20 years of malware risk robert m. slade, m. sc., cissp [email protected]@shaw.ca,...
TRANSCRIPT
20 Years of Malware Risk20 Years of Malware Risk
Robert M. Slade, M. Sc., CISSPRobert M. Slade, M. Sc., [email protected]@shaw.ca, [email protected],, [email protected],
[email protected]@computercrime.org
http://victoria.tc.ca/techrev/rms.htmhttp://victoria.tc.ca/techrev/rms.htm
(c)1986Brain(c)1986Brain
Was it the first?Was it the first? Are the risks the same?Are the risks the same?
Prehistory - 1940s-50sPrehistory - 1940s-50s
von Neumann architecturevon Neumann architecture Harvard architectureHarvard architecture
Howard Aiken, Mark I – IVHoward Aiken, Mark I – IV Risk – Law of unintended consequencesRisk – Law of unintended consequences
Cost/benefit – development versus viruses?Cost/benefit – development versus viruses?
Prehistory - 1960s-70sPrehistory - 1960s-70s
Core WarsCore Wars DARWIN – 1969DARWIN – 1969
““Survival” of programsSurvival” of programs ImpImp
Replication, quite successfulReplication, quite successful Risk – beware of playful programmersRisk – beware of playful programmers
TrojansTrojans
Various types, difficult to defineVarious types, difficult to define Password stealingPassword stealing PranksPranks Malicious damageMalicious damage Phishing (ID theft)Phishing (ID theft)
RisksRisks TrustTrust Ill-defined threatsIll-defined threats
PranksPranks
Non-maliciousNon-malicious AnthemAnthem FlipFlip
Risks?Risks?
Prehistory - 1980sPrehistory - 1980s
Infamous Xerox wormInfamous Xerox worm Shoch and HuppShoch and Hupp
Experiment in distributed computingExperiment in distributed computing Application with multiple “segments”Application with multiple “segments” Bug in the programBug in the program
Risk – unintended consequences againRisk – unintended consequences again
Prehistory - 1980sPrehistory - 1980s
Apple virusesApple viruses 1980-811980-81 TexasTexas Like Core Wars, examining survivalLike Core Wars, examining survival
Variant 1 successfulVariant 1 successful Variant 2 escaped, interfered with gameVariant 2 escaped, interfered with game Variant 3 to hunt down 2Variant 3 to hunt down 2
Risk – buggy codeRisk – buggy code Risk – antivirus viruses - OhioRisk – antivirus viruses - Ohio
Fred CohenFred Cohen
Replication proposed at 1983 seminarReplication proposed at 1983 seminar Len AdelmanLen Adelman
1984 thesis1984 thesis 1986 dissertation1986 dissertation Three major antiviral types identifiedThree major antiviral types identified
(c)1986Brain(c)1986Brain
Brain Computer Services, PakistanBrain Computer Services, Pakistan Ashar and AsharAshar and Ashar
StealthStealth Boot sector infectorBoot sector infector Risk – variants – Ohio, Den ZukRisk – variants – Ohio, Den Zuk
19871987
LehighLehigh CHRISTMACHRISTMA
Risk - DoSRisk - DoS
19871987
JerusalemJerusalem Risks – variants, malicious damage, reputationRisks – variants, malicious damage, reputation
19871987 PolymorphismPolymorphism
Many shapesMany shapes Self-encryptionSelf-encryption
stubstub Modular constructionModular construction
module signaturesmodule signatures UpdatingUpdating
update module signatureupdate module signature File pickupFile pickup
other signaturesother signatures
RisksRisks AV expert blood pressure (“zero day”)AV expert blood pressure (“zero day”) CPU timeCPU time File distributionFile distribution
19881988
StonedStoned Risk – holdover technology (boot sector)Risk – holdover technology (boot sector)
Internet/UNIX/Morris WormInternet/UNIX/Morris Worm Risks - defaultsRisks - defaults
MacMagMacMag Risks – data, commercialRisks – data, commercial
19911991
Desert StormDesert Storm Risk – don't believe everything you readRisk – don't believe everything you read
MSAVMSAV Anti-antivirusAnti-antivirus Risk - There is hardly anything in the world that Risk - There is hardly anything in the world that
some man cannot make a little worse and sell a little some man cannot make a little worse and sell a little cheaper, and the people who consider price only are cheaper, and the people who consider price only are this man's lawful prey. - John Ruskinthis man's lawful prey. - John Ruskin
19941994
Good Times hoaxGood Times hoax Risk – don't believe everything you readRisk – don't believe everything you read
Springer-Verlag publishes "Robert Slade's Springer-Verlag publishes "Robert Slade's Guide to Computer Viruses"Guide to Computer Viruses" (ummm ...)(ummm ...)
19951995
ConceptConcept Macro virusMacro virus RisksRisks
Outdated definitions of “program”Outdated definitions of “program” Extraneous functionalityExtraneous functionality
19991999
MelissaMelissa First of the “fast burners”First of the “fast burners” Used multiple linked applicationsUsed multiple linked applications
RisksRisks Platform dominancePlatform dominance ConvenienceConvenience (Pornography)(Pornography)
20002000
Life StagesLife Stages Risk - file formats and extensionsRisk - file formats and extensions
20012001
Lindose/WinuxLindose/Winux Cross-platformCross-platform
Code RedCode Red Worm speedWorm speed
IntermissionIntermission DCOMDCOM
20032003
SobigSobig SpambotnetsSpambotnets
Risk – commercial and criminal impetus to Risk – commercial and criminal impetus to malwaremalware
Spyware and AdwareSpyware and Adware
Potentially Unwanted Software – PUSPotentially Unwanted Software – PUS Risk - definitionRisk - definition
MobileMobile
Cell phones, PDAs, Blackberry, etc.Cell phones, PDAs, Blackberry, etc. Risk – computers everywhereRisk – computers everywhere
20 Years of Malware Risk20 Years of Malware Risk
Robert M. Slade, M. Sc., CISSPRobert M. Slade, M. Sc., [email protected]@shaw.ca, [email protected],, [email protected],
[email protected]@computercrime.org
http://victoria.tc.ca/techrev/rms.htmhttp://victoria.tc.ca/techrev/rms.htm