A Case Study on Malware By Jill Tracy

A Case Study on Malware By: Jill Tracy Clayton Nattapon Robert Lehman Clegg Nichols Nattigon Loggins

Malware - Defined Pop-Up Example Ø Short for “malicious software. ” § Designed to infiltrate a system without owner’s consent. § General term that defines a variety of hostile, intrusive, or annoying program code. Ø Creator’s perceived intent defines software as malware.

Malware - Origins Ø A 2008 report released by Symantec suggested: § Releases of malicious code may be exceeding rates of legitimate software applications. Ø Primarily released through the Internet. § Email § Web sites Ø Shaoxing, China was named the malware capital of the world by Symantec in 2010.

Malware - Nature Ø Early malware, including worms & viruses were written as pranks. Ø Today, most malware possesses intent to destroy systems including: § Files § Web pages • Estimated that about 1 in 10 web pages contain malicious code.

Malware – Nature (cont. ) Ø Many others create “zombie computers” that aid in advertising for profit motive. § Tells infected computers to send spam email. Ø Spyware is a form of malware. § It monitor’s web browsing & displays unsolicited advertisements. § Do not spread like viruses. • Simply exploit security holes

Cybercrime Laws – U. S. Ø Basis of laws against malware include: § § § § Hacking Copyright Infringement Child Porn Privacy Fraud Destruction of property (Denial-of-Service attacks) Harassment Identity theft

Cybercrime Laws – U. S. Ø The basis for cybercrime laws is large in scope. § As endless as non-cyber crime laws. Ø U. S. laws continually get passed at the state & Federal levels of government. § Protect users of the web. • Civil and criminal means of prosecution § Example: http: //www. informationweek. com/news/security/cyberc rime/show. Article. jhtml? article. ID=210602182

Cybercrime Laws – U. S. Ø US cybercrime laws are catching up. § Some that help to combat malware not as archaic. § However, there are still hurdles when the courts are out touch with reality. • Example: Virginia anti-spam law struck down by the state’s Supreme Court o Said it violated 1 st Amendment right to freedom of speech. o http: //www. cybercrimelaw. org/2008/09/12/virginiasupreme-court-strikes-down-states-anti-spam-law/

Cybercrime Laws - World Ø Technology is constantly changing. § Creates concern that at any given time, cybercrime legislation falls out of date. Ø Large amounts of malware originate in foreign countries. § Extradition laws not always up-to-date. § New treaties help to combat problems. • http: //www. arnnet. com. au/article/345145/efa_cyber crime_treaty_will_trigger_tougher_laws/

Example Case Study: “Google Claims Vietnam Malware Attack” Ø Google said malicious software has been used to spy on Vietnamese computers Ø The malware targeted tens of thousands of people. Ø The malware has been used to attack blogs containing messages of political dissent.

Issues enabling this Behavior Ø Security Issues § The prevalence of broadband internet has allowed for a wave of malware solely intended to reap benefits. § Downloading programs & sharing software has created opportunities for malware

Security Issues Continued Ø Use of a standard password for access control can create vulnerabilities § A large percentage of users do not change their passwords from that established by the manufacturer causing the passwords to be easily obtainable Ø Public access points, such as airports & coffee shops, offer little or no security.

Malware Penalties in General Ø Penalties are depend on the level of severity of the attack. Eg. Steal data such as credit card inf. , login to banks and passwords, etc. Ø If a site has links to malware sites, then the link is removed from their name in the SERPs (search engine results pages). § This feature is designed so that the site owners become aware of the malware issue. Ø In some cases, credit & debit card data is stolen; this level of mayhem constitutes malware fraud felony, which can lead the perpetrators to serve numerous years in prison as well as pay enormous fines.

What is a Google penalty? Ø A Google penalty is a punishment Google gives to sites they feel do not meet certain quality standards. § This can spell disaster for companies who run their business through their web sites. q Google Penalty Types § There are various penalty types that have been found as follows; I. The “Minus Thirty” Penalty Drop in rankings to the end of the listings for that II. The “ 950 Penalty” keyword III. The Position 6 Penalty Above google penalties can be fixed by following google’s webmaster guidelines.

How these penalties related to this case? Ø Using Malware for damaging purposes: § To attack blogs containing messages of political dissent. (Invasion of Privacy) ü Very difficult to identify the criminals who spy on Vietnamese’s websites as the other side are Chinese government. ü Vietnam is lack of laws & investigators with the requisite experience or even the equipment to collect evidence to fight cyber crime which include malware through google.

The U. S. Penalties on Cyber Crime Compromising Confidentiality: 18 U. S. C. § 1030(a)(2)(c) § Intentionally access a computer § without or in excess of authorization Penalties: Ø Violations of section 1030(a)(2) are misdemeanors punishable by a fine or a one-year prison term, unless aggravating factors apply. Ø A violation or attempted violation of section 1030(a)(2) is a felony if: § committed for commercial advantage or private financial gain, § committed in furtherance of any criminal or tortuous act in violation of the Constitution or laws of the United States or of any State, or § the value of the information obtained exceeds $5, 000.

Conclusion about the Penalties § Historical Data: Computer crime cost Vietnam US$1. 76 billion in 2008 § Vietnam should have security systems& computer crime laws as fast as possible by using the U. S. laws as a benchmarking. § With penalties, cyber crime might be reduce. Better Economic Situation as investors will have more confidence to invest in Vietnam bec less cyber crime issues. Source: http: //www. straitstimes. com/Breaking%2 BNews/SE%2 BAsia/Story/STIStory_354440. html

Effects on Management § Must be aware at all times of potential attacks. § Must make employees aware of the dangers of malware. § Must take preventive measures against malware attacks. § Must be aware of the legal & reporting measures to stop the spread of malware.

Thank You!!