The bad guys can put malware into your host via the Internet

The bad guys can put malware into your host via the Internet

We connect devices to the Internet because we want to receive/send data from/to the Internet. This contains all kinds of good stuff, including Web pages, e-mail messages, MP3s, telephone calls, live video, search engine results, and so on. But, unluckily, along with all that good stuff comes malicious stuff - collectively known as malware - that can also enter and infect our devices. Once malware infects our device it can do all kinds of devious things, including deleting our files; installing spyware that collects our private information, such as social security numbers, passwords, and keystrokes, and then sends this (over the Internet, of course!) back to the bad guys. Our compromised host may also be enrolled in a network of thousands of similarly compromised devices, collectively known as a botnet, which the bad guys control and influence for spam e-mail distribution or distributed denial-of-service attacks (soon to be discussed) against targeted hosts.

Much of the malware out there today is self-replicating: once it infects one host, from that host it seeks entry into other hosts over the Internet, and from the newly infected hosts, it seeks entry into yet more hosts. In this way, Self-replicating malware can spread exponentially fast. For instance, the number of devices infected by the 2003 Saphire/SIammer worm doubled every 8.5 seconds in the first few minutes after its outbreak, infecting more than 90 percent of vulnerable hosts within 10 minutes [Moore 2003]. Malware can spread in the form of a virus, a worm, or a Trojan horse [Skoudis 2004]. Viruses are malware that require some form of user interaction to infect the user's device. The classic example is an e-mail attachment containing malicious executable code. If a user receives and opens such an attachment, the user unintentionally runs the malware on the device. Typically, such e-mail viruses are self-replicating: once executed, the virus may send an identical message with an identical malicious attachment to, for instance, every recipient in the user's address book.  Worms (like the Slammer worm) are malware that can enter a device without any explicit user interaction. For instance, a user may be running a vulnerable network application to which an attacker can send malware. In some cases, without any user interference, the application may accept the malware from the Internet and run it, creating a worm. The worm in the newly infected device then scans the Internet, searching for other hosts running the same vulnerable network application. When it finds other vulnerable hosts, it sends a copy of itseIf to those hosts. Finally, a Trojan horse is malware that is a hidden part of some otherwise useful software. Today, malware, is pervasive and costly to defend against. As you work through this blog, we encourage you to think about the following question: What can computer network designers do to defend Internet-attached devices from malware attacks?



Tags

network application, host, computer network

Copy Right

The contents available on this website are copyrighted by TechPlus unless otherwise indicated. All rights are reserved by TechPlus, and content may not be reproduced, published, or transferred in any form or by any means, except with the prior written permission of TechPlus.