Abstract
This chapter discusses malicious software (malware) in categories: computer viruses and worms, rootkits, botnets and other families. Among the many possible ways to name and classify malware, we use groupings based on characteristics—including propagation tactics and malware motives—that aid discussion and understanding. We consider why it can be hard to stop malware from entering systems, to detect it, and to remove it.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Andriesse, C. Rossow, B. Stone-Gross, D. Plohmann, and H. Bos. Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus. In Malicious and Unwanted Software (MALWARE), pages 116-123, 2013.
C. Anley, J. Heasman, F. Lindner, and G. Richarte. The Shellcoder's Handbook: Discovering and Exploiting Security Holes (2nd edition). Wiley, 2007.
J. Aycock. Computer Viruses and Malware. Springer Science+Business Media, 2006.
H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. M. Youssef, M. Debbabi, and L. Wang. On the analysis of the Zeus botnet crimeware toolkit. In Privacy, Security and Trust (PST), pages 31-38, 2010.
D. Bradbury. The metamorphosis of malware writers. Computers & Security, 25(2):89-90, 2006.
P. Bravo and D. F. Garcia. Rootkits Survey: A concealment story. Manuscript, 2009, https:// yandroskaos.github.io/files/survey.pdf.
J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011. See also K. Thomas et al., USENIX Security, 2016.
A. Chakrabarti. An introduction to Linux kernel backdoors. The Hitchhiker's World, Issue #9, 2004, https://www.infosecwriters.com/HHWorld/hh9/lvtes.txt.
F. Cohen. Implications of computer viruses and current methods of defense. Article 22, pages 381-406, in [13], 1990. Updates earlier version in Computers and Security, 1988.
F. B. Cohen. A Short Course on Computer Viruses (2nd edition). John Wiley, 1994.
E. Cooke and F. Jahanian. The zombie roundup: Understanding, detecting, and disrupting botnets. In Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2005.
D.A.Curry. UNIX System Security: A Guide for Users and System Administrators. Addison-Wesley, 1992.
P. J. Denning, editor. Computers Under Attack: Intruders, Worms, and Viruses. Addison-Wesley, 1990. Edited collection (classic papers, articles of historic or tutorial value).
A. Desnos, E. Filiol, and I. Lefou. Detecting (and creating!) an HVM rootkit (aka BluePill-like). J. Computer Virology, 7(1):23-49, 2011.
T. Duff. Experience with viruses on UNIX systems. Computing Systems, 2(2):155-171, 1989.
M. W. Eichin and J. A. Rochlis. With microscope and tweezers: An analysis of the Internet virus of November 1988. In IEEE Symp. Security and Privacy, pages 326-343, 1989.
N. Falliere, L. O. Murchu, and E. Chien. W32.Stuxnet Dossier. Report, ver. 1.4, 69 pages, Symantec Security Response, Cupertino, CA, February 2011.
G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In USENIX Security, pages 139-154, 2008.
J. A. Halderman and E. W. Felten. Lessons from the Sony CD DRM episode. In USENIX Security, 2006.
G. Hoglund and J. Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley, 2005.
S.-C. Hsiao and D.-Y. Kao. The static analysis of WannaCry ransomware. In Int'l Conf. Adv. Comm. Technology (ICACT), pages 153-158, 2018.
G. Hunt and D. Brubacher. Detours: Binary interception of Win32 functions. In 3rd USENIX Windows NT Symp., 1999.
T. Jaeger, P. van Oorschot, and G. Wurster. Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification. Computers & Security, 30(8):571-579, 2011.
K. Kasslin, M. Stahlberg, S. Larvala, and A. Tikkanen. Hide'n seek revisited - full stealth is back. In Virus Bulletin Conf. (VB), pages 147-154, 2005.
A. Kharraz, S. Arshad, C. Mulliner, W. K. Robertson, and E. Kirda. UNVEIL: A large-scale, automated approach to detecting ransomware. In USENIX Security, pages 757-772, 2016.
D. Kim, B. J. Kwon, and T. Dumitras. Certified malware: Measuring breaches of trust in the Windows code-signing PKI. In ACM Comp. & Comm. Security (CCS), pages 1435-1448, 2017.
S. T. King, P. M. Chen, Y.-M. Wang, C. Verbowski, H. J. Wang, and J. R. Lorch. SubVirt: Implementing malware with virtual machines. In IEEE Symp. Security and Privacy, pages 314-327, 2006.
J. Kong. Designing BSD Rootkits: An Introduction to Kernel Hacking. No Starch Press, 2007.
P. Kotzias, S. Matic, R. Rivera, and J. Caballero. Certified PUP: Abuse in Authenticode code signing. In ACM Comp. & Comm. Security (CCS), pages 465-478, 2015.
B. J. Kwon, J. Mondal, J. Jang, L. Bilge, and T. Dumitras. The dropper effect: Insights into malware distribution with downloader graph analytics. In ACM Comp. & Comm. Security (CCS), 2015.
M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown: Reading kernel memory from user space. In USENIX Security, pages 973-990, 2018. See also "Spectre Attacks", Kocher et al., IEEE Symp. 2019.
M. Ludwig. The Little Black Book of Computer Viruses. American Eagle Publications, 1990. A relatively early exposition on programming computer viruses, with complete virus code; the 1996 electronic edition was made openly available online.
J. Ma, G. M. Voelker, and S. Savage. Self-stopping worms. In ACM Workshop on Rapid Malcode (WORM), pages 12-21, 2005.
J. Marchesini, S. W. Smith, and M. Zhao. Keyjacking: The surprising insecurity of client-side SSL. Computers & Security, 24(2):109-123, 2005.
S. McClure, J. Scambray, and G. Kurtz. Hacking Exposed 6: Network Security Secrets and Solutions (6th edition). McGraw-Hill, 2009.
M. D. McIlroy. Virology 101. Computing Systems, 2(2):173-181, 1989.
C. Meijer and B. van Gastel. Self-encrypting deception: Weaknesses in the encryption of solid state drives. In IEEE Symp. Security and Privacy, 2019.
Mitre Corp. CVE-Common Vulnerabilities and Exposures. http://cve.mitre.org/cve/index. html.
Mitre Corp. CWE-Common Weakness Enumeration: A Community-Developed Dictionary of Software Weakness Types. http://cwe.mitre.org.
C. Nachenberg. Computer virus-antivirus coevolution. Comm. ACM, 40(1):46-51, 1997.
T. Nelms, R. Perdisci, M. Antonakakis, and M. Ahamad. Towards measuring and mitigating social engineering software download attacks. In USENIX Security, 2016.
NIST. National Vulnerability Database. U.S. Dept. of Commerce. https://nvd.nist.gov/.
C. Peikari and A. Chuvakin. Security Warrior. O'Reilly Media, 2004.
N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iFRAMEs point to us. In USENIX Security, 2008.
N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser: Analysis of web-based malware. In USENIX HotBots, 2007.
J. A. Rochlis and M. W. Eichin. With microscope and tweezers: The Worm from MIT's perspective. Comm. ACM, 32(6):689-698, 1989. Reprinted as [13, Article 11]; see also more technical paper [16].
A. D. Rubin. White-Hat Security Arsenal. Addison-Wesley, 2001.
J. Rutkowska. Subverting Vista kernel for fun and profit. Blackhat talk, 2006. http://blackhat.com/presentations/bh-usa-0 6/BH-US-0 6-Rutkowska.pdf.
N. Scaife, H. Carter, P. Traynor, and K. R. B. Butler. CryptoLock (and Drop It): Stopping ransomware attacks on user data. In IEEE Int'l Conf. Distributed Computing Systems, pages 303-312, 2016.
SecurityFocus. Vulnerability Database. http://www.securityfocus.com/vulnerabilities, Symantec.
A. Shamir and N. van Someren. Playing "hide and seek" with stored keys. In Financial Crypto, pages 118-124, 1999. Springer LNCS 1648.
R.Shapiro. A History of Linux Kernel Module Signing. https://cs.dartmouth.edu/~bx/blog/ 2015/10/02/a-history-of-linux-kernel-module-signing.html, 2015 (Shmoocon 2014 talk).
S. Shin and G. Gu. Conficker and beyond: A large-scale empirical study. In Annual Computer Security Applications Conf (ACSAC), pages 151-160, 2010. Journal version: IEEE TIFS, 2012.
E. Skoudis and T. Liston. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd edition). Prentice Hall, 2006 (first edition: 2001).
E. Skoudis and L. Zeltser. Malware: Fighting Malicious Code. Prentice Hall, 2003.
E. H. Spafford. Crisis and aftermath. Comm. ACM, 32(6):678-687, 1989. Reprinted: [13, Article 12].
E. H. Spafford, K. A. Heaphy, and D. J. Ferbrache. A computer virus primer. Article 20, pages 316-355, in [13], 1990.
S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Internet in your spare time. In USENIX Security, 2002.
C. Stoll. The Cuckoo's Egg. Simon and Schuster, 1989.
B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. A. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: Analysis of a botnet takeover. In ACM Comp. & Comm. Security (CCS), pages 635-647, 2009. Shorter version: IEEE Security & Privacy 9(1):64-72, 2011.
D. Stuttard and M. Pinto. The Web Application Hacker's Handbook. Wiley, 2008.
P. Szor. The Art of Computer Virus Research and Defense. Addison-Wesley and Symantec Press, 2005.
K. Thompson. Reflections on trusting trust. Comm. ACM, 27(8):761-763, 1984.
Y. Wang and D. Beck. Fast user-mode rootkit scanner for the enterprise. In Large Installation Sys. Admin. Conf. (LISA), pages 23-30. USENIX, 2005.
A. L. Young and M. Yung. Cryptovirology: Extortion-based security threats and countermeasures. In IEEE Symp. Security and Privacy, pages 129-140, 1996.
A. L. Young and M. Yung. On ransomware and envisioning the enemy of tomorrow. IEEE Computer, 50(11):82-85, 2017. See also same authors: "Cryptovirology", Comm. ACM 60(7):24-26, 2017.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s)
About this chapter
Cite this chapter
van Oorschot, P.C. (2021). Malicious Software. In: Computer Security and the Internet. Information Security and Cryptography. Springer, Cham. https://doi.org/10.1007/978-3-030-83411-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-83411-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83410-4
Online ISBN: 978-3-030-83411-1
eBook Packages: Computer ScienceComputer Science (R0)