Communications of the ACM
A note on the confinement problem
Communications of the ACM
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Cryptovirology: Extortion-Based Security Threats and Countermeasures
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Deniable password snatching: on the possibility of evasive electronic espionage
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Proceedings of the 2003 ACM workshop on Rapid malcode
Mobile Phones as Computing Devices: The Viruses are Coming!
IEEE Pervasive Computing
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Defending against the propagation of active worms
The Journal of Supercomputing
A detection and filter system for use against large-scale DDoS attacks in the internet backbone
IWAN'04 Proceedings of the 6th IFIP TC6 international working conference on Active networks
Prevention of information attacks by run-time detection of self-replication in computer codes
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
What are suspicious VoIP delays?
Multimedia Tools and Applications
Cloak: a ten-fold way for reliable covert communications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
The damage inflicted by viruses and worms has been limited by the risks that come with the more lucrative payloads. The problem facing authors of self-reproducing malware is that monetizing each intrusion requires the author to risk communication with the infected system. Malware authors looking to minimize risk and maximize loot have been better off carefully targeting trojan horses at a few systems at a time. However, this could change if malware authors could infect a large number of systems using a worm and sell access to infected systems to other black hats. We introduce a new type of worm that enables this division of labor, installing a back door on each infected system that opens only when presented a system-specific ticket generated by the worm's author. The risk to the worm's author is minimized because he need not communicate with the infected systems. This new class of attack could increase the incentives to write malware and create a market for such specialized skills. In addition to describing this new threat, we propose a number of approaches for defending against it.