• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
BSides algiers -  Malware History - Sofiane Talmat
 

BSides algiers - Malware History - Sofiane Talmat

on

  • 704 views

 

Statistics

Views

Total Views
704
Views on SlideShare
704
Embed Views
0

Actions

Likes
0
Downloads
20
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    BSides algiers -  Malware History - Sofiane Talmat BSides algiers - Malware History - Sofiane Talmat Presentation Transcript

    • L’industrie du Malware (Part I) Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt)http://www.synapse-labs.com info@synapse-labs.com
    • Security Corporate Services Services Solution Trainings Developmenthttp://www.synapse-labs.com info@synapse-labs.com
    • Viruses dont harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky)http://www.synapse-labs.com info@synapse-labs.com
    • • 1948 – 1966 (First theroical Approach)• John von Neumann « Theory of self-reproducing automata »http://www.synapse-labs.com info@synapse-labs.com
    • • 1971 (First Worm)• Robert (Bob) H. Thomas (BBN technologies) "Im the creeper, catch me if you can!"• Machine : PDP-10• System : TENEX• Transport : ARPANEThttp://www.synapse-labs.com info@synapse-labs.com
    • WORMhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1974/1975 (First Trojan Virus)• John Walker « ANIMAL » UNIVAC 1108http://www.synapse-labs.com info@synapse-labs.com
    • TROJAN HORSEhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1982/1982 (First microcomputer Virus)• Rich Skrenta « Elk Cloner » Apple II Boot Sectorhttp://www.synapse-labs.com info@synapse-labs.com
    • BOOT SECTORhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1986 (First IBM-PC Virus)• Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore »http://www.synapse-labs.com info@synapse-labs.com
    • • 1986 (First File Infector Virus)• Ralf Burger VirDem Ver.: 1.06 (Generation #) aktive. « Virdem model» Copyright by R.Burger 1986,1987 Phone.: D - 05932/5451 .com This is a demoprogram for computerviruses. Please put in a number now. If youre right, youll be able to continue. The number is between 0 and xhttp://www.synapse-labs.com info@synapse-labs.com
    • COM INFECTIONhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1987 (Destructive Virus) – Vienna / Lehigh / Yale / Stoned / Ping Pong• Cascade (self-encrypting file virus) IBM Antivirushttp://www.synapse-labs.com info@synapse-labs.com
    • SELF-ENCRYPTEDhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1987• Jerusalem 1808(EXE) 1813(COM) « Infecting .EXE » ArabStar BlackBox• Interrupt BlackWindow Friday13th• Friday 13th HebrewUniversity Israeli PLO Russianhttp://www.synapse-labs.com info@synapse-labs.com
    • EXE Infectionhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1988 (First Internet Worm)• Robert Tappan Morris « The Morris worm » Buffer Overflow 6000 infectionshttp://www.synapse-labs.com info@synapse-labs.com
    • BUFFER OVERFLOWhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1988 (First Multipartite Virus) Ghostball• EXE/COM/Boot Sectorhttp://www.synapse-labs.com info@synapse-labs.com
    • Multipartite virushttp://www.synapse-labs.com info@synapse-labs.com
    • • 1988 (First Polymorphic Virus)• Mark Washburn & Ralf Burger « the Chameleon family » « Vienna and Cascade » 1260http://www.synapse-labs.com info@synapse-labs.com
    • Polymorphismhttp://www.synapse-labs.com info@synapse-labs.com
    • • 1995 (First Macro Virus) « Concept » Sub MAIN REM Thats enough to prove my point End Subhttp://www.synapse-labs.com info@synapse-labs.com
    • Macro Virushttp://www.synapse-labs.com info@synapse-labs.com
    • • 1998• Chen Ing Hau• CIH v1 « Chernobyl / Spacefiller »Sep.1998 : Yamaha DriverOct.1998 : Jeux Activision SiNMar.1999: IBM Aptivashttp://www.synapse-labs.com info@synapse-labs.com
    • • 1999 (Year of the worms) – Janvier 20: Happy99 worm (emails) (Spanska) – Mars 26: Melissa worm (Microsoft Word/ Outlook) – Juin 06: ExploreZip worm(Microsoft Office documents) – Decembre 30: Kak worm (Javascript worm / Outlook Express bug)http://www.synapse-labs.com info@synapse-labs.com
    • • 2000 (The most damaging worm ever) « ILOVEYOU worm (VBS/Loveletter) » VBScripthttp://www.synapse-labs.com info@synapse-labs.com
    • • 2000 (The year of Exploits) – Mai : Sadmind worm (Sun Solaris / Microsoft IIS) – Juillet : Code Red worm (Microsoft IIS indexing) – Septembre : Nimda worm (Windows/Code Red / Sadmind) – Octobre : Klez worm (MS IE / MS Outlook / Outlook Express)http://www.synapse-labs.com info@synapse-labs.com
    • • 2002 (Metamorphic virus)• Mental Driller « Win32/Simile » (Etap / MetaPHOR) 90% metamorphose May 14 / System localehttp://www.synapse-labs.com info@synapse-labs.com
    • METAMORPHIC VIRUShttp://www.synapse-labs.com info@synapse-labs.com
    • • 2002/2003 (Rise of the RAT & Trojans) – Beast (Delphi) – Optix Pro – Graybird – ProRathttp://www.synapse-labs.com info@synapse-labs.com
    • • 2003 (More worms in the wild) – SQL Slammer worm • 75,000 en 10 minutes – Blaster worm (RPC) (similar to sasser 2004) • DDoS with SYN flood (windowsupdate.com)http://www.synapse-labs.com info@synapse-labs.com
    • • 2004 (First Webworm) « Santy » - Target : phpbb forums - 40 000 sites infectéshttp://www.synapse-labs.com info@synapse-labs.com
    • • 2006 (First ever Mac OS X virus) « OSX/Leap-A or OSX/Oompa-A » – Lan worm – Bonjour Protocol (iChat buddy list) – Destruit les fichiers infecteshttp://www.synapse-labs.com info@synapse-labs.com
    • • 2007 (Vous avez dit ZEUS ?) « ZEUS » (drive-by downloads /phishing) – 196 pays – Juin.2009 : 74,000 comptes FTP – 3.6 million d’infections aux USA – 28 Oct.2009 : 1.5 million de messages fishing sur facebook – 14/15 Nov. 2009 : 9 millions emails infectes(Verizon Wireless) – Cartes de credits de 15 banques compromises – 1 Oct.2010 : FBI / 70 millions $ et 90 arrestations – Mai.2011 : le code source est dévoiléhttp://www.synapse-labs.com info@synapse-labs.com
    • • 2007 (Mise a pirx : 250 000 $) « Conflicker » NetBIOS Exploits MS08-067http://www.synapse-labs.com info@synapse-labs.com
    • BOTNEThttp://www.synapse-labs.com info@synapse-labs.com
    • • 2009 (Cyber attack) « W32.Dozer » « July 2009 Cyber Attacks » – 04/07/2009 : • USA / Corée du Sud – 07/07/2009 : • Corée du Sud – 09/07/2009 : • Corée du Sudhttp://www.synapse-labs.com info@synapse-labs.com
    • Cyber Weapons !!!!! 2010 : STUXNET 2011 : Duquhttp://www.synapse-labs.com info@synapse-labs.com
    • Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labshttp://www.synapse-labs.com info@synapse-labs.com