Access for sale
| Autor: | Michael D. Smith, Stuart E. Schechter |
|---|---|
| Rok vydání: | 2003 |
| Předmět: |
Software_OPERATINGSYSTEMS
business.industry Computer science ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Internet privacy Cryptography Computer security computer.software_genre New class ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS Incentive Trojan Ticket Threat model Malware Risk communication business computer |
| Zdroj: | WORM |
| DOI: | 10.1145/948187.948191 |
| Popis: | The damage inflicted by viruses and worms has been limited by the risks that come with the more lucrative payloads. The problem facing authors of self-reproducing malware is that monetizing each intrusion requires the author to risk communication with the infected system. Malware authors looking to minimize risk and maximize loot have been better off carefully targeting trojan horses at a few systems at a time. However, this could change if malware authors could infect a large number of systems using a worm and sell access to infected systems to other black hats. We introduce a new type of worm that enables this division of labor, installing a back door on each infected system that opens only when presented a system-specific ticket generated by the worm's author. The risk to the worm's author is minimized because he need not communicate with the infected systems. This new class of attack could increase the incentives to write malware and create a market for such specialized skills. In addition to describing this new threat, we propose a number of approaches for defending against it. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|