Skip to main content

Malicious Software

Part of the Information Security and Cryptography book series (ISC)

Abstract

This chapter discusses malicious software (malware) in categories: computer viruses and worms, rootkits, botnets and other families. Among the many possible ways to name and classify malware, we use groupings based on characteristics—including propagation tactics and malware motives—that aid discussion and understanding. We consider why it can be hard to stop malware from entering systems, to detect it, and to remove it.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-83411-1_7
  • Chapter length: 29 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-83411-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   79.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Andriesse, C. Rossow, B. Stone-Gross, D. Plohmann, and H. Bos. Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus. In Malicious and Unwanted Software (MALWARE), pages 116-123, 2013.

    Google Scholar 

  2. C. Anley, J. Heasman, F. Lindner, and G. Richarte. The Shellcoder's Handbook: Discovering and Exploiting Security Holes (2nd edition). Wiley, 2007.

    Google Scholar 

  3. J. Aycock. Computer Viruses and Malware. Springer Science+Business Media, 2006.

    Google Scholar 

  4. H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. M. Youssef, M. Debbabi, and L. Wang. On the analysis of the Zeus botnet crimeware toolkit. In Privacy, Security and Trust (PST), pages 31-38, 2010.

    Google Scholar 

  5. D. Bradbury. The metamorphosis of malware writers. Computers & Security, 25(2):89-90, 2006.

    Google Scholar 

  6. P. Bravo and D. F. Garcia. Rootkits Survey: A concealment story. Manuscript, 2009, https:// yandroskaos.github.io/files/survey.pdf.

    Google Scholar 

  7. J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011. See also K. Thomas et al., USENIX Security, 2016.

    Google Scholar 

  8. A. Chakrabarti. An introduction to Linux kernel backdoors. The Hitchhiker's World, Issue #9, 2004, https://www.infosecwriters.com/HHWorld/hh9/lvtes.txt.

  9. F. Cohen. Implications of computer viruses and current methods of defense. Article 22, pages 381-406, in [13], 1990. Updates earlier version in Computers and Security, 1988.

    Google Scholar 

  10. F. B. Cohen. A Short Course on Computer Viruses (2nd edition). John Wiley, 1994.

    Google Scholar 

  11. E. Cooke and F. Jahanian. The zombie roundup: Understanding, detecting, and disrupting botnets. In Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2005.

    Google Scholar 

  12. D.A.Curry. UNIX System Security: A Guide for Users and System Administrators. Addison-Wesley, 1992.

    Google Scholar 

  13. P. J. Denning, editor. Computers Under Attack: Intruders, Worms, and Viruses. Addison-Wesley, 1990. Edited collection (classic papers, articles of historic or tutorial value).

    Google Scholar 

  14. A. Desnos, E. Filiol, and I. Lefou. Detecting (and creating!) an HVM rootkit (aka BluePill-like). J. Computer Virology, 7(1):23-49, 2011.

    Google Scholar 

  15. T. Duff. Experience with viruses on UNIX systems. Computing Systems, 2(2):155-171, 1989.

    Google Scholar 

  16. M. W. Eichin and J. A. Rochlis. With microscope and tweezers: An analysis of the Internet virus of November 1988. In IEEE Symp. Security and Privacy, pages 326-343, 1989.

    Google Scholar 

  17. N. Falliere, L. O. Murchu, and E. Chien. W32.Stuxnet Dossier. Report, ver. 1.4, 69 pages, Symantec Security Response, Cupertino, CA, February 2011.

    Google Scholar 

  18. G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In USENIX Security, pages 139-154, 2008.

    Google Scholar 

  19. J. A. Halderman and E. W. Felten. Lessons from the Sony CD DRM episode. In USENIX Security, 2006.

    Google Scholar 

  20. G. Hoglund and J. Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley, 2005.

    Google Scholar 

  21. S.-C. Hsiao and D.-Y. Kao. The static analysis of WannaCry ransomware. In Int'l Conf. Adv. Comm. Technology (ICACT), pages 153-158, 2018.

    Google Scholar 

  22. G. Hunt and D. Brubacher. Detours: Binary interception of Win32 functions. In 3rd USENIX Windows NT Symp., 1999.

    Google Scholar 

  23. T. Jaeger, P. van Oorschot, and G. Wurster. Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification. Computers & Security, 30(8):571-579, 2011.

    Google Scholar 

  24. K. Kasslin, M. Stahlberg, S. Larvala, and A. Tikkanen. Hide'n seek revisited - full stealth is back. In Virus Bulletin Conf. (VB), pages 147-154, 2005.

    Google Scholar 

  25. A. Kharraz, S. Arshad, C. Mulliner, W. K. Robertson, and E. Kirda. UNVEIL: A large-scale, automated approach to detecting ransomware. In USENIX Security, pages 757-772, 2016.

    Google Scholar 

  26. D. Kim, B. J. Kwon, and T. Dumitras. Certified malware: Measuring breaches of trust in the Windows code-signing PKI. In ACM Comp. & Comm. Security (CCS), pages 1435-1448, 2017.

    Google Scholar 

  27. S. T. King, P. M. Chen, Y.-M. Wang, C. Verbowski, H. J. Wang, and J. R. Lorch. SubVirt: Implementing malware with virtual machines. In IEEE Symp. Security and Privacy, pages 314-327, 2006.

    Google Scholar 

  28. J. Kong. Designing BSD Rootkits: An Introduction to Kernel Hacking. No Starch Press, 2007.

    Google Scholar 

  29. P. Kotzias, S. Matic, R. Rivera, and J. Caballero. Certified PUP: Abuse in Authenticode code signing. In ACM Comp. & Comm. Security (CCS), pages 465-478, 2015.

    Google Scholar 

  30. B. J. Kwon, J. Mondal, J. Jang, L. Bilge, and T. Dumitras. The dropper effect: Insights into malware distribution with downloader graph analytics. In ACM Comp. & Comm. Security (CCS), 2015.

    Google Scholar 

  31. M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown: Reading kernel memory from user space. In USENIX Security, pages 973-990, 2018. See also "Spectre Attacks", Kocher et al., IEEE Symp. 2019.

    Google Scholar 

  32. M. Ludwig. The Little Black Book of Computer Viruses. American Eagle Publications, 1990. A relatively early exposition on programming computer viruses, with complete virus code; the 1996 electronic edition was made openly available online.

    Google Scholar 

  33. J. Ma, G. M. Voelker, and S. Savage. Self-stopping worms. In ACM Workshop on Rapid Malcode (WORM), pages 12-21, 2005.

    Google Scholar 

  34. J. Marchesini, S. W. Smith, and M. Zhao. Keyjacking: The surprising insecurity of client-side SSL. Computers & Security, 24(2):109-123, 2005.

    Google Scholar 

  35. S. McClure, J. Scambray, and G. Kurtz. Hacking Exposed 6: Network Security Secrets and Solutions (6th edition). McGraw-Hill, 2009.

    Google Scholar 

  36. M. D. McIlroy. Virology 101. Computing Systems, 2(2):173-181, 1989.

    Google Scholar 

  37. C. Meijer and B. van Gastel. Self-encrypting deception: Weaknesses in the encryption of solid state drives. In IEEE Symp. Security and Privacy, 2019.

    Google Scholar 

  38. Mitre Corp. CVE-Common Vulnerabilities and Exposures. http://cve.mitre.org/cve/index. html.

  39. Mitre Corp. CWE-Common Weakness Enumeration: A Community-Developed Dictionary of Software Weakness Types. http://cwe.mitre.org.

  40. C. Nachenberg. Computer virus-antivirus coevolution. Comm. ACM, 40(1):46-51, 1997.

    Google Scholar 

  41. T. Nelms, R. Perdisci, M. Antonakakis, and M. Ahamad. Towards measuring and mitigating social engineering software download attacks. In USENIX Security, 2016.

    Google Scholar 

  42. NIST. National Vulnerability Database. U.S. Dept. of Commerce. https://nvd.nist.gov/.

  43. C. Peikari and A. Chuvakin. Security Warrior. O'Reilly Media, 2004.

    Google Scholar 

  44. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iFRAMEs point to us. In USENIX Security, 2008.

    Google Scholar 

  45. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser: Analysis of web-based malware. In USENIX HotBots, 2007.

    Google Scholar 

  46. J. A. Rochlis and M. W. Eichin. With microscope and tweezers: The Worm from MIT's perspective. Comm. ACM, 32(6):689-698, 1989. Reprinted as [13, Article 11]; see also more technical paper [16].

    Google Scholar 

  47. A. D. Rubin. White-Hat Security Arsenal. Addison-Wesley, 2001.

    Google Scholar 

  48. J. Rutkowska. Subverting Vista kernel for fun and profit. Blackhat talk, 2006. http://blackhat.com/presentations/bh-usa-0 6/BH-US-0 6-Rutkowska.pdf.

  49. N. Scaife, H. Carter, P. Traynor, and K. R. B. Butler. CryptoLock (and Drop It): Stopping ransomware attacks on user data. In IEEE Int'l Conf. Distributed Computing Systems, pages 303-312, 2016.

    Google Scholar 

  50. SecurityFocus. Vulnerability Database. http://www.securityfocus.com/vulnerabilities, Symantec.

  51. A. Shamir and N. van Someren. Playing "hide and seek" with stored keys. In Financial Crypto, pages 118-124, 1999. Springer LNCS 1648.

    Google Scholar 

  52. R.Shapiro. A History of Linux Kernel Module Signing. https://cs.dartmouth.edu/~bx/blog/ 2015/10/02/a-history-of-linux-kernel-module-signing.html, 2015 (Shmoocon 2014 talk).

  53. S. Shin and G. Gu. Conficker and beyond: A large-scale empirical study. In Annual Computer Security Applications Conf (ACSAC), pages 151-160, 2010. Journal version: IEEE TIFS, 2012.

    Google Scholar 

  54. E. Skoudis and T. Liston. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd edition). Prentice Hall, 2006 (first edition: 2001).

    Google Scholar 

  55. E. Skoudis and L. Zeltser. Malware: Fighting Malicious Code. Prentice Hall, 2003.

    Google Scholar 

  56. E. H. Spafford. Crisis and aftermath. Comm. ACM, 32(6):678-687, 1989. Reprinted: [13, Article 12].

    Google Scholar 

  57. E. H. Spafford, K. A. Heaphy, and D. J. Ferbrache. A computer virus primer. Article 20, pages 316-355, in [13], 1990.

    Google Scholar 

  58. S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Internet in your spare time. In USENIX Security, 2002.

    Google Scholar 

  59. C. Stoll. The Cuckoo's Egg. Simon and Schuster, 1989.

    Google Scholar 

  60. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. A. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: Analysis of a botnet takeover. In ACM Comp. & Comm. Security (CCS), pages 635-647, 2009. Shorter version: IEEE Security & Privacy 9(1):64-72, 2011.

    Google Scholar 

  61. D. Stuttard and M. Pinto. The Web Application Hacker's Handbook. Wiley, 2008.

    Google Scholar 

  62. P. Szor. The Art of Computer Virus Research and Defense. Addison-Wesley and Symantec Press, 2005.

    Google Scholar 

  63. K. Thompson. Reflections on trusting trust. Comm. ACM, 27(8):761-763, 1984.

    Google Scholar 

  64. Y. Wang and D. Beck. Fast user-mode rootkit scanner for the enterprise. In Large Installation Sys. Admin. Conf. (LISA), pages 23-30. USENIX, 2005.

    Google Scholar 

  65. A. L. Young and M. Yung. Cryptovirology: Extortion-based security threats and countermeasures. In IEEE Symp. Security and Privacy, pages 129-140, 1996.

    Google Scholar 

  66. A. L. Young and M. Yung. On ransomware and envisioning the enemy of tomorrow. IEEE Computer, 50(11):82-85, 2017. See also same authors: "Cryptovirology", Comm. ACM 60(7):24-26, 2017.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

van Oorschot, P.C. (2021). Malicious Software. In: Computer Security and the Internet. Information Security and Cryptography. Springer, Cham. https://doi.org/10.1007/978-3-030-83411-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-83411-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-83410-4

  • Online ISBN: 978-3-030-83411-1

  • eBook Packages: Computer ScienceComputer Science (R0)