A Brief History of Cybercrime and Cyberwarfare - The Technical and Social History of Software Engineering

Information Technology Reference

In-Depth Information

intentionally cause damage, apparently it infected and slowed about 10% of all

computers attached to the internet. Morris was the first person tried and convicted

under the Computer Fraud and Abuse Act of 1986.

Worms use the internet as their main mode of transit from one computer to an-

other. Some worms were created merely to prove the concept and see how far they

could travel. Even though no harm might have been intended, successful worms

devour bandwidth and slow down networks. The Morris and MyDoom worms are

examples of traveling worms without payloads.

Note

The 2004 MyDoom worm set the record as the fastest-spreading

worm at the time. It attacked Microsoft Windows. To deceive re-

cipients, it had a text phrase that read “Andy, I'm just doing my job,

nothing personal, sorry.”

More malicious kinds of worms include payloads that are designed to cause

harm to computers, software, and networks. Some of these can introduce back

doors into software that allow other kinds of malware to have access. Others can

be used to create zombie computers that can take part in botnet denial of service

attacks. Yet another payload encrypts computer files, with the idea that the file

owners have to pay a fee to get their files back in usable form.

Not all worms were designed to do harm. A few were intended to be beneficial.

One class of worm was designed by Microsoft to update the Windows operating

systems in a benign and invisible way without user intervention. However, the res-

ults were not satisfactory because the changes were made without the owners' per-

mission. Some of the changes required restarts of the computer at possibly awk-

ward moments; this was more of an annoyance than a convenience.

Zero-Day Security Attacks

A zero-day security attack is an attack by malicious hackers that occurs on the very

day that a new security flaw is identified and news about it is first released. As it

happens, it is much easier and faster to develop an attack against a known security

flaw than it is to develop an effective defense. Attacks can take place on the day

the flaw is known, but it usually takes vendors from a week to a month to develop

and release a fix or an effective countermeasure.

Search WWH ::

Custom Search

Home