2008-09-01
Abstract
Paul Baccas summarises the good, the bad and the ugly within Jakobsson and Ramzan's 'Crimeware: Understanding New Attacks and Defenses'.
Copyright © 2008 Virus Bulletin
Title: Crimeware: Understanding New Attacks and Defenses
Authors: Markus Jakobsson and Zulfikar Ramzan (Eds)
Publisher: Symantec Press
ISBN 13: 978-0-321-50195-0
Pages: 608
Cover price: $54.99
Reviewing this book has been a frustrating task for two reasons: the lack of a definable structure and the gushing reviews on the covers. My review will address the first point throughout, and will be considerably less gushing.
There is a current trend among IT-related books for chapters to be written by different people on different, but related, topics. For most of these books this causes a problem with the narrative flow and they become akin to the lecture notes of a course where each class has a guest speaker. The chapters of this book are more like academic papers – in fact, some of the chapters are academic papers, published verbatim with seemingly no regard for whether the topic has previously been introduced. While there is a narrative thread for anyone who tries to find it, most of it is lost in the weave.
Like Sergio Leone’s film this book has parts that are good, parts that are bad and parts that are ugly – and thanks to the book’s format these descriptions can often be applied to different parts of the same chapter.
The move of malware authors from being electronic graffiti artists (harmless in their own minds and annoying/destructive in the minds of their victims) to serious authors of crimeware has been the pervading trend of the last decade. Defining and exploring crimeware is a laudable goal in any book, and this one starts well.
The first chapter, ‘Overview of Crimeware’, is a good introduction and I considered it to bode well for the rest of the book. This is followed by ‘A Taxonomy of Coding Errors’, which is informative, but in my opinion slightly off topic. The subject of taxonomy within the malware industry is a recurring one, however it is one I would rather leave to biologists.
Next, ‘Crimeware and Peer-to-Peer Networks’ comprises two research papers cleaved together into one chapter. Each part of the chapter has its own introduction, method, results and conclusion. This type of presentation is valid for undergraduate dissertations, however if I were the supervisor I would be querying the assumptions and methodology of the first part of chapter 3.
The next chapter is the one that I feel deserves most of my ire. ‘Crimeware in Small Devices’ contains three parts: USB, RFID and mobile. A cursory six pages are dedicated to the clear and present threats of USB device malware, three pages are dedicated to the burgeoning threat of mobile malware, while the technology which the authors say is ‘on the verge of exciting times’, RFID, is allocated nine pages. While the authors of the latter section (Crispo et al.) have done a lot of research into RFID, I do not think it deserves such a large section, or that a largely previously published piece of work warrants inclusion in such a book.
Chapters 5 and 6, ‘Crimeware in Firmware’ and ‘Crimeware in the Browser’, both have good and ugly points, the ugly being the different sections not quite jelling. The second part of chapter 5, ‘Modeling WiFi Malware Epidemics’, is US-centric and could have done with some examples from Europe. Chapter 6 has lots of positives even though the sections are disparate.
Chapters 7 and 8, ‘Bot Networks’ and ‘Rootkits’, are very good and along with the last two chapters provide a solid core to this book. As reference material these chapters alone are worth the price of the book. My only complaint is that the rootkit detection section is a little light.
After the high point of chapters 7 and 8 comes a low point in the form of the next two chapters, ‘Virtual Worlds and Fraud’ and ‘Cybercrime and Politics’. These are mainly about traditional crimes rather than relating specifically to malware.
The four chapters following: ‘Online Advertising Fraud’; ‘Crimeware Business Models’; ‘The Education Aspect of Security’; and ‘Surreptitious Code and the Law’, are all good. Indeed, had ‘Crimeware Business Models’ started the book the whole narrative might have flowed better. Chapter 14 is a little hard going for a non-lawyer and, dealing only with US law, slightly limited as a reference.
The chapter ‘Crimeware and Trusted Computing’ is interesting only because Trusted Computing reappears as a ‘solution’ to the malware/crimeware problem every few years and yet it has not yet produced a viable solution.
The penultimate chapter, ‘Technical Defense Techniques’, is another mishmash of subjects whose highlight is an analysis of ‘Crimeware-Resistant Authentication’. The final chapter, ‘The Future of Crimeware’, is a good round-up of the subjects discussed.
This book has high aspirations and in parts it meets them. However, the lack of direction is problematic. A series of disparate papers joined by a common thread, the book seems more like the proceedings of a conference than a useful reference text. Nonetheless, there are several sections of the book that I will read again and I will keep it on my bookshelf for that reason.
