Question

For this discussion, find a recent news story that details a breach in information security. The breach could have occurred in a government organization or in a private company. Give a high-level summary to provide context to your peers (including a link to the article), then, in your posting, include the following:

What kinds of policies would have helped to prevent this breach?

Why would the policies you suggest help the organization?

What can the organization do differently (in regards to information security) to prevent this type of breach in the future?

Also discuss how the current event relates to one of the following concepts of information assurance: confidentiality, integrity, availability, authentication, and/or nonrepudiation.

Respond to two of your peers’ posts to add to their discussions about the current event by commenting on how the news story relates to another concept of information assurance not mentioned in the original post (confidentiality, integrity, availability, authentication, or nonrepudiation).

Refer to the Discussion Rubric for directions on completing these discussions.

Answer 1

According to a study by McAfee, MyDoom is a spam-mailing malware that caused the largest economic damage of

all time, it’s estimated damage is about $38 billion. Alarmingly, a report by security company AV-Test tells the total

number of malware has doubled over the past four years.

To detect a normal malware the longest common content in it is found and deployed in to a security system
as the malware signature. Next time, when attacker sends the same malware in a packet, security system checks for
known signatures in the packets, if they are found immediately those packets are dropped. To evade these type of detection
systems, attackers employ various techniques to ensure no trace of longest common content is fingerprinted and used
as signatures. One of the successful evasion techniques is by deploying polymorphic malware into victims system. A
malware which exhibits different form after every infection is called a Polymorphic malware. These malware change their
form after every infection, there by the signature found by a security system intially would have changed. If a security
systems searches for the same signature, it would fail. For this reason, attackers frequently use polmorphic malware to
intrude into a vulnerable system.

To thwart these type of malware it’s important to understand their structure. A typical polymorphic malware would contain
an encrypted payload and a decryption routine. Encrypted payload contains the malicious instructions in an encrypted
form, usually it looks like a junk data. This encrypted payload is usually appended to a decryption module.

Once these type of malware are executed in the victim’s system, control is given to a decryptor which decrypts the
encrypted payload. Decrypted payload would contain the malicious instructions. These are finally executed to compromise
the vulnerable system.
Apart from encryption, there are many other techniques to deploy polymorphism few of them are :
• Garbage-code insertion is a technique, where garbage instructions are inserted into a malware after every in-
fection. For example, we can insert lot of nop instructions after every infection which makes it difficult for a
security system to compare the two instances of the same malware.
• Instruction-substitution technique employs polymorphism by replacing a code with an equivalent but different one.
• Code-transposition exhibits polymorphism by changing the execution order using jumps.
• Register-reassignment deploys polymorphism into a malware payload by simple reassignment of registers.