Abstract
Speed, stealth, and purpose of malware [1] threats and countermeasures are evolving quickly. This chapter describes these three facets of current malware threats, and describes a few countermeasures emerging to better address such threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AOLINCSA Online Safety Study, Conducted by America Online and the National Cyber Security Alliance, October 2004, http:Nww.staysafeonline.info/pdf/safety-study-vO4.pdf
G. Balakrishnan, et. al, “Model checking x86 executables with Code-Surferlx86 and WPDS++,” (tool-demonstration paper). In Proc. Computer-Aided Verification, 2005. http://ww.cs.wisc.edu/wpis/papers/CAVOS-tool-demo.pdf
G. Balakrishnan, et. al, “WYSINWYX: What You See Is Not What You execute.” To appear in Proc. IFIP Working Conference on Verified Software: Theories, Tools, Experiments, Zurich, Switzerland, Oct.10-1 3,2005. http://ww.cs.wisc.eddwpis/papers/wysinwyxO5.pdf
D. Bank, “Computer Worm Is Turning Faster,” The Wall Street Journal, May 27,2004.
C. Cadar and D. Engler, “Execution Generated Test Cases: How to Make Systems Code Crash Itself,” CSTR-2005-04, http://www.stanford.edd-engler/cstr-3.25.5.pdf
M. Costa, et. al, “Vigilante: End-to-End Containment of Internet Worms,” ACM SIGOPS Operating Systems Review, Volume 39, Issue 5 (December 2005), http://research.microsoR.com/-manuelc/MS_igilanteSOSP.pdf
J. Crandall, et. al, “On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits,” 12th ACM Conference on Computer and Communications Security (CCS). Alexandria, Virginia. November 2005, http://wwwcsif.cs.ucdavis.edu/-crandall/ccsdacoda.pdf
J. Evers, “Dutch police nab suspected’ bot herders,” CNET, October 7, 2005,3:41 PM PDT
T. Fraser, “Automatic Discovery of Integrity Constraints in Binary Kernel Modules,” UMIACS TR-2005-02, December 2004, http://www.missl.cs.umd.edd-tfraser/TRs/fraser-copilot-config.pdf
P. Godefroid, et. al, “DART: Directed Automated Random Testing,” to appear in PLDIOS, http://cm.bell-labs.com/who/god/public_pldi2005.pdf
W. Halfond and A. Orso, “AMNESIA: Analysis and Monitoring for NEutralizing SQLInjection Attacks,” http://www.cc.gatech.edu/grads/w/whaKond/papershalfond.orso.ASE O5.pdf
S. A. Hofmeyr, et. al, “Intrusion Detection using Sequences of System Calls,” Journal of Computer Security Vol. 6, pp. 151–180 (1998). http://cs.unm.edu/-forrest/publications/int_decssc.pdf
M. W. Jon and J. A. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” http://web.rnit.eddeichin/www/virus/main.html
J. O. Kephart and W. C. Arnold, “Automatic Extraction of Computer Virus Signatures,“In Proceedings of teh 4th Virus Bulletin International Conference, R. Ford, ed., Virus Bulletin Ltd., Abingdon, England, 1994, PP. 178–184, http://www.research.ibm.com/antivirus/SciPapers/Kepha_B94/vb94.html
C. Kreibich and J. Crowcroft, “Honeycomb: Creating Intrusion Detection Signatures Using Honeypots,” In Proceedings of the USENIXIACM Workshop on Hot Topics in Networking, Nov. 2003. http://citeseer.ist.psu.edu/cache/papers/cs/30348/http:zSzzSznms.lcs.m it.eduzSzHotNets-IIzSzpaperszSzhoneycomb.pdfkeibichO3 honey com b.pdf
C. Kruegel, et. al, “Detecting Kernel-Level Rootkits Through Binary Analysis,” Proceedings of the Annual Computer Security Applications Conference (ACSAC) 91–100 Tucson, AZ December 2004, http://www.cs.ucsb.edu/-vigna/publications.html
C. Kruegel, et. al, “Automating Mimicry Attacks Using Static Binary Analysis,” Proceedings of the USENIX Security Symposium Baltimore, MD August 2005, http://www.cs.ucsb.edu/-vigna/pub/2005_kmegel_kirda_robe_son_m utz-vigna-USENIX05.pdf
L. Mearian, “System break-in nets hackers 8 million credit card numbers,” COMPUTERWORLD, February 24, 2003, http://www.computenvorld.com/securitytopics/security/story/O,10801,78747,00.html
D. Moore and C. Shannon, “The Spread of the Code-Red Worm (CRV2),” http://www.caida.org/analysis/security/code-red/coderedv2_analysis.x ml
C. Nachenberg, “Generic Exploit Blocking,” Virus Bulletin, February, 2005
J. Newsome, et. al, “Automatically Generating Signatures for Polymorphic Worms,” in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, May, 2005. http://www.cs.ucl.ac.uk_staff/B.Karp/polygraph-oakland2005.pdf
J. Newsome and D. Song, “Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software,” In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS’ 05), February 2005. http://www.ece.cmu.edu/-jnewsome/docs/taintcheck.pdf
N. L. Petroni, Jr., et. al, “Copilot-a Coprocessor-based Kernel Runtime Integrity Monitor,” 13th Usenix Security Symposium 2004, http://www.jesusmolina.com/docs/copilot.pdf
J. Roculan, et. al, “DeepSight™ Threat Management System Threat Analysis: SQLExp SQL Server Worm,” http://securityresponse.symantec.com/avcenter/Analysis-SQLExp.pdf, January 25,2003
S. Sidiroglou, et. al, “An Emailworm Vaccine Architecture,” In Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC), pp. 97–108. April 2005, Singapore. http://www 1.cs.columbia.edu/-angelosPapers/2005/email-worm.pdf
S. Sidiroglou and A. Keromytis, “Countering Network Worms Through Automatic Patch Generation,” In IEEE Security & Privacy, vol. 3, no. 6, PP. 52–60, November/December 2005, http://www1.cs.columbia.edu/-angelos/Papers/2005/j6ker3.pdf
S. Singh, “Automated Worm Fingerprinting,” Proceedings of the ACMIUSENIX Symposium on Operating System Design and Implementation, San Francisco, CA, December 2004. http://www.cs.ucsd.edu/-savage/papers/OSDIO4.pdf
S. Sparks and J. Butler, “Shadow Walker-Raising The Bar For Rootkit Detection,” DefCon 13, July 29-31, 2005, http://ww.blackhat.codpresentations/bh-jp-05/bh-jp-05-sparks-butle r.pdf
S. Staniford, et. al, “How to Own the Internet in Your Spare Time,” Proceedings of the 1 lth USENIX Security Symposium (Security’ 02) http://www.cs.berkeley.edu/-nweaver/cdc.web/cdc.web.pdf
Symantec Internet Security Threat Report, Volume VII, Published March 2005
Symantec Internet Security Threat Report, Volume VIII, Published September 2005
J. Swartz, “40 million credit card holders may be at risk,” USA TODAY, June 19, 2005, http://www.usatoday.com/money/perfi/general/2005-0 19-breach-usat-x.htm
F. Valeur, et. al, “A Learning-Based Approach to the Detection of SQL Attacks,“ Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) Vienna, Austria July 2005, http://www.cs.ucsb.edu/-vigna/publications.html
H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. Proceedings of the ACM SIGCOMM Conference, Aug. 2004. http://citeseer.ist.psu.edu/cache/papers/cs2/162/http:zSzzSzresearch.mi crosofi. comzSzresearchzSzshieldzSzpaperszSzshieldSigcommO4.pdf/wan g04shield.pdf
K. Wang, et. al, “Anomalous Payload-based Worm Detection and Signature Generation,” In Proceedings of the Eighth International Symposium on Recent Advances in Intrusion Detection, September 2005, http://worminator.cs.columbia.edu/papers/2005/raid-cut4.pdf
Y.-M. Wang, et. al, “Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities” MSR-TR-2005-72, August 2005 fip://fip.research.microsoR.comlpub/tr/TR-2005-72.pdf
M. Williamson, et. al, “Virus Throttling,” HPL-2003-69 20030430, Virus Bulletin, March 2003, http://www.hpl.hp.com_techreports/2003/HPL-2003-69.htm1
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer Science+Business Media, LLC.
About this paper
Cite this paper
Witten, B., Nachenberg, C. (2007). Malware Evolution: A Snapshot of Threats and Countermeasures in 2005. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds) Malware Detection. Advances in Information Security, vol 27. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-44599-1_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-44599-1_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-32720-4
Online ISBN: 978-0-387-44599-1
eBook Packages: Computer ScienceComputer Science (R0)