SlideShare a Scribd company logo

Malware

Nikola Milosevic
Nikola Milosevic

Presentation about history and evolution of malware from BSides Manchester cyber secutity conference held on June 28th

SoftwareTechnology
1 of 29
Download to read offline
History and Evolution of Malware Nikola Milošević nikola.milosevic@owasp.org ● @dreadknight011
About Me • My name is Nikola Milošević • OWASP Serbia local chapter leader • OWASP Seraphimdroid project leader • OWASP anti-malware project contributor • Interested in topic; wrote and analyzed some key-loggers, spam bombers for self amusement and educational purposes • PhD student at University of Manchester
What is malware? ● Malware, short for malicious software, is software used or created by attackers to disrupt computer operation. It gathers sensitive information or gains access to private computer systems.
How it started? • Brain.A – January 1986. Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination………… $#@%$@!!
Then it continued • Stoned -1987 • Cascade – 1987 • Form - 1990 • Omega – showing omega sign on Friday 13 • Michelangelo – 1992 • V-Sign – 1992 • Walker...
Mutation • 1992. MtE or Mutation Engine • Creating polymorph viruses, hard to detect • Author – Dark Avenger
GUI •Virus Creation Laboratory
Windows came out • WinVir – 1992 – first capable of infecting PE files • Monkey – again Master Boot Record • One_half – polymorphism, encrypting • Concept – 1995 – infecting Office files
Windows... • Laroux (X97M/Laroux) 1996. • Boza (jan 1996.) • Marburg (1998) –Wargames CD –PC Power Play CD –Slow polymorphism –After 3 months he shows:
Mail worms... • Happy99 (1998) - first mail virus • Melissa - macro virus+mail worm • LoveLetter (2001) – one of the biggest outbreak in history • Anakournikova (2001) - social engineering • Mimail (2003)
Real worms • Morris Worm (1988) – first internet worm • CodeRed (2000) – no user interaction –Spread around the globe in few hours (attacked IIS) –After 19. days lunched DoS attacks (White House)
Real worms 2 • Nimda –E-mail virus with attachment affecting Win 95, 98, Me, NT4, 2000 –Worm affecting IIS using Unicode exploit –Modifies website to offer downloading of infectious files –Uses end user machines to scan network –Can reach PC behind firewalls –Has bug that causes crashes or inability to spread
Money, money, money • In 2003, first virus was made for financial gain • Fizzer – sending spam –Attachment that takes over PC and sends spam
Malware authors
Malware authors
Getting destructive • Slapper (September 13th 2002) – Used OpenSSL vulnerability to spread. – Had backdoor that listened on port UDP2002. – Infected Linux hosts (Apache servers) • Slammer (2003) – Attacks SQL Server, – Never writes anything to HDD. – Generates traffic – Root name-servers down (5 of 13)
Getting destructive 2 • Blaster (august 2003) –Buffer overflow in DCOM RPC –SYN flood on windowsupdate.com (Aug 15 2003) –2 messages : • I just want to say LOVE YOU SAN!!soo much • billy gates why do you make this possible ? Stop making money and fix your software!! • Sasser (April 2004.) –Used buffer overflow in Local Security Authority Subsystem Service –Spread over network –Crushed infected PC in minute
Getting destructive 3
Rootkits • Sony BMG (2005) –First rootkit was created by SONY –Kelly Minogue, Ricky Martin and 50 more titles –Intention was copy protection –Hides files that stats with $sys$ –Virus writers used it to hide –Great scandal –Bad PR handling by SONY
Rootkits • Mebroot (2008) –Uses browser exploit (used Monica Beluci web site), infects MBR –Hides as rootkit –Sends keystrokes to attacker, if it crashes sends trace to attacker/creator • Conficker(2008) –Created botnet –Spread using USB, NS, LAN –9-15 million infected
Ransomware •Blackmailing (GPCode.ax - 2010)
Let the war begin • Spyware, key-loggers • Cyber espionage, industrial espionage • German police released Trojan spyware in 2010
When the war get serious • Stuxnet (2010) –Big game changer, first intended physical sabotage of industrial system –Spread over USB, used 5 exploits (4 was 0days) –When it was discovered it already did what it was made for –Kills itself on June 24th 2012. –To do something, PC has to be connected to particular PLC that is connected to particular industry
When the war get serious 2 – DuQu (September 2011) – Similar code base as Stuxnet – Used for information retrieval and espionage of victim and has a rootkit capabilities – Written in higher languages, it is believed OO C, compiled with MS Visual Studio 2008 • Flame(2012) – Can spread using USB or LAN – Can record audio, video, skype calls, network traffic, steal files(Office, PDF, txt)... – About 20MB!!! But modular, so attacker can add more modules – Written in Lua and C++ – Remotely controlled and killed – DuQu and Stuxnet had valid stolen certificate
Quick classification • Virus • Worm • Trojan horse • Malicious mobile code • Backdoor • User level rootkits • Kernel level rootkits • Combination malware
Thank you http://inspiratron.org nikola.milosevic@owasp.org @dreadknight011

Recommended

Common malware and countermeasures
Common malware and countermeasuresCommon malware and countermeasures
Common malware and countermeasures
Noushin Ahson
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware Menace
Tami Brass
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
Stavia
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
Gisha Mathyari
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Computer virus
Computer virusComputer virus
Computer virus
Shubham_Indrawat
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 

Recommended

Common malware and countermeasures
Common malware and countermeasuresCommon malware and countermeasures
Common malware and countermeasures
Noushin Ahson
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware Menace
Tami Brass
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
Stavia
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
Gisha Mathyari
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Computer virus
Computer virusComputer virus
Computer virus
Shubham_Indrawat
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
Malware
MalwareMalware
Malware
MohsinHusenManasiya
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
sandeep shergill
 
MALWARE
MALWAREMALWARE
MALWARE
Anupam Das
 
Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
Fathoni Mahardika II
 
Computer Virus and Spyware
Computer Virus and SpywareComputer Virus and Spyware
Computer Virus and Spyware
Mahamudul Hassan Niaz
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignment
ainmz
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Malwares
MalwaresMalwares
Malwares
Abolfazl Naderi
 
Computer virus
Computer virusComputer virus
Computer virus
Dikshyanta Dhungana
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
What is Spyware?
What is Spyware?What is Spyware?
What is Spyware?
cnbweg45
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
Rahman_Hussain
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virus
sharing notes123
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail
sonykhan3
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIRO
Takagi Kun
 
MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPress
FFRI, Inc.
 
Malwares
MalwaresMalwares
Malwares
JoVilsinski
 

More Related Content

What's hot

Ict Assignment
Ict AssignmentIct Assignment
Ict Assignment
ainmz
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virus
sharing notes123
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIRO
Takagi Kun
 

What's hot (20)

Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Malware
MalwareMalware
Malware
 
Malicious
MaliciousMalicious
Malicious
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
MALWARE
MALWAREMALWARE
MALWARE
 
Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
 
Computer Virus and Spyware
Computer Virus and SpywareComputer Virus and Spyware
Computer Virus and Spyware
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignment
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Malwares
MalwaresMalwares
Malwares
 
Computer virus
Computer virusComputer virus
Computer virus
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
What is Spyware?
What is Spyware?What is Spyware?
What is Spyware?
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virus
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIRO
 

Viewers also liked

Computer Malware
Computer MalwareComputer Malware
Computer Malware
aztechtchr
 

Viewers also liked (6)

MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPress
 
Malwares
MalwaresMalwares
Malwares
 
Big Data For Flight Delay Report
Big Data For Flight Delay ReportBig Data For Flight Delay Report
Big Data For Flight Delay Report
 
BIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPT
BIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPTBIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPT
BIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPT
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 

Similar to Malware

Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
NioLemuelLazatinConc
 
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEvolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
EC-Council
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Jay Beale
 

Similar to Malware (20)

Malware
MalwareMalware
Malware
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer Virus
Computer Virus Computer Virus
Computer Virus
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
Network security history
Network security historyNetwork security history
Network security history
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEvolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
Virus
Virus Virus
Virus
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
What happened on October 21
What happened on October 21What happened on October 21
What happened on October 21
 

More from Nikola Milosevic

Software Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaSoftware Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenja
Nikola Milosevic
 

More from Nikola Milosevic (20)

Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...
 
Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)
 
Veštačka inteligencija
Veštačka inteligencijaVeštačka inteligencija
Veštačka inteligencija
 
AI an the future of society
AI an the future of societyAI an the future of society
AI an the future of society
 
Machine learning prediction of stock markets
Machine learning prediction of stock marketsMachine learning prediction of stock markets
Machine learning prediction of stock markets
 
Equity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningEquity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learning
 
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
 
Extracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureExtracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literature
 
Supporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningSupporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table mining
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
 
Serbia2
Serbia2Serbia2
Serbia2
 
Table mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureTable mining and data curation from biomedical literature
Table mining and data curation from biomedical literature
 
Sentiment analysis for Serbian language
Sentiment analysis for Serbian languageSentiment analysis for Serbian language
Sentiment analysis for Serbian language
 
Http and security
Http and securityHttp and security
Http and security
 
Android business models
Android business modelsAndroid business models
Android business models
 
Android(1)
Android(1)Android(1)
Android(1)
 
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
 
Mašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuMašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jeziku
 
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
 
Software Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaSoftware Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenja
 

Recently uploaded

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 

Recently uploaded (20)

10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 

Malware

  • 1. History and Evolution of Malware Nikola Milošević nikola.milosevic@owasp.org ● @dreadknight011
  • 2. About Me • My name is Nikola Milošević • OWASP Serbia local chapter leader • OWASP Seraphimdroid project leader • OWASP anti-malware project contributor • Interested in topic; wrote and analyzed some key-loggers, spam bombers for self amusement and educational purposes • PhD student at University of Manchester
  • 3. What is malware? ● Malware, short for malicious software, is software used or created by attackers to disrupt computer operation. It gathers sensitive information or gains access to private computer systems.
  • 4. How it started? • Brain.A – January 1986. Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination………… $#@%$@!!
  • 5. Then it continued • Stoned -1987 • Cascade – 1987 • Form - 1990 • Omega – showing omega sign on Friday 13 • Michelangelo – 1992 • V-Sign – 1992 • Walker...
  • 6. Mutation • 1992. MtE or Mutation Engine • Creating polymorph viruses, hard to detect • Author – Dark Avenger
  • 8. Windows came out • WinVir – 1992 – first capable of infecting PE files • Monkey – again Master Boot Record • One_half – polymorphism, encrypting • Concept – 1995 – infecting Office files
  • 9. Windows... • Laroux (X97M/Laroux) 1996. • Boza (jan 1996.) • Marburg (1998) –Wargames CD –PC Power Play CD –Slow polymorphism –After 3 months he shows:
  • 10.
  • 11. Mail worms... • Happy99 (1998) - first mail virus • Melissa - macro virus+mail worm • LoveLetter (2001) – one of the biggest outbreak in history • Anakournikova (2001) - social engineering • Mimail (2003)
  • 12. Real worms • Morris Worm (1988) – first internet worm • CodeRed (2000) – no user interaction –Spread around the globe in few hours (attacked IIS) –After 19. days lunched DoS attacks (White House)
  • 13. Real worms 2 • Nimda –E-mail virus with attachment affecting Win 95, 98, Me, NT4, 2000 –Worm affecting IIS using Unicode exploit –Modifies website to offer downloading of infectious files –Uses end user machines to scan network –Can reach PC behind firewalls –Has bug that causes crashes or inability to spread
  • 14. Money, money, money • In 2003, first virus was made for financial gain • Fizzer – sending spam –Attachment that takes over PC and sends spam
  • 17. Getting destructive • Slapper (September 13th 2002) – Used OpenSSL vulnerability to spread. – Had backdoor that listened on port UDP2002. – Infected Linux hosts (Apache servers) • Slammer (2003) – Attacks SQL Server, – Never writes anything to HDD. – Generates traffic – Root name-servers down (5 of 13)
  • 18. Getting destructive 2 • Blaster (august 2003) –Buffer overflow in DCOM RPC –SYN flood on windowsupdate.com (Aug 15 2003) –2 messages : • I just want to say LOVE YOU SAN!!soo much • billy gates why do you make this possible ? Stop making money and fix your software!! • Sasser (April 2004.) –Used buffer overflow in Local Security Authority Subsystem Service –Spread over network –Crushed infected PC in minute
  • 20.
  • 21.
  • 22. Rootkits • Sony BMG (2005) –First rootkit was created by SONY –Kelly Minogue, Ricky Martin and 50 more titles –Intention was copy protection –Hides files that stats with $sys$ –Virus writers used it to hide –Great scandal –Bad PR handling by SONY
  • 23. Rootkits • Mebroot (2008) –Uses browser exploit (used Monica Beluci web site), infects MBR –Hides as rootkit –Sends keystrokes to attacker, if it crashes sends trace to attacker/creator • Conficker(2008) –Created botnet –Spread using USB, NS, LAN –9-15 million infected
  • 25. Let the war begin • Spyware, key-loggers • Cyber espionage, industrial espionage • German police released Trojan spyware in 2010
  • 26. When the war get serious • Stuxnet (2010) –Big game changer, first intended physical sabotage of industrial system –Spread over USB, used 5 exploits (4 was 0days) –When it was discovered it already did what it was made for –Kills itself on June 24th 2012. –To do something, PC has to be connected to particular PLC that is connected to particular industry
  • 27. When the war get serious 2 – DuQu (September 2011) – Similar code base as Stuxnet – Used for information retrieval and espionage of victim and has a rootkit capabilities – Written in higher languages, it is believed OO C, compiled with MS Visual Studio 2008 • Flame(2012) – Can spread using USB or LAN – Can record audio, video, skype calls, network traffic, steal files(Office, PDF, txt)... – About 20MB!!! But modular, so attacker can add more modules – Written in Lua and C++ – Remotely controlled and killed – DuQu and Stuxnet had valid stolen certificate
  • 28. Quick classification • Virus • Worm • Trojan horse • Malicious mobile code • Backdoor • User level rootkits • Kernel level rootkits • Combination malware