Phillip Porras

Last updated
Phillip Porras
Alma mater University of California, Irvine
Known for Conficker analysis
Awards2013 SRI Fellow
Scientific career
Fields Information security
Institutions The Aerospace Corporation
SRI International
Website www.csl.sri.com/users/porras/

Phillip A. Porras is a computer scientist and security researcher known for his work combating the Conficker worm. Porras leads the Internet Security Group in SRI International's Computer Science Laboratory.

Contents

He was previously a manager of the Trusted Computer Systems Department of The Aerospace Corporation. Porras holds 12 U.S. patents, and was named an SRI Fellow in 2013. [1]

Education

Porras attended the University of California, Irvine.

Career

Porras was an author of patents involved in the 2008 case SRI International, Inc. v. Internet Security Systems, Inc. [2]

During the Conficker worm's initial attack, Porras was running a honeypot and was one of the first security researchers to notice it; and was part of the "Conficker Cabal" that helped combat the worm. [3] [4] Porras' team in SRI published an extensive analysis of the worm. [5] In 2010, Porras was a co-author of BLADE, a collaboration between SRI and Georgia Tech researchers designed to prevent drive-by download malware attacks. [6] [7] [8]

Awards and memberships

Porras was named an SRI Fellow in 2013 for his long-term work in information security and malware analysis, and his recent research on OpenFlow. [9]

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

<span class="mw-page-title-main">Malware</span> Malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Blaster (computer worm)</span> 2003 Windows computer worm

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

In computing, Download.ject is a malware program for Microsoft Windows servers. When installed on an insecure website running on Microsoft Internet Information Services (IIS), it appends malicious JavaScript to all pages served by the site.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.

<span class="mw-page-title-main">Storm botnet</span> Computer botnet

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

<span class="mw-page-title-main">Conficker</span> Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 SQL Slammer worm.

Clampi is a strain of computer malware which infects Windows computers. More specifically, as a man-in-the-browser banking trojan designed to transmit financial and personal information from a compromised computer to a third party for potential financial gain as well as report on computer configuration, communicate with a central server, and act as downloader for other malware. Clampi was first observed in 2007 affecting computers running the Microsoft Windows operating system.

The Rustock botnet was a botnet that operated from around 2006 until March 2011.

The Asprox botnet, also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware. It is a highly infectious malware which spreads through an email or through a clone website. It can be used to trace any kind of personal or financial information and activities online.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets, since infected computers will attempt to contact some of these domain names every day to receive updates or commands. The use of public-key cryptography in malware code makes it unfeasible for law enforcement and other actors to mimic commands from the malware controllers as some worms will automatically reject any updates not signed by the malware controllers.

BLADE is a computer program that was developed by Phillip Porras and Vinod Yegneswaran at SRI International; and Long Lu and Wenke Lee at the Georgia Institute of Technology. BLADE is funded by grants from the National Science Foundation, the United States Army Research Laboratory, and the Office of Naval Research. The program is designed to prevent drive-by download malware attacks.

Virut is a cybercrime malware botnet, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013, its operations were disrupted by the Polish organization Naukowa i Akademicka Sieć Komputerowa.

Patrick Denis Lincoln is an American computer scientist leading the Computer Science Laboratory (CSL) at SRI International. Educated at MIT and then Stanford, he joined SRI in 1989 and became director of the CSL around 1998. He previously held positions with ETA Systems, Los Alamos National Laboratory, and MCC.

<span class="mw-page-title-main">Salvatore J. Stolfo</span> American computer scientist

Salvatore J. Stolfo is an academic and professor of computer science at Columbia University, specializing in computer security.

Dridex, also known as Bugat and Cridex, is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word.

References

  1. "Our People: Phillip Porras". SRI International . Retrieved 2013-02-25.
  2. Phillip Porras. "Patent Defense". SRI International. Archived from the original on 2013-03-06. Retrieved 2013-02-25.
  3. Bowden, Mark (2012-02-18). "War of the cyber worm: the most destructive attack on the internet". The Guardian . Retrieved 2014-02-25.
  4. Bowden, Mark (2010-05-11). "The Enemy Within". The Atlantic . Retrieved 2013-02-25.
  5. Phillip Porras; Hassen Saidi; Vinod Yegneswaran (2009-03-19), An Analysis of Conficker, SRI International, archived from the original on 2009-04-01, retrieved 2009-03-29
  6. Bright, Peter (2010-10-06). "Drive-by malware blocked by new BLADE software". Ars Technica . Retrieved 2012-01-06.
  7. "BLADE: Secure Defense for Network Browsers". SRI International . Retrieved 2012-01-06.
  8. Krebs, Brian (2010-02-22). "Stopping Stealthy Downloads". Technology Review . Massachusetts Institute of Technology . Retrieved 2012-01-06.
  9. "SRI Fellows Awards 2000 - Present". SRI International. Archived from the original on 2013-03-04. Retrieved 2013-02-25.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.