作为恶意软件感染载体的软件分发

2009 International Conference for Internet Technology and Secured Transactions, (ICITST) Pub Date : 2009-11-01 DOI:10.1109/ICITST.2009.5402538

Felix Gröbert, A. Sadeghi, M. Winandy

{"title":"作为恶意软件感染载体的软件分发","authors":"Felix Gröbert, A. Sadeghi, M. Winandy","doi":"10.1109/ICITST.2009.5402538","DOIUrl":null,"url":null,"abstract":"The software distribution and usage over the Internet has become an integral part of our daily life. This is an efficient way to make software widely available to users. But it bears the risk of infecting computers with malicious software since many applications are still downloaded and installed without appropriate security measures. Cyber criminals can obviously exploited this situation, but also governments intending to deploy spyware against suspects. In this paper we present an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Our algorithm deploys virus infection routines and network redirection attacks without requiring to modify the application itself. This allows to even infect executables with a embedded signature when the signature is not automatically verified before execution. We briefly discuss counter-measures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from trusted applications.","PeriodicalId":251169,"journal":{"name":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Software distribution as a malware infection vector\",\"authors\":\"Felix Gröbert, A. Sadeghi, M. Winandy\",\"doi\":\"10.1109/ICITST.2009.5402538\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The software distribution and usage over the Internet has become an integral part of our daily life. This is an efficient way to make software widely available to users. But it bears the risk of infecting computers with malicious software since many applications are still downloaded and installed without appropriate security measures. Cyber criminals can obviously exploited this situation, but also governments intending to deploy spyware against suspects. In this paper we present an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Our algorithm deploys virus infection routines and network redirection attacks without requiring to modify the application itself. This allows to even infect executables with a embedded signature when the signature is not automatically verified before execution. We briefly discuss counter-measures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from trusted applications.\",\"PeriodicalId\":251169,\"journal\":{\"name\":\"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITST.2009.5402538\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2009.5402538","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

软件在互联网上的传播和使用已经成为我们日常生活中不可或缺的一部分。这是使用户广泛使用软件的有效方法。但是，由于许多应用程序仍然在没有适当的安全措施的情况下下载和安装，因此它承担了感染恶意软件的风险。网络罪犯显然可以利用这种情况，但政府也打算部署间谍软件来对付嫌疑人。本文提出了一种有效的恶意软件动态感染可执行代码的机制和相应的参考实现。我们的算法部署病毒感染例程和网络重定向攻击，而无需修改应用程序本身。这甚至允许使用嵌入签名感染可执行文件，当签名在执行前没有自动验证时。我们将简要讨论一些应对措施，如安全通道、代码身份验证以及可将不受信任的下载与受信任的应用程序隔离的可信虚拟化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Software distribution as a malware infection vector

The software distribution and usage over the Internet has become an integral part of our daily life. This is an efficient way to make software widely available to users. But it bears the risk of infecting computers with malicious software since many applications are still downloaded and installed without appropriate security measures. Cyber criminals can obviously exploited this situation, but also governments intending to deploy spyware against suspects. In this paper we present an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Our algorithm deploys virus infection routines and network redirection attacks without requiring to modify the application itself. This allows to even infect executables with a embedded signature when the signature is not automatically verified before execution. We briefly discuss counter-measures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from trusted applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 International Conference for Internet Technology and Secured Transactions, (ICITST)

自引率

0.00%

发文量