Tuesday, August 21 , 2018, 5:47 am | Fog/Mist 66º


UCSB Computer Scientist Advances Internet Security

Christopher Kruegel develops technology to target viruses after they've infected a computer

Consider the common cold. You can take active measures to avoid catching one, but if the virus manages to invade your system, you are powerless to keep it from running its course.

Now think about your computer. You can dose it with antivirus software to make it resistant to infection, but if a virus or worm manages to slip through, you have no recourse but to wipe your hard drive clean and start over. Or do you?

Christopher Kruegel, associate professor of computer science at UCSB and a member of the university’s Computer Security Group, has developed a new security software that can identify and neutralize viruses after they’ve infected a user’s machine, even if a virus has no known signatures.

“Antivirus software companies focus on the end host and try to prevent malware from infecting your computer in the first place,” Kruegel said. “They have a lot of tools sitting on the host that scan files for these signatures or that try to identify programs that behave in a surprising fashion and then they block them. But the numbers show that they are not very effective.”

Kruegel and his colleagues, Giovanni Vigna, professor of computer science at UCSB, and Engin Kirda, professor of computer science at Institute Eurecom in France, have taken a different approach, particularly with bots and botnets. Rather than coming between a computer and the virus, their security software comes between the infected computer and the malicious master server that has taken control of it.

“The virus sitting on the machine doesn’t have a negative impact,” Kruegel said. “But it becomes hugely problematic when it begins to talk to that remote infrastructure and responds to commands.”

They have formed a company, LastLine Inc. — as in “last line of defense” — to develop the software that interferes with the communication between the infected computer and the command and control infrastructure that wants it to act in some nefarious manner — such as stealing bank account numbers and other data, or sending spam mail to a designated group of e-mail addresses. The software works alongside existing antivirus programs and firewalls.

Antivirus software is ineffective, Kruegel said, because the cyber-criminals create new versions of their binaries so quickly that the software companies have difficulty keeping up with them.

“There are mutation engines that take a program and create many different versions so they always look different. But it’s the same program,” he said. “With LastLine, we give up on trying to defend the machine. But once the machine is compromised, we block the connection between the malware and its command and control server. It cannot receive commands, and it cannot send out information.”

By blocking the master servers, cybercriminals are forced to construct command and control structures elsewhere, which is far more difficult than mutating a piece of malware, Kruegel noted.

Malware can make it onto a user’s computer in many ways, but the most common is a drive-by download, which happens while the user is surfing the Internet.

“You go to Web sites that are malicious and they send some script that exploits your browser by downloading the malware,” Kruegel said. “It can also happen through e-mail and file-sharing sites where you download a program.”

Recently, Kruegel was recognized for his accomplishments in Internet security, particularly in developing software that shuts down botnets. In the current issue of Technology Review, a publication of MIT, Kruegel is named to the magazine’s TR35, a list published annually that recognizes 35 outstanding innovators under the age of 35. The award covers a wide range of fields, including biotechnology, materials, computer hardware, energy, transportation and the Internet.


Support Noozhawk Today

You are an important ally in our mission to deliver clear, objective, high-quality professional news reporting for Santa Barbara, Goleta and the rest of Santa Barbara County. Join the Hawks Club today to help keep Noozhawk soaring.

We offer four membership levels: $5 a month, $10 a month, $25 a month or $1 a week. Payments can be made through Stripe below, or click here for information on recurring credit-card payments and a mailing address for checks.

Thank you for your vital support.

Become a Noozhawk Supporter

First name
Last name
Enter your email
Select your membership level

Payment Information

You are purchasing:

Payment Method

Pay by Credit Card:

Mastercard, Visa, American Express, Discover
One click only, please!

Pay with Apple Pay or Google Pay:

Noozhawk partners with Stripe to provide secure invoicing and payments processing.

  • Ask
  • Vote
  • Investigate
  • Answer

Noozhawk Asks: What’s Your Question?

Welcome to Noozhawk Asks, a new feature in which you ask the questions, you help decide what Noozhawk investigates, and you work with us to find the answers.

Here’s how it works: You share your questions with us in the nearby box. In some cases, we may work with you to find the answers. In others, we may ask you to vote on your top choices to help us narrow the scope. And we’ll be regularly asking you for your feedback on a specific issue or topic.

We also expect to work together with the reader who asked the winning questions to find the answer together. Noozhawk’s objective is to come at questions from a place of curiosity and openness, and we believe a transparent collaboration is the key to achieve it.

The results of our investigation will be published here in this Noozhawk Asks section. Once or twice a month, we plan to do a review of what was asked and answered.

Thanks for asking!

Click Here to Get Started >

Reader Comments

Noozhawk is no longer accepting reader comments on our articles. Click here for the announcement. Readers are instead invited to submit letters to the editor by emailing them to [email protected]. Please provide your full name and community, as well as contact information for verification purposes only.

Daily Noozhawk

Subscribe to Noozhawk's A.M. Report, our free e-Bulletin sent out every day at 4:15 a.m. with Noozhawk's top stories, hand-picked by the editors.

Sign Up Now >