily harm
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
Security
SecuritySecurity
Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Rapid malware defenses

  • 1. Rapid Malware Defenses • Master IDS watches over network – “Infection” proceeds on part of network – Determines whether an attack or not – If so, IDS saves most of the network – If not, only a slight delay • Beneficial worm – Disinfect faster than the worm infects • Other approaches? Part 4  Software 1
  • 2. Push vs Pull Malware • Viruses/worms examples of “push” • Recently, a lot of “pull” malware • Scenario – A compromised web server – Visit a website at compromised server – Malware loaded on you machine • Good paper: Ghost in the Browser Part 4  Software 2
  • 3. Botnet • Botnet: a “network” of infected machines • Infected machines are “bots” – Victim is unaware of infection (stealthy) • Botmaster controls botnet – Generally, using IRC – P2P botnet architectures exist • Botnets used for… – Spam, DoS attacks, key logging, ID theft, etc. Part 4  Software 3
  • 4. Botnet Examples • XtremBot – Similar bots: Agobot, Forbot, Phatbot – Highly modular, easily modified – Source code readily available (GPL license) • UrXbot – Similar bots: SDBot, UrBot, Rbot – Less sophisticated than XtremBot type • GT-Bots and mIRC-based bots – mIRC is common IRC client for Windows Part 4  Software 4
  • 5. More Botnet Examples • Mariposa – Used to steal credit card info – Creator arrested in July 2010 • Conficker – Estimated 10M infected hosts (2009) • Kraken – Largest as of 2008 (400,000 infections) • Srizbi – For spam, one of largest as of 2008 Part 4  Software 5
  • 6. Computer Infections • Analogies are made between computer viruses/worms and biological diseases • There are differences – Computer infections are much quicker – Ability to intervene in computer outbreak is more limited (vaccination?) – Bio disease models often not applicable – “Distance” almost meaningless on Internet • But there are some similarities… Part 4  Software 6
  • 7. Computer Infections • Cyber “diseases” vs biological diseases • One similarity – In nature, too few susceptible individuals and disease will die out – In the Internet, too few susceptible systems and worm might fail to take hold • One difference – In nature, diseases attack more-or-less at random – Cyber attackers select most “desirable” targets – Cyber attacks are more focused and damaging Part 4  Software 7
  • 8. Future Malware Detection? • Likely that malware outnumbers “good ware” – Metamorphic copies of existing malware – Many virus toolkits available – Trudy: recycle old viruses, different signature • So, may be better to “detect” good code – If code not on “good” list, assume it’s bad – That is, use white list instead of blacklist Part 4  Software 8