Gadgetell | Tech News, Reviews, and Interesting Things

Subscribe to our content for free: (?)
Get our Daily Email
Sections: Computers, Networking, Security, Software / Applications

Making malware unprofitable: Lend me your ears

by Marjorie Dorfman on Nov 25, 2007 at 03:58 PM
Add a Comment

Malware symbol

How can malware be made unprofitable to hackers? It would seem that a loss of green (and we don’t mean environmentally sound), is the only way to cut into the spread of malware. Last week, Stevens University hosted a Security and Privacy Day, organized in conjunction with Columbia University and IBM Research to address this specific issue.  Unfortunately, it appears that it is easier for malware authors to mount an attack than it is to defend against one. Sven Dietrich of Stevens discussed the prospects for detecting the activity of bot-nets and tracing them back to their source. Early versions of networked malware followed a design similar to client-server, with standard point-to-point TCP connections back to a central controller. These were relatively simple to defend against.  But things have advanced, and since then, communications have moved off TCP entirely and into acknowledgment-free protocols such as UDP, and the content is often encrypted. Bot-nets now communicate on a peer-to-peer basis, either using common methods or with custom code.  According to Professor Dietrich:

“These developments have made traditional anti-malware tactics largely ineffective. It’s no longer realistic to expect to be able to identify controllers of bot-nets so that new instructions can be blocked or traced back to a source. The use of encryption to deliver payloads and instructions also makes it much harder to determine what a given bot-net is up to.”

Although several speakers had hope for a much safer future, none had any suggestions on how to ensure security from the computer science perspective. They stressed, instead, that the cultural aspects of the current malware scene were the key to future security. In the past, hackers were willing to talk with computer scientists, while now news about malware comes in hushed whispers from organized crime networks based largely overseas.  Overall, the talks were pretty depressing, given the realization that the operating systems and software we rely on will probably never be truly secure.

Read [arstechnica]

Keep up with the latest gadget goodness! - Subscribe to our feed


Permalink Print
Join the Discussion

Name: *

Email: *

Location (Links to Google Maps):

URL:

Enter Your Comment Below...

* Required fields

Remember my information?

Notify me of follow-up comments?

Submit the word you see below:


Special Features

Palm Pre Information & Updates

Palm Pre coverage

Palm just introduced their next-gen smartphone, the Palm Pre, and next-gen operating system, Palm webOS. Gadgetell's got the latest Pre and webOS information and news for you right here.

Continue Reading »