The document discusses the evolution of malware from Malware 1.0 created by bored kids to Malware 2.0 created by organized criminal groups for monetary gain. It outlines how groups discover and sell exploits, develop and sell malware, host exploits/malware, sell stolen data, and use the stolen data. It also discusses how infection vectors have changed from file replication to exploits and social engineering. Modern malware distribution techniques like iframes, malvertisements, and social media/website redirection are highlighted.

1. MALWARE 2.0
Shane Ochotny

2. TYPES OF MALWARE
Worms Exploits
Trojans
Adware
Spyware
Keyloggers
Viruses
Dialers
Rootkits
Rogue

3. STATISTICS
TREND MICRO UNIQUE THREAT GROWTH
20,000,000
15,000,000
10,000,000
5,000,000
0
2005 2006 2007 2008

4. STATISTICS
TREND MICRO UNIQUE THREAT GROWTH
20,000,000
15,000,000
10,000,000
5,000,000
0
2005 2006 2007 2008

5. MALWARE 1.0

6. BORED KIDS
80’s - 90’s

7. INFECTION VECTORS
File Replication

8. MALWARE 2.0

9. ORGANIZED CRIME
Groups Discovering and Selling Exploits
Developing and Selling Malware
Hosting Exploits and Malware
Selling the Stolen Data
Using the Stolen Data

10. ORGANIZED CRIME
Discovering and Selling Exploits
Groups Developing and Selling Malware
Hosting Exploits and Malware
Selling the Stolen Data
Using the Stolen Data

11. ORGANIZED CRIME
Discovering and Selling Exploits
Developing and Selling Malware
Groups Hosting Exploits and Malware
Selling the Stolen Data
Using the Stolen Data

12. ORGANIZED CRIME
Discovering and Selling Exploits
Developing and Selling Malware
Hosting Exploits and Malware
Groups Selling the Stolen Data
Using the Stolen Data

13. ORGANIZED CRIME
Discovering and Selling Exploits
Developing and Selling Malware
Hosting Exploits and Malware
Selling the Stolen Data
Groups Using the Stolen Data

14. MONETARY GAIN

15. MONEY HOW?
Bank Accounts
Authentication Credentials
Credit Card Numbers Send Spam Emails
DDoS Address Book Contacts
Social Security Numbers Screenshots
Recent Websites
Keystrokes DNS Redirect

16. INFECTION VECTORS
Exploits
Social Engineering

17. REACHING THE USERS

18. IFRAMES

19. MALVERTIZEMENTS

20. REDIRECTION
MySpace IFrame Bad Website
MySpace Malvertizement Bad Website

21. REDIRECTION
MySpace IFrame Bad Website
MySpace Malvertizement Bad Website

22. REDIRECTION
MySpace IFrame Bad Website
MySpace Malvertizement Bad Website

23. REDIRECTION
MySpace IFrame Bad Website
MySpace Malvertizement Bad Website

24. REDIRECTION
MySpace IFrame Bad Website
MySpace Malvertizement Bad Website

25. REDIRECTION
MySpace IFrame Bad Website
MySpace Malvertizement Bad Website

26. HIGH PROFILE WEBSITES

27. EXPLOITS
TAKE ADVANTAGE OF SOFTWARE VULNERABILITIES
No User Interaction
No Downloading Accidentally
No User Knowledge

28. SOCIAL ENGINEERING
TAKES ADVANTAGE OF USER VULNERABILITIES

29. SOCIAL ENGINEERING
TAKES ADVANTAGE OF USER VULNERABILITIES

30. SOCIAL ENGINEERING
TAKES ADVANTAGE OF USER VULNERABILITIES

31. SOCIAL ENGINEERING
TAKES ADVANTAGE OF USER VULNERABILITIES

32. MALWARE SOURCES
THREATEXPERT.COM
Canada United Kingdom Russia
0.67% 6.17% 22.29%
United States
6.42% China
32.07%
Africa
0.17%
Brazil
6.92%

33. WHY BARCAMP?

34. SOCIAL THREATS
Facebook
MySpace
YouTube
Twitter
Instant Messaging

35. FACEBOOK

36. MYSPACE
JULY 2006

37. YOUTUBE

38. TWITTER

39. INSTANT MESSAGING

40. Network Anti-Malware
Passive on the Network
No Client Software

41. MALWARE SOURCES
THREATEXPERT.COM
Canada United Kingdom Russia
0.67% 6.17% 22.29%
United States
6.42% China
32.07%
Africa
0.17%
Brazil
6.92%

42. MALWARE 2.0
Shane Ochotny