History of malware

In past three decades almost everything has changed in the field of malware and malware analysis. From malware created as proof of some security concept and malware created for financial gain to malware created to sabotage infrastructure. In this work we will focus on history and evolution of malware and describe most important malwares.Comment: 11 pages, 8 figures describing history and evolution of PC malware from first PC malware to Stuxnet, DoQu and Flame. This article has been withdrawed due some errors in text and publication in the jurnal that asked to withdraw article from other source

User-Behavior Based Detection of Infection Onset

A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%)

Global Cyber Intermediary Liability: A Legal & Cultural Strategy

This Article fills the gap in the debate on fighting cybercrime. It considers the role of intermediaries and the legal and cultural strategies that countries may adopt. Part II.A of this Article examines the critical role of intermediaries in cybercrime. It shows that the intermediaries’ active participation by facilitating the transmission of cybercrime traffic removes a significant barrier for individual perpetrators. Part II.B offers a brief overview of legal efforts to combat cybercrime, and examines the legal liability of intermediaries in both the civil and criminal context and in varying legal regimes with an emphasis on ISPs. Aside from some level of injunctive relief, intermediaries operate in a largely unregulated environment. Part III looks at what we can learn from other countries. The cleanest intermediary country, Finland, and the worst country, Lithuania, were selected in order to explore the causes for the differences between country performances. The section examines the remarkable distinctions between national cultures to explain differences in national cybercrime rates. Part III.A of this Article argues that the criminal code laws do not account for the difference in host and ISP performances between Finland and Lithuania. There are few differences in the codified laws pertaining to cybercrime between these countries. Instead, it is Finland’s cultural and business environments that appear to drive its cybercrime ranking. Part IV suggests reforms to shift a country’s culture to make it less prone to corruption. However, changing a culture takes time so Part IV also proposes a private law scheme in which intermediaries are unable to wave the “flag of immunity,” as they do now. The guiding philosophy for this proposal is that harmed parties should be permitted to recover damages directly from “bad” intermediaries

Spam

With the advent of the electronic mail system in the 1970s, a new opportunity for direct marketing using unsolicited electronic mail became apparent. In 1978, Gary Thuerk compiled a list of those on the Arpanet and then sent out a huge mailing publicising Digital Equipment Corporation (DEC—now Compaq) systems. The reaction from the Defense Communications Agency (DCA), who ran Arpanet, was very negative, and it was this negative reaction that ensured that it was a long time before unsolicited e-mail was used again (Templeton, 2003). As long as the U.S. government controlled a major part of the backbone, most forms of commercial activity were forbidden (Hayes, 2003). However, in 1993, the Internet Network Information Center was privatized, and with no central government controls, spam, as it is now called, came into wider use. The term spam was taken from the Monty Python Flying Circus (a UK comedy group) and their comedy skit that featured the ironic spam song sung in praise of spam (luncheon meat)—“spam, spam, spam, lovely spam”—and it came to mean mail that was unsolicited. Conversely, the term ham came to mean e-mail that was wanted. Brad Templeton, a UseNet pioneer and chair of the Electronic Frontier Foundation, has traced the first usage of the term spam back to MUDs (Multi User Dungeons), or real-time multi-person shared environment, and the MUD community. These groups introduced the term spam to the early chat rooms (Internet Relay Chats). The first major UseNet (the world’s largest online conferencing system) spam sent in January 1994 and was a religious posting: “Global alert for all: Jesus is coming soon.” The term spam was more broadly popularised in April 1994, when two lawyers, Canter and Siegel from Arizona, posted a message that advertized their information and legal services for immigrants applying for the U.S. Green Card scheme. The message was posted to every newsgroup on UseNet, and after this incident, the term spam became synonymous with junk or unsolicited e-mail. Spam spread quickly among the UseNet groups who were easy targets for spammers simply because the e-mail addresses of members were widely available (Templeton, 2003)

An Overview of Economic Approaches to Information Security Management

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions

Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war