Alex noticed this really good paper this morning and highly recommends it. It’s one of those rare, concise (10 pages) and very well written pieces that come along every once in a while. It gives a good overview of recent advances in malicious code and the strategies that have been developed by the dark side to steal information and money.
The author, David Dittrich, goes into just enough detail about developments in the last decade such as the dropper, social engineering attacks and complex command and control mechanisms. The 14 papers and articles he cites in the footnotes could be a small library on the subject themselves.
His conclusions include:
— Using a form of modal sandboxing to fight droppers that take advantage of users viewing blog posts
— Better mechanisms for policing public domain shareware
— Segregation of personal-use/enterprise-use machines (to make whitelisting easier)
— Attack-specific education and training for users
— A more sophisticated and aggressive approach to combating cyber-crime, acknowledging that it will take time to develop: “We are years away from being able to safely engage in aggressive self-defense on the Internet.” He also suggests that the federal government should assume more responsibility for countering cyber threats. He quotes a December 2008 paper by the Center for Strategic and International Studies Commission on Cybersecurity for the 44th Presidency, “Securing Cyberspace for the 44th Presidency:”
“We have deferred to market forces in the hope they would produce enough security to mitigate national security threats. It is not surprising that this combination of industrial organization and overreliance on the market has not produced success. As a result, there has been immense damage to the national interest.”
Dave Dittrich is an affiliate information security researcher in the University of Washington’s Applied Physics Laboratory.
The full title is: “Malware to crimeware: how far have they gone, and how do we catch up?” It can be found on the University of Washington’s site here (via Schneier).
Tom Kelchner