Threat of renovated .NET viruses to mobile devices
Pages 367 - 372
Abstract
This research investigates the threat .NET viruses pose to mobile devices supporting the .NET Compact Framework. The focus is on (1) the feasibility of transforming, via renovation, a .NET virus to comply with the .NET Compact Framework and (2) deciding if the transformed virus can succeed in infecting a mobile device supporting the .NET Compact Framework. A formal model to identify non .NET CF compliant source code and to derive transformation rules is presented and characterized. The model was used to transform a test suite of .NET viruses to comply with the .NET Compact Framework. These transformed viruses successfully infected files on two mobile devices. Four desktop virus detectors were tested to detect the .NET viruses and their transformed versions. Three of the four did worse in detecting the transformed versions than on the original .NET version. The research shows that .NET viruses pose an apparent and realizable threat to mobile devices supporting the .NET Compact Framework.
References
[1]
29a. http://vx.netlux.org/vx.php?id=z001.
[2]
E. Chein. Effects of microsoft .net on malicious threats. In the Proceedings of Virus Bulletin Conference, 2001.
[3]
Dia website. http://home.arcor.de/vxdia/.
[4]
Differences with the .net framework. http://msdn.microsoft.com/library/.
[5]
Flate virus. http://securityresponse.symantec.com.
[6]
S. Fogie. Pocket pc abuse: To protect and destroy. In Black Hat USA, 2004.
[7]
G. Francia. Embedded system programming. Journal of Computing Sciences in Colleges, 17(2), Dec 2001.
[8]
P. Hannay and R. Wang. Msil for the .net framework. In the Proceedings of Virus Bulletin Conference, 2001.
[9]
Microsoft developers network. http://msdn1.microsoft.com/.
[10]
J. A. Morales, P. J. Clarke, and Y. Deng. Testing and evaluation of virus detectors for handheld devices. In the Proceedings of NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM), 2004.
[11]
.net compact framework faq. http://msdn.microsoft.com/netframework/.
[12]
The .net compact framework. http://msdn.microsoft.com/netframework/.
[13]
The .net framework. msdn.microsoft.com/netframework/technologyinfo/overview/default.aspx.
[14]
C. Peikari. Analyzing the crossover virus. informit.com, March 2006. http://www.informit.com/articles/.
[15]
M. Schmall. .net/msil malicious code and av/heuristic engines. securityfocus.com, November 2002. http://www.securityfocus.com/infocus/1642.
[16]
R. Srivaths, A. Raghunathan, P. Kocher, and S. Hattangady. Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems, 3(3):461--491, August 2004.
[17]
P. Szor. The Art of Computer Virus Research and Defense. Addison-Wesley, 2005.
[18]
F. Vahid and T. Givargis. Embedded System Design a Unified Hardware/Software Introduction. Wiley, 2002.
[19]
D. Venugopal and G. Tuvell. The existing and emerging threat of smart-phone viruses. Technical report, Smobile Systems, 2006.
[20]
Visual studio .net 2003. http://msdn.microsoft.com/vstudio/previous/2003/.
[21]
Vx heavens. http://vx.netlux.org/.
[22]
J. Wijngaarden and E. Visser. Program transformation mechanics. Technical report, Institute of Information and Computing Sciences, May 2003. Utrecht University.
Index Terms
- Threat of renovated .NET viruses to mobile devices
Recommendations
High-level language computer viruses— a new threat?
Companion viruses have not received as much attention as their non-companion counterparts. To some extent this is due to the fact that only a small percentage of the computer viruses released into the computing world have been companion viruses. However,...
Hunting for undetectable metamorphic viruses
Commercial anti-virus scanners are generally signature based, that is, they scan for known patterns to determine whether a file is infected. To evade signature-based detection, virus writers have employed code obfuscation techniques to create ...
Comments
Information & Contributors
Information
Published In
March 2008
548 pages
ISBN:9781605581057
DOI:10.1145/1593105
Copyright © 2008 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 March 2008
Check for updates
Qualifiers
- Research-article
Funding Sources
Conference
ACM SE08
Acceptance Rates
Overall Acceptance Rate 502 of 1,023 submissions, 49%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 168Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 23 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in