:: NORMAN :: Antivirus | Firewall

Proaktiv IT sikkerhed

Startside

Nyheder

Support

Køb

Vælg land

Vælg produkt

Virus & sikkerhed » Sikkerhedsinformation » 2007 » Happy (?) anniversary, Malware!

Happy (?) anniversary, Malware!

Tilføj til mine Norman-bogmærker

Security Information Week 38, 2007

Security Information

Introduction

It is generally accepted that the first computer virus was launched "in the wild" in 1982 (probably created in 1981).

One reckons that the first computer virus was Elk Cloner, which infected computers using the then popular Apple II operating system. This virus had as its payload images, blinking text and the message:

Elk Cloner: The program with a personality

It will get on all your disks
It will infiltrate your chips
Yes it's Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

The virus spread by infecting floppy disks (remember those?) that were inserted into the infected computer.

Hand and present

Thus, we may now "celebrate" the first 25 years anniversary of malicious software (malware).

Compared to the relatively innocent scheme in the early age, malware changed into an activity for "geeks" that caused major problems for individuals and organizations, and further into an industry dominated by criminals. This will be discussed in this Security Information.

A brief historical overview

Amazingly (in hindsight at least) it took four years before computer viruses for PCs appeared "in the wild". In the beginning of 1986 the PC boot sector virus Brain (aka Lahore, Pakistani, Pakistani Brain, Pakistani Flu, Brain-A) was released.

In subsequent years new viruses were created and caused some harm for those affected. Seen through the eyes of those who experienced later days' outbreaks though, none of these were particularly dangerous.

It was a different piece of malware - a worm - that caused the most publicity during those early years of computer malware - the so-called Morris worm (external link - opens a separate browser window) in November 1988. This piece of malicious software attacked DEC VAX computers. The Morris worm in effect functioned as a denial of service attack. Its effect was devastating on the Internet functionality at that time. Compared to these days only a small number of computers were connected to the Internet and a significant amount of those were infected.

During the next years the number of malicious programs increased steadily and after some time exponentially, as we shall see later. Several received a lot of media coverage; often due to the fact that the malware's name was associated with a famous person or event. Some of the most famous and dangerous pieces of malware were:

W97M/Melissa,
which surfaced just before the Easter holiday 1999 and spread by using a mass-mailing technique, which required Microsoft's Outlook as the email client. The macro virus Melissa caused trouble mainly by overloading several email servers.
W95/CIH
was the first virus in the wild with a destructive payload, which might destroy hardware. Under certain circumstances the CIH virus was able to destroy FlashBIOS in a PC by overwriting it. Even though this virus was known several months before the most destructive variant's payload 26 April 1999, several PCs were hit.
VBS/Loveletter,
also known as ILOVEYOU, appeared in the beginning of May 2000, and was explosive in its spread. It is a superb example of one of the most successful social engineering techniques to spread malware by using email as the carrier.
Sobig.F,
which was when it was launced in summer 2003, the most wide-spread worm. Perhaps it is the most wide-spread piece of malware ever. Sobig.F's spreading technique was as an email attachment, and this was perhaps the first instance when the spam effect of the malware was the most significant problem - bigger than the malware part.

During the 25 years that have passed, we have seen other techniques emerging; techniques that cause all kinds of problems for the Internet community. Some examples worth mentioning are:

Bot networks / botnets
Computers that are part of a network which itself is controlled by a robot.
Various systems for causing Distributed Denial of Service (DDoS)
Several systems, often controlled by a malicious person, flood the bandwidth or resources of a targeted system or systems.
Phishing
Someone attempts to get personal information, like passwords, credit card numbers, bank account numbers etc. by tricking another through some kind of electronic communication, often a combination of email and fake web sites.
Spyware
Programs that collect information about a person or an organization without that entity's consent and awareness.
Rootkit
A program (or programs) that obscure its installation and presence from the computer's user. Rootkits are often used to conceal (other) malicious programs.
Spam
Spam is unsolicited information, often sent as email messages to a huge number of recipients.

The situation after a quarter of a century

During the brief history section above, we have mentioned in short some of the techniques that have emerged during the 25 years of computer viruses. It should be obvious that there has been a quite dramatic change regarding this. One will also see that "the bad girls" now have quite a lot of different means to their disposal.

However, there are other changes that are interesting to observe:

The number of different malware has exploded

A few years ago one could observe that there were some major incidents that caused trouble, many systems were affected, and the media coverage for each incident was often substantial. This has changed drastically!

These days the normal situation is a huge number of (often slightly) different malware that are distributed over quite a short period of time. Only a few persons/organizations are affected (and/or targeted), and the media coverage of each incident is almost non-existant.

On the other hand the number of unique pieces of malware is so huge that the time involved in processing (analyzing) each and every one has in itself become a challenge for the antivirus industry. There are now thousands of new malicious software programs emerging each day.

From script kiddies to organized crime

In the early days of computer viruses and for several years, most malware was created by so-called script kiddes, or skilled persons that had no personal economic gain as the main target for their activity. All kinds of other factors were involved - some obscure to most outside the inner circle - but the ability to get rich was not among those.

No more so! Creating and distributing malicious software have become part of a major industry. The potential victims of a particular malware are often specially targeted. These days the majority of the malware created, probably are tools used by organized criminal groups. It is also safe to presume that such tools are also used as commodities purchased and sold on a "hidden marketplace"; multiple use of botnets may be used as an example.

Since economic gain, and thereby money is involved, the ability to provide significant funding in creating sophisticated malware is also present.

Combination of malware techniques

The existance of malware that uses different techniques in combination has been seen for several years. Recently this has been more common. The list of examples is almost endless, suffice it to mention

emails used to trick someone to visit a malicious web site, which is set up by exploiting a perfectly legitimate web server
malware cocktails of viruses, trojans and worms that are installed by a rootkit
malware that downloads new/updated components from compromised download servers, thereby adding or changing functionality.

What to expect in the near future

It would be hazardous to try to predict what the future will look like in another 25 years. The evolution of the networking society (perhaps it is still better to use the word revolution?) is happening so fast that any forecast beyond some months and the first years will most certainly be speculations without any real substance.

It is probably safe to assume that today's situation will prevail and grow more sophisticated. Although operating systems are becoming increasingly secure, the antimalware products are becoming more and more advanced, and the focus on information security is increasing; none has so far come up with any solution that will put an end to the problem with malicious software.

More advanced communication devices equal more malware potential

We are already seeing a tendency that different technologies are merging together: TV on mobile phones, DVDs on portable computers, digital cameras used as communication devices etc. etc. In short: several of the tools that surround us in our day-to-day tasks are computers, which have operating systems, programs, and thereby potential vulnerabilites that may be exploited.

Attacks targeting nations

So far malicious programs have only been used rarely - if at all - in large-scale attacks against any country and its infrastructure. One may assume that we will see such attacks in the not-so-far future; either by other nations or by an organization that aims to destabilize a country by targeting its electronic communication systems.

The use of malicious software as the perfect terrorist tool has often been mentioned. One disadvantage of such tools seen from the terrorist's point of view, is that one of the main goals for a terrorist is to cause fear in a population - presumably malicious software is not particularly well-suited in accomplishing this? Malware as a tool for terrorist groups will be discussed in more detail later in an upcoming Security Information.

More advanced antimalware systems

Security professionals and the antimalware vendors agree that traditional techniques for stopping malware are not sufficient, and several alternative systems have been developed. Popular behaviour recognizing systems and systems for running program code in a controlled environment are examples. Norman's own SandBox Technlogy is one such technique that has proven to be among the most effective systems available. Such systems will be developed further and become an increasingly important element in the continous fight against malware.

Unknown threats

25 years ago several of the threats mentioned earlier in this Security Information were unimaginable. It is therefore safe to assume that the coming years will show threats to the Internet community and other users of electronic communication that none is able to foresee now. The security community's challenge is to respond to these threats as quickly and as efficiently as possible, in order to minimize and, ideally, to stop permanently.

The continous battle between the bad girls and the security community continues another quarter of a century...

VIRUSADVARSLER

Medium risk
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Frigivelsesdato for seneste definitionsfiler

>>	2008-07-18

Sikkerhedsoplysninger

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Sikkerhedsrådgivning

>>	No critical updates for Microsoft systems in July 2008
>>	Three critical updates for Microsoft systems in June 2008

Norman er en af verdens ledende virksomheder indenfor datasikkerhed. Med produkter som antivirus, personlig firewall og antispam, spiller Norman en vigtig rolle i dagens dataindustri.