F.J at BarCampTokyo

Slide 1: Malware Virus, Warm, Trojan horse, Rootkit BarCampTokyo Feb. 17, 2007 Presented by F.J

Slide 2: Virus mechanism Flow  Infect -> latency -> trigger -> payload  Function  Stealth  Polymorphism (Different byte sequence)  Dormancy  The OS or architecture does not cost a payload  in a difference. (PPC is safer than x86!?)

Slide 3: Others Warm  Circulate copying oneself over the computer  network. Trojan horse  A program to do mischief that a user does  not expect in the back of movement. Rootkit  An all-around tool for a cracker. 

Slide 4: Virus list and Anti software WildList Organization  http://www.wildlist.org/  A list of the virus which is really dangerous to a  user. Anti-virus, Anti-spyware software  Software check virus-hash or spyware-hash.  Software check when open-file , access devices. 

Slide 5: New threat (1/2) Bot  IRC or SMTP, SSL, P2P, etc  Virtual Machine Based Rootkit  Subvirt Rootkit  Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski, Helen J. Wang, Jacob R. Lorch, “SubVirt:  Implementing malware with virtual machines,” http://www.eecs.umich.edu/Rio/papers/king06.pdf, 2006 Blue Pill  J. Rutkowska, “Subverting Vista Kernel For Fun And Profit,” Black Hat USA, http://www.  blackhat.com/presentations/bh-jp-06/BH-JP-06-Rutkowska.pdf, 2006

Slide 6: New threat (2/2) Embedded device  Windows Embedded, Linux, Symbian OS, ITRON  Smart phone, Car navigation system, TV  information appliance, Video game device, etc  Do You think new virus ??  A point of a problem is deleted if I can have communication. I'm sorry in poor English. m(_ _)m