CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484...
Transcript of CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484...
![Page 1: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/1.jpg)
CSE484/CSEM584ComputerSecurity:
Malwareand
OnlineEcosystemStudies
TA:ThomasCrosleytcrosley@cs
WithmaterialfromFranzi,AdrianSham,andvarioussources
![Page 2: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/2.jpg)
Reminders
• Homework#3,dueMay23th,8pm(Tomorrow!)• Lab#3dueJune3,8pm• PreliminaryFinalProjectDueDate#2– (This!)MondayMay30th,8pm
5/26/16 CSE484/CSEM584–Fall2015 2
![Page 3: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/3.jpg)
Malware
5/26/16 CSE484/CSEM584–Fall2015 3
![Page 4: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/4.jpg)
Malware
• Maliciouscodeoftenmasqueradesasgoodsoftwareorattachesitselftogoodsoftware
• Somemaliciousprogramsneedhostprograms– Trojanhorses(maliciouscodehiddeninusefulprogram)
• Otherscanexistandpropagateindependently– Worms,automatedviruses
• Manyinfectionvectorsandpropagationmethods• Modernmalwareoftencombinestechniques
5/26/16 CSE484/CSEM584-Spring2015 4
![Page 5: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/5.jpg)
Viruses
• Viruspropagatesbyinfectingotherprograms– Automaticallycreatescopiesofitself,buttopropagate,ahumanhastorunaninfectedprogram
– Self-propagatingvirusesareoftencalledworms• Manypropagationmethods– Insertacopyintoeveryexecutable(.COM,.EXE)– Insertacopyintobootsectorsofdisks
• PCera:“Stoned”virusinfectedPCsbootedfrominfectedfloppies,stayedinmemory,infectedeveryinsertedfloppy
– InfectcommonOSroutines,stayinmemory
5/26/16 CSE484/CSEM584-Spring2015 5
![Page 6: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/6.jpg)
FirstVirus:Creeper
• Writtenin1971atBBN• InfectedDECPDP-10
machinesrunningTENEXOS• JumpedfrommachinetomachineoverARPANET– Copieditsstateover,triedtodeleteoldcopy
• Payload:displayedamessage“I’mthecreeper,catchmeifyoucan!”• Later,ReaperwaswrittentodeleteCreeper
5/26/16 CSE484/CSEM584-Spring2015 6
http://history-computer.com/Internet/Maturing/Thomas.html
![Page 7: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/7.jpg)
VirusDetec\on
• Simpleanti-virusscanners– Lookforsignatures(fragmentsofknownviruscode)– Heuristicsforrecognizingcodeassociatedwithviruses
• Example:polymorphicvirusesoftenusedecryptionloops
– Integritycheckingtodetectfilemodifications• Keeptrackoffilesizes,checksums,keyedHMACsofcontents
5/26/16 CSE484/CSEM584-Spring2015 7
![Page 8: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/8.jpg)
ArmsRace:PolymorphicViruses
• Encryptedviruses:constantdecryptorfollowedbytheencryptedvirusbody
• Polymorphicviruses:eachcopycreatesanewrandomencryptionofthesamevirusbody– Decryptorcodeconstantandcanbedetected– Historicalnote:“Crypto”virusdecrypteditsbodyby
brute-forcekeysearchtoavoidexplicitdecryptorcode
5/26/16 CSE484/CSEM584-Spring2015 8
![Page 9: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/9.jpg)
SmarterVirusDetec\on?
• Genericdecryptionandemulation– EmulateCPUexecutionforafewhundredinstructions,
recognizeknownvirusbodyafterithasbeendecrypted– Doesnotworkverywellagainstviruseswithmutating
bodiesandvirusesnotlocatednearbeginningofinfectedexecutable
5/26/16 CSE484/CSEM584-Spring2015 9
![Page 10: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/10.jpg)
Virusesvs.Worms
5/26/16 CSE484/CSEM584-Spring2015 10
VIRUS• Propagatesbyinfecting
otherprograms
• Usuallyinsertedintohostcode(notastandaloneprogram)
WORM• Propagatesautomatically
bycopyingitselftotargetsystems
• Astandaloneprogram
![Page 11: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/11.jpg)
Slammer(Sapphire)Worm
• January24/25,2003:UDPwormexploitingbufferoverflowinMicrosoft’sSQLServer(port1434)– Overflowwasalreadyknownandpatchedby
Microsoft…butnoteverybodyinstalledthepatch• Entirecodefitsintoasingle404-byteUDPpacket– Wormbinaryfollowedbyoverflowpointerbacktoitself
• Classicstacksmashcombinedwithrandomscanning– Oncecontrolispassedtowormcode,itrandomly
generatesIPaddressesandsendsacopyofitselftoport1434
5/26/16 CSE484/CSEM584-Spring2015 11
![Page 12: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/12.jpg)
SlammerPropaga\on
• Scanrateof55,000,000addressespersecond– Scanrate=therateatwhichwormgeneratesIP
addressesofpotentialtargets– Upto30,000single-packetwormcopiespersecond
• Initialinfectionwasdoublingin8.5seconds(!!)– DoublingtimeofCodeRed(2001)was37minutes
• Worm-generatedpacketssaturatedcarryingcapacityoftheInternetin10minutes– 75,000SQLserverscompromised– …inspiteofthebrokenpseudo-randomnumber
generatorusedforIPaddressgeneration
5/26/16 CSE484/CSEM584-Spring2015 12
![Page 13: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/13.jpg)
05:29:00UTC,January25,2003
5/26/16 CSE484/CSEM584-Spring2015 13
[fromMooreetal.“TheSpreadoftheSapphire/SlammerWorm”]
![Page 14: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/14.jpg)
30MinutesLater
5/26/16 CSE484/CSEM584-Spring2015 14
Sizeofcirclesislogarithmicinthenumberofinfectedmachines
[fromMooreetal.“TheSpreadoftheSapphire/SlammerWorm”]
![Page 15: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/15.jpg)
ImpactofSlammer
• $1.25Billionofdamage• Temporarilyknockedoutmanyelementsofcritical
infrastructure– BankofAmericaATMnetwork– EntirecellphonenetworkinSouthKorea– FiverootDNSservers– ContinentalAirlines’ticketprocessingsoftware
• Thewormdidnotevenhavemaliciouspayload…simplybandwidthexhaustiononthenetworkandCPUexhaustiononinfectedmachines
5/26/16 CSE484/CSEM584-Spring2015 15
![Page 16: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/16.jpg)
SlammerAcermath
5/26/16 CSE484/CSEM584-Spring2015 16
• SlammerpacketswereubiquitousintheInternetformanyyearsafter2003– CouldbeusedasatestforInternetconnectivityJ– Packetsprovidedamapofvulnerablemachines
• VanishedonMarch10-11,2011
[CrossandValacek]
Evidenceofaclock-basedshutofftrigger
![Page 17: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/17.jpg)
Botnets
• Botnetisanetworkofautonomousprogramscapableofactingoninstructions– Typicallyalarge(uptoseveralhundredthousand)group
ofremotelycontrolled“zombie”systems• Machineownersarenotawaretheyhavebeencompromised
– Controlledandupgradedfromcommand-and-control(C&C)servers
• Usedasaplatformforvariousattacks– Distributeddenialofservice,Spamandclickfraud– Launchingpadfornewexploits/worms
5/26/16 CSE484/CSEM584-Spring2015 17
![Page 18: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/18.jpg)
WhattoDoWithaBotnet?
• Denialofservice(includingcyber-warfare)• Spam• Fakean\virussales,Ransomware• Adver\singclickfraud• Bitcoinmining– AccordingtoSymantec,onecompromisedmachineyields41UScentsayear…
5/26/16 CSE484/CSEM584-Spring2015 18
![Page 19: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/19.jpg)
DistributedDenialofService(DDoS)
5/26/16 CSE484/CSEM584-Spring2015 19
The image cannot be displayed. Your computer may not have enough memory to open the image, or the
Victim
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. Attacker
Mastermachines
Zombiemachines
![Page 20: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/20.jpg)
HowtoProtectYourself?
• Nothingisperfectbut…– Keepyoursocwareupdated– Bevigilantforphishingaiacks– An\-virus– Firewalls– Intrusiondetec\onsystems
5/26/16 CSE484/CSEM584-Spring2015 20
![Page 21: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/21.jpg)
OnlineEcosystemStudies
5/26/16 CSE484/CSEM584–Fall2015 21
![Page 22: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/22.jpg)
CAPTCHA
• CAPTCHA(CompletelyAutomatedPublicTuringtesttotellComputersandHumansApart)
• Ar\ficialIntelligencetechnologycansolve99.8%
5/26/16 CSE484/CSEM584–Fall2015 22hip://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html
![Page 23: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/23.jpg)
reCAPTCHA
• Useriskanalysis,providebeieruserexperience
5/26/16 CSE484/CSEM584–Fall2015 23
![Page 24: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/24.jpg)
DirtyJobs–TheRoleofFreelanceLaborinWebServiceAbuse
Followingslidesby:Mar\Motoyama,DamonMcCoy,KirillLevchenko,StefanSavage,andGeoffreyM.VoelkerUC
SanDiego
hips://www.usenix.org/legacy/events/sec11/tech/slides/motoyama.pdf
[Motoyamaetal.]
![Page 25: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/25.jpg)
VulnerabilityofWebServices• Manywebservicestodayarefree/openaccess– Supportedbyadver\singrevenue– Reachingcri\calmassrequireslowbarriertoentry– Pageviewsdrivenbyuser-generatedcontent
• Videos,socialnetworkingupdates,blogs,etc• However,opennessleavessitesvulnerabletoabuse– Exploita\onoffreeresources
• Sendingspamfromwebbasedemailaccounts– Unsanc\onedadver\singchannels
• Spamminglinksonblogcomments
5/26/16 CSE484/CSEM584–Fall2015 25
[Motoyamaetal.]
![Page 26: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/26.jpg)
AbuseLaborMarkets
• Abuseisprofitable– Kanichetal.es\mated$7k/dayemailspamrevenue
• Labormarketshaveevolvedtosupplyworkers– Onlinefreelancingsites
• Whyoutsourceabusejobs?– Costeffec\ve:Lowwageregions– Agile:Workersareadeptandtechnicallycapable– Scale:~onemillionworkersonFreelancer.com
5/26/16 CSE484/CSEM584–Fall2015 26
[Motoyamaetal.]
![Page 27: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/27.jpg)
Outsourcingjobs
• Freelancer.com:oneofthelargestoutsourcingandoldestfreelancingsites– Claimsover2millionemployersandworkers– Userpopula\oncovers234countries/regions
• Howitworks:– Buyer/employerspostjobs– Workersbidonjobs– Buyersselectworkers
5/26/16 CSE484/CSEM584–Fall2015 27
[Motoyamaetal.]
![Page 28: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/28.jpg)
5/26/16 CSE484/CSEM584–Fall2015 28
[Motoyamaetal.]
![Page 29: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/29.jpg)
5/26/16 CSE484/CSEM584–Fall2015 29
[Motoyamaetal.]
![Page 30: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/30.jpg)
5/26/16 CSE484/CSEM584–Fall2015 30
[Motoyamaetal.]
![Page 31: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/31.jpg)
CAPTCHASolving
5/26/16 CSE484/CSEM584–Fall2015 31
[Motoyamaetal.]
![Page 32: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/32.jpg)
5/26/16 CSE484/CSEM584–Fall2015 32
[Motoyamaetal.]
![Page 33: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/33.jpg)
ExampleJobs:Accounts
5/26/16 CSE484/CSEM584–Fall2015 33
[Motoyamaetal.]
![Page 34: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/34.jpg)
OSNLinking• Buyingfriends,Facebookfans/linesforwebsitepages,Twiierfollowers,YouTubesubs,etc
5/26/16 CSE484/CSEM584–Fall2015 34
[Motoyamaetal.]
![Page 35: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/35.jpg)
Example:OnlineSocialNetworkLink
5/26/16 CSE484/CSEM584–Fall2015 35
[Motoyamaetal.]
![Page 36: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/36.jpg)
Useraccounts
5/26/16 CSE484/CSEM584–Fall2015 36
[Motoyamaetal.]
![Page 37: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/37.jpg)
SearchEngine-OrientedContent
5/26/16 CSE484/CSEM584–Fall2015 37
[Motoyamaetal.]
![Page 38: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/38.jpg)
FreelanceAbuse(USENIX2011)
• 7yearsofdatafromFreelancer.com:accountcrea\on,socialnetworklinks,spamming,SEO
5/26/16 CSE484/CSEM584–Fall2015 38
[Motoyamaetal.]
![Page 39: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/39.jpg)
Summary
• Aiackersoutsourceabusejobs– ~30%ofFreelancer.comjobsabusive– Jobsspannedrangeofcategoriesfromspammingtoaccountregistra\on
• Qualityofproductishighlyvariable• Large,cheaplaborpoolchangesthreatmodel– Automa\onisnottheonlyway– Largelyremovesdifficultyinexecu\ngabusetask
• Outsourcedworkforceenablesnewaiacks5/26/16 CSE484/CSEM584–Fall2015 39
[Motoyamaetal.]
![Page 40: CSE 484 / CSE M 584 Computer Security: Malware and Online ... · Viruses vs. Worms 5/26/16 CSE 484 / CSE M 584 - Spring 2015 10 VIRUS • Propagates by infecting other programs •](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f93e0e30df68734374cc8a3/html5/thumbnails/40.jpg)
5/26/16 CSE484/CSEM584–Fall2015 40