Crimeware: Understanding New Attacks and Defenses

Crimeware: Understanding New Attacks and Defenses

Chapter 1. Overview of Crimeware
Section 1.1. Introduction
Section 1.2. Prevalence of Crimeware
Section 1.3. Crimeware Threat Model and Taxonomy
Section 1.4. A Crimeware Menagerie
Section 1.5. Crimeware Distribution
Section 1.6. Infection and Compromise Points, Chokepoints, and Countermeasures
Section 1.7. Crimeware Installation
Section 1.8. Crimeware Usage
Section 1.9. Organizing Principles for the Remainder of This Text
acknowledgments

Chapter 2. A Taxonomy of Coding Errors
Section 2.1. The Trinity of Trouble
Section 2.2. The Seven Pernicious Kingdoms
Section 2.3. The Phyla
Section 2.4. More Phyla Needed

Chapter 3. Crimeware and Peer-to-Peer Networks
Section 3.1. Malware in Peer-to-Peer Networks
Conclusion
Section 3.2. Human-Propagated Crimeware

Chapter 4. Crimeware in Small Devices
Section 4.1. Propagation Through USB Drives
Section 4.2. Radio Frequency ID Crimeware
Section 4.3. Mobile Crimeware

Chapter 5. Crimeware in Firmware
Section 5.1. Propagation by Firmware Updates
Conclusion
Section 5.2. Modeling WiFi Malware Epidemics

Chapter 6. Crimeware in the Browser
Section 6.1. Transaction Generators: Rootkits for the Web
Conclusion
Section 6.2. Drive-By Pharming
Conclusion
Section 6.3. Using JavaScript to Commit Click Fraud

Chapter 7. Bot Networks
Section 7.1. Introduction
Section 7.2. Network-Oriented Features of Botnets
Section 7.3. Software Features of Bots
Section 7.4. Web Bots and the General Future of Botnets
Section 7.5. Countermeasures
Conclusion

Chapter 8. Rootkits
Section 8.1. Introduction
Section 8.2. Evolution of Rootkits
Section 8.3. User-Mode Windows Rootkits
Section 8.4. Kernel-Mode Rootkit Techniques
Section 8.5. Linux Rootkits
Section 8.6. BIOS Rootkits
Section 8.7. PCI Rootkits
Section 8.8. Virtual Machine–Based Rootkits
Section 8.9. Rootkit Defense

Chapter 9. Virtual Worlds and Fraud
Section 9.1. Introduction
Section 9.2. MMOGs as a Domain for Fraud
Section 9.3. Electronic Fraud
Section 9.4. Fraud in MMOGs
Conclusion

Chapter 10. Cybercrime and Politics
Section 10.1. Domain Name Abuse
Section 10.2. Campaign-Targeted Phishing
Section 10.3. Malicious Code and Security Risks
Section 10.4. Denial-of-Service Attacks
Section 10.5. Cognitive Election Hacking
Section 10.6. Public Voter Information Sources: FEC Databases
Section 10.7. Intercepting Voice Communications
Conclusion
acknowledgments

Chapter 11. Online Advertising Fraud
Section 11.1. History
Section 11.2. Revenue Models
Section 11.3. Types of Spam
Section 11.4. Forms of Attack
Section 11.5. Countermeasures
Section 11.6. Click Fraud Auditing
Section 11.7. The Economics of Click Fraud
Conclusion
acknowledgments

Chapter 12. Crimeware Business Models
Section 12.1. The Crimeware Business
Conclusion
Section 12.2. A Closer Look at Adware

Chapter 13. The Educational Aspect of Security
Section 13.1. Why Education?
Section 13.2. Case Study: A Cartoon Approach
Conclusion

Chapter 14. Surreptitious Code and the Law
Section 14.1. Introduction
Section 14.2. The Characteristics of Surreptitious Code
Section 14.3. Primary Applicable Laws
Section 14.4. Secondary Applicable Laws
Conclusion

Chapter 15. Crimeware and Trusted Computing
Section 15.1. Introduction
Section 15.2. Anatomy of an Attack
Section 15.3. Combating Crimeware with Trusted Computing
Section 15.4. Case Studies
Conclusion

Chapter 16. Technical Defense Techniques
Section 16.1. Case Study: Defense-in-Depth Against Spyware
Conclusion
Section 16.2. Crimeware-Resistant Authentication
Conclusion
Section 16.3. Virtual Machines as a Crimeware Defense Mechanism

Chapter 17. The Future of Crimeware
Section 17.1. Crimeware, Terrorware, Vandalware, and Ransomware
Section 17.2. New Applications and Platforms
Section 17.3. Using Social Networks to Bootstrap Attacks
Section 17.4. New Use of the Internet: Controlling the Infrastructure
Section 17.5. Moving Up the Stack
Section 17.6. The Emergence of an E-Society: Are We Becoming More Vulnerable?
Section 17.7. The Big Picture

References

This book draws attention to the fact that this is all history. Infection vectors of today take advantage of social context, employ deceit, and may use data-mining techniques to tailor attacks to the intended victims. Their goal is profit or political power. Malware become crimeware. That is, malware has moved out of basements and college dorms, and is now a tool firmly placed in the hands of organized crime, terror organizations, and aggressive governments. This transformation comes at a time when society increasingly has come to depend on the Internet for its structure and stability, and it raises a worrisome question: What will happen next? This book tries to answer that question by a careful exposition of what crimeware is, how it behaves, and what trends are evident.

The book is written for readers from a wide array of backgrounds. Most sections and chapters start out describing a given angle from a bird's-eye view, using language that makes the subject approachable to readers without deep technical knowledge. The chapters and sections then delve into more detail, often concluding with a degree of technical detail that may be of interest only to security researchers. It is up to you to decide when you understand enough of a given issue and are ready to turn to another chapter.

Recognizing that today's professionals are often pressed for time, this book is written so that each chapter is relatively self-contained. Rather than having each chapter be sequentially dependent on preceding chapters, you can safely peruse a specific chapter of interest and skip back and forth as desired. Each chapter was contributed by a different set of authors, each of whom provides a different voice and unique perspective on the issue of crimeware.

This book is meant for anyone with an interest in crimeware, computer security, and eventually, the survivability of the Internet. It is not meant only for people with a technical background. Rather, it is also appropriate for makers of laws and policies, user interface designers, and companies concerned with user education. The book is not intended as a guide to securing one's system, but rather as a guide to determining what the problem really is and what it will become.

Although we often use recent examples of attacks to highlight and explain issues of interest, focus here is on the underlying trends, principles, and techniques. When the next wave of attacks appears—undoubtedly using new technical vulnerabilities and new psychological twists—then the same principles will still hold. Thus, this book is meant to remain a useful reference for years to come, in a field characterized by change. We are proud to say that we think we have achieved this contradictory balance, and we hope that you will agree.