Slashdot Mirror
Future Trends of Malware
An anonymous reader writes "What are the driving forces behind the rise of malware? Who's behind it, and what tactics do they use? How are vendors responding, and what should organizations, researchers, and end users keep in mind for the upcoming future? All these questions and more are answered in the well written (MHO) Future Trends of Malware"
money.
Fry: heh, Yakov Smirnoff said it
Leela: No he didn't.
It seems like parents everywhere trust their AntiVirus to stop everything. When they get spyware, and you tell em you got to remove it, they'll retort,"Oh, just run Mcaffee". The funny part that we all know here is that there are too much malware out there for one Antivirus software to stop and they keep coming. To me, Antivirus software seems a lot like SnakeWater.
God spoke to me.
Key summary points
--------------
Malware authors update their multi-vendor anti virus signatures faster than most end users and enterprises do altogether
The high pressure put on malware authors by the experienced vendors is causing them to unite efforts and assets, and realize that it's hard to compete on their own. Yet this doesn't stop them from waging a war in between
Intellectual property theft worms have to potential to dominate in today's knowledge-driven society acting as tools for espionage
Don't matter what you always wanted to do to ecriminals, in case of a cryptoviral extortion, you'll be the one having to initiate the contact
The growing Internet population, E-commerce flow, and the demand for illegal/unethical services, would fuel the development of an Ecosystem, for anything, but legal
The "Web as a platform" is a powerful medium for malware attackers understanding the new Web
The unprecedented growth of E-commerce would always remain the main incentive for illegal activities
7.0 Conclusion
--------------
I hope that the points I have raised in this research, would prove valuable to both end users, businesses and anti-virus vendors. The Internet as a growing force shaping our ways of thinking and living is as useful, as easy to exploit as well. The clear growth in E-commerce, today's open-source nature of malware, the growing penetration of the Internet in respect to insecure connected PCs, are among the main driving factors of the scene. Do your homework and stay ahead of the threats, most of all, less branding when making security decisions, but high preferences! Please, feel free to direct your opinions, remarks, or any feedback to me, at dancho.danchev AT hush.com or at ddanchev.blogspot.com where you can directly comment on my publication. Nothing is impossible, the impossible just takes a little while!
Would it be possible, if for instance, an ISP sees a shit load of traffic from a customer's address directed at another address to start blocking that traffic? Or at the very least notifying the customer that there may something wrong. I bet just about everyone whose computer has these bots are comletely unaware. They might even bitch about how slow their connection is.
I'm already thinking of the ethical and privacy issues involved with doing that, but it would stop some of the DOS extortion.
...they forgot VoIP. Amazing oversight really. How long before someone hacks Skype and manages to insert malware code into the VoIP data stream? You place a call to someone and somewhere along the way extra data is inserted and finds its way onto your machine. I'm not that knowledgeable about VoIP's inner workings, but it seems to me that anything that allows data to be moved back and forth from your computer unfettered is a doorway for malware to be lodged on your machine.
GetOuttaMySpace - The Anti-Social Network
Horribly written, lots of (mostly) un-referenced statistics without any analysis. Rambles on without any real point. Anything groundbreaking here?
I think the british have surpassed the french in strike for holiday actions.
Wasn't it just the other day that the tube union went on strike yet again because their working day of 35 hour was too long.
It's not a great paper. A great paper would have been written clearly (and not submitted by it's author: that's how I'm interpreting the Anon's "All these questions and more are answered in the well written (MHO) Future Trends of Malware").
Malware meets so many of the deep desires of the marketing world (and the corporate world in general). It can provides market data in bulk, practically "for free" (from the company's perspective). It can provide a further degree of control over a user's computer. It can enforce DRM. It can force ads on people.
Thus, I can only conclude that the future of malware is for it to go from something created by shady companies like Gator (a.k.a. "Claria") and 419WebSolutions (or whatever) to something created (or at least branded) by "household name" companies like HP, Dell, etc. A first step towards a future in which major corporations embrace malware has already occurred; just look at all the crap Dell shovels onto their much-maligned default software installations.
With spending like this, exactly what are "conservatives" conserving?
From the article:
modular - new features are easily added to further improve its impact, want it to have P2P propagation capability, add it, want it to disseminate over IM, done.
Okay, malware can be modular - makes sense.
The lack of P2P worms is, I think, a logical consequence of the RIAA's busts around the U.S, and the global response towards P2P networks copyright infringement.
How did the author manage to come to that "logical" conclusion? How is the presence (or !presence) of malware related to the "global response... copyright infringement"?
Given today's P2P concepts, and the disruptive BitTorrent technology, it is not longer required to on purposely slow down transfers to hide the activity on a user's host.
And where the heck is he going with this??
Submitter, if this is your idea of "well written", I respectfully suggest you broaden your literary scope.
I want to drag this out as long as possible. Bring me my protractor.
It wouldn't solve everything, but it would help limit further the damage malware could do. It could access (and corrupt) the data for the particular application it suborned, but without exploiting secondary holes it couldn't do more. This would prevent, say, a hole in Firefox from allowing malware to get at your Gnucash data. It also doesn't require much any new permission-checking code, the kernel already does file-access checks anyway.
PHEM - party like it's 1997-2003!
Malicious software can make money now, that which makes money attracts sellers.
It's that simple, whereas in the past malware was mostly out of a quest for fame or percieved revenge, the malware of today is business malware, the nasty programs of old all dressed up in suit and tie and making someone filthy rich.
This problem is exacerbated by the fact that nearly everyone runs Windows XP these days and Microsoft wasn't very attentive to security when they designed it. The sheer number of critical vulnerabilities that the operating system has is mind boggling. Recently, it was stated by some firm or another that Linux had released more patches than any other OS this year. Now, aside from the obvious problem with that statement (the patches weren't patches for Linux itself but for software in common Linux distributions, which is vastly greater in number than that of a Windows installation) if you look at the things patched, they aren't terribly dangerous. They are things like "potentially vulnerable to DNS attack" or "Local user can gain partial root privileges" and such, they are not like "Someone on the other side of a planet can send you a magic packet that makes your computer their bitch permanently," which is what the vast majority of Windows vulnerabilities allow.
In short, malware has grown because malware is like any pathogen, it lies in wait until conditions are optimal for its growth and when they are it takes over quite rapidly. Remove one of its primary growth factors, and you'll slow it down. Remove more, and you'll potentially kill it.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
Its really easy to fix: don't use winders
Hi there
From my point of view, a security specialist, is that only 20-30% of the attacks on businesses and corporations are done electronicly from the outside, the rest (70-80%) are inside, mostly disgrunted employees. With the current trend of money/public focused companies treating employees like crap, all it would take is a vicious malware application to take them down.
Malware is also becoming intelligently designed, no longer the 'see-this-famous-tennis-star-naked so-I-can-use-built-in-vbs-code to-email-everyone-in-your-addressbook' stupid-is-as-stupid-does tricks. They're pointed, direct, and very very scary.
Here's to paying and treating your geek employee well!
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Could the person who called this article "well-written" be so kind as to tell me what this means? The article is filled with crap like this; I'd give it a C-, at best, as a freshman paper.
I think the ultimate future of malware will encompass biometric and RFID. Rather than key loggers, we will see biometric image capture (e.g. a scan/image capture of the user's thumbprint). Or capturing RFID patterns.
I still say purveyors and criminal users of malware should be subject to life prison sentences if not death.
Ignorance is curable, stupid is forever.
Anti Virus companies will always be slower than malware writers. The whole signature-based antivirus approach is fundamentally flawed. The solution? Either by using heuristics (could get pretty difficult), or don't allow the malware to get onto your machine in the first place. That shouldn't be too difficult, if you think about it.
With a multiuser system that actually enforces permissions, it's your fault if you click on that attachment. And the only thing that happens is you lose your home dir. I agree that using your personal data this way is much worse than losing system data, but it is also much more educating. If it happens to you once, you'll remember when you get the next suspiciously looking email. On the other hand, if your system slowly goes down due to the number of malware you have installed, you curse the vendor (M$), but you don't realise it's your own fault.
"did nobody have any right to say that Sony should not include a rootkit in the software"
You're comparing apples to oranges here. The difference with Daemon Tools is that it gives you an option to not install additional software and when you tell it no thanks that is the end of it. In the case of Sony's rootkit however there was no option to not install this extra software. The problem most people have with this is not that the software was there in the first place, but that the installer used vague wording to conceal what will actually be installed and if you told it not to install the software it did it anyway.
"Does nobody have the right to say that Microsoft Windows should be better quality?"
Yes. With your pocket book. You may be able to do the same with Daemon Tools. The author is obviously looking for some kind of compensation for untold hours of hard labor. Why not make a donation for the days, weeks, years of use you got out of it? Alternatively, as someone else suggested, why not ask the author to make a paid version instead of including extra software? Just because it's free does not make it afraid of money.
All the examples you give, and infact your entire reply, are about the right and individual has to bitch about something bad that has happened to them. And you can bitch if you're so inclined, I never said grandparent couldn't say it's a damn shame, and that he now has a different opinion of D-Tools or it's author. I was merely pointing out in my first post that Barik should be bloody grateful Daemon Tools is not as bad as any of the examples you give.
On a tangent, your Windows/OS analogy could be better served by Linux. You pay for Windows one way or another, therefore you expect, have some kind of mediocre right to receive, or atleast can acceptably demand, a level of service, maintenance or warrenty with the product. The Linux kernel on the other hand, I believe, is explicitly distributed with "absolutely no warranty, whatsoever". The quality of the product, in reality, is irrelevent to your point.
That's what they call future trends? If that's right we're pretty safe then.
What would be interesting would be malware written in popular high level scripting or bytecode languages - e.g. perl, python, lisp. These do and will run on windows - with broadband becoming widespread it doesn't take long to download and run the relevant packed perl/python/lisp executable, and such executables do have legitimate uses anyway.
You can very easily write games/utils in such languages to help them spread as trojans.
It'll be interesting to see how the AV people will cope with these.
An attacker should be able to rapidly generate multiple versions of the malware faster than the AV people can generate signatures.
The malware can search for updates and download them with the help of search engines like google (google groups) and various blog/discussion sites. They might even be able to communicate with each other via spam email.
I'm not even sure if the code signing stuff will help.
After all the initial code could be innocuous with perhaps one or two really terrible "bugs". But subsequent code could be totally different. Because with such languages once the first bit is in, fetching and executing new code isn't as hard as downloading a new executable binary (which may require passing checks by the O/S and AV software), it's just downloading/finding the correctly identified/tagged string and running the equivalent of "eval" on it. Heck, one could just blindly run a string and catch the resulting exceptions if it's not proper code.
I'm not a malware author, but I think most malware is rather primitive (esp those on windows[1]). I'm wondering how advanced the malware detection and prevention stuff really is.
[1] I guess they don't need to be very sophisticated when the users actually do stuff like help enter the right passwords to unzip the malware and then voluntarily run the payload! Even better those users usually run as admin.