Re: Malware Triangle
From: kurt wismer (kurtw_at_sympatico.ca)
Date: Sat, 20 Nov 2004 00:26:28 -0500
Richard S. Westmoreland wrote:
> I have developed a new theorem on the associations of the various malware we
> deal with on a regular basis. It started out as a way to classify the
> primary Internet threats, such as viruses, spam, and spyware, and then I
> realized that the other threats were just blended characteristics of those
> 3. Then once this was mapped out on the triangle, I saw another
> association - 3 smaller triangles formed the solutions that combat those
> threats - antivirus, antispam, and antispyware. They tend to overlap.
> I have been studying another triangle - the 3 pillars of security
> (Confidentiality, Integrity, and Availability), and notice that those match
> up with the Malware Triangle. (That comparison is not on the site yet)
> Please share your opinions/comments on this:
well, on the positive side i like the number 3...
other than that the relationships seem to be overly simplistic or in
some cases just plain wrong...
for example, spam doesn't belong anywhere near a malware diagram... it
is not a threat to anything other than your time and/or your pocketbook
(if you happen to get suckered into buying something)... in the grander
sense i suppose it's also a threat to the usefulness of email in
general, but it's no more a threat than being exposed to advertising on
tv or in a magazine or on the side of the highway...
then there's this supposed relationship between spyware and adware,
only they aren't related... adware, by its very nature, 'advertises'
it's presences and it's actions while spyware does pretty much the
opposite... their only real commonality is that they're both (usually)
non-replicating malware... by the way, adware doesn't necessarily
gather any information, that's more of a spyware trait - any adware
that does so happens to also be spyware...
phishing is spam with spyware-like intent but that's about as close as
this juxtaposition of "zombie" and "trojan" seems pretty telling as to
what you think trojans are supposed to be, but i assure you the class
is much broader than just remote administration tools... furthermore
RAT's are not closely related to either viruses or spyware - the
distinguishing characteristic of spyware is that it surreptitiously
sends information to a 3rd party (effectively providing a one-way
transmission) whereas a RAT allows the 3rd party to control the pc
(which is a 2-way transmission or at the very least a one-way
transmission in the opposite direction)... the distinguishing
characteristic of a virus is that it self-replicates however there
aren't that many self-replicating RATs....
the relationship between worms and viruses is another misfire as one is
generally considered to be a subset of the other (though which is the
subset and which is the superset is debatable)... worms are definitely
not viruses + spam... there's even a good argument to be made for virus
-- "maxwell can tell he's in hell just wants you to visit him there same old game that he's playin' his rules are never fair"