Forum latest

Making malware unprofitable: economics key to slowing hackers down
General
Written by Daniel   
Tuesday, 20 November 2007 10:25

Making malware unprofitable: economics key to slowing hackers down

By John Timmer | Published: November 20, 2007 - 09:49AM CT
ARS Technica

On Friday, Stevens University hosted a Security and Privacy Day, organized in conjunction with Columbia University and IBM Research. Two of the speakers—one each from Stevens and Columbia—spoke in detail about the issues facing those who are trying to defend against malware. The take-home was pretty grim; it's simply easier for malware authors to mount an attack than it is to defend against one. But some degree of defense is possible, and that may be enough to secure at least some networks.



Sven Dietrich of Stevens discussed the prospects for detecting the activity of botnets and tracing them back to their source. Early versions of networked malware followed a design similar to client-server, with standard point-to-point TCP connections back to a central controller. These were relatively simple to defend against. "That was easy, thinking back now," Dietrich reminisced, "although at the time, it didn't seem easy."

Malware writers' first adaptation was to use IRC communications to control the botnets, so that the network traffic looked legitimate and the controlling computers could hide behind the IRC servers. Since then, communications have moved off TCP entirely and into acknowledgment-free protocols such as UDP, and the content is often encrypted. Botnets now communicate on a peer-to-peer basis, either using common methods (Storm uses the eDonkey UDP protocol) or with custom code (as is the case with SpamThru).

Professor Dietrich thinks that these developments have made traditional anti-malware tactics largely ineffective. It's no longer realistic to expect to be able to identify controllers of botnets so that new instructions can be blocked or traced back to a source. The use of encryption to deliver payloads and instructions also makes it much harder to determine what a given botnet is up to.... More    Comment in the Forums
 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either