Slashdot Mirror
Future Trends of Malware
An anonymous reader writes "What are the driving forces behind the rise of malware? Who's behind it, and what tactics do they use? How are vendors responding, and what should organizations, researchers, and end users keep in mind for the upcoming future? All these questions and more are answered in the well written (MHO) Future Trends of Malware"
It seems like parents everywhere trust their AntiVirus to stop everything. When they get spyware, and you tell em you got to remove it, they'll retort,"Oh, just run Mcaffee". The funny part that we all know here is that there are too much malware out there for one Antivirus software to stop and they keep coming. To me, Antivirus software seems a lot like SnakeWater.
God spoke to me.
I'm sure it's a great paper. But when it's presented as black and sky blue text on a purple background, reading it is almost like having my eyes infected with malware.
Opinions on the Twiddler2 hand-held keyboard?
Key summary points
--------------
Malware authors update their multi-vendor anti virus signatures faster than most end users and enterprises do altogether
The high pressure put on malware authors by the experienced vendors is causing them to unite efforts and assets, and realize that it's hard to compete on their own. Yet this doesn't stop them from waging a war in between
Intellectual property theft worms have to potential to dominate in today's knowledge-driven society acting as tools for espionage
Don't matter what you always wanted to do to ecriminals, in case of a cryptoviral extortion, you'll be the one having to initiate the contact
The growing Internet population, E-commerce flow, and the demand for illegal/unethical services, would fuel the development of an Ecosystem, for anything, but legal
The "Web as a platform" is a powerful medium for malware attackers understanding the new Web
The unprecedented growth of E-commerce would always remain the main incentive for illegal activities
7.0 Conclusion
--------------
I hope that the points I have raised in this research, would prove valuable to both end users, businesses and anti-virus vendors. The Internet as a growing force shaping our ways of thinking and living is as useful, as easy to exploit as well. The clear growth in E-commerce, today's open-source nature of malware, the growing penetration of the Internet in respect to insecure connected PCs, are among the main driving factors of the scene. Do your homework and stay ahead of the threats, most of all, less branding when making security decisions, but high preferences! Please, feel free to direct your opinions, remarks, or any feedback to me, at dancho.danchev AT hush.com or at ddanchev.blogspot.com where you can directly comment on my publication. Nothing is impossible, the impossible just takes a little while!
Would it be possible, if for instance, an ISP sees a shit load of traffic from a customer's address directed at another address to start blocking that traffic? Or at the very least notifying the customer that there may something wrong. I bet just about everyone whose computer has these bots are comletely unaware. They might even bitch about how slow their connection is.
I'm already thinking of the ethical and privacy issues involved with doing that, but it would stop some of the DOS extortion.
... you know, my Uncle Jim used to say that a lot of problems in the world could be solved with a .22 to the back of the head...
... elipses...
I counted 45! exclamation points in that article!
Now after reading it, I have become so depressed that I have decided not to connect my computer to the internet ever again!!!
He who knows best knows how little he knows. - Thomas Jefferson
...they forgot VoIP. Amazing oversight really. How long before someone hacks Skype and manages to insert malware code into the VoIP data stream? You place a call to someone and somewhere along the way extra data is inserted and finds its way onto your machine. I'm not that knowledgeable about VoIP's inner workings, but it seems to me that anything that allows data to be moved back and forth from your computer unfettered is a doorway for malware to be lodged on your machine.
GetOuttaMySpace - The Anti-Social Network
Horribly written, lots of (mostly) un-referenced statistics without any analysis. Rambles on without any real point. Anything groundbreaking here?
Malware meets so many of the deep desires of the marketing world (and the corporate world in general). It can provides market data in bulk, practically "for free" (from the company's perspective). It can provide a further degree of control over a user's computer. It can enforce DRM. It can force ads on people.
Thus, I can only conclude that the future of malware is for it to go from something created by shady companies like Gator (a.k.a. "Claria") and 419WebSolutions (or whatever) to something created (or at least branded) by "household name" companies like HP, Dell, etc. A first step towards a future in which major corporations embrace malware has already occurred; just look at all the crap Dell shovels onto their much-maligned default software installations.
With spending like this, exactly what are "conservatives" conserving?
Greed? You mean the selfless devotion of time to a project that no one will pay you for?
From the article:
modular - new features are easily added to further improve its impact, want it to have P2P propagation capability, add it, want it to disseminate over IM, done.
Okay, malware can be modular - makes sense.
The lack of P2P worms is, I think, a logical consequence of the RIAA's busts around the U.S, and the global response towards P2P networks copyright infringement.
How did the author manage to come to that "logical" conclusion? How is the presence (or !presence) of malware related to the "global response... copyright infringement"?
Given today's P2P concepts, and the disruptive BitTorrent technology, it is not longer required to on purposely slow down transfers to hide the activity on a user's host.
And where the heck is he going with this??
Submitter, if this is your idea of "well written", I respectfully suggest you broaden your literary scope.
I want to drag this out as long as possible. Bring me my protractor.
It wouldn't solve everything, but it would help limit further the damage malware could do. It could access (and corrupt) the data for the particular application it suborned, but without exploiting secondary holes it couldn't do more. This would prevent, say, a hole in Firefox from allowing malware to get at your Gnucash data. It also doesn't require much any new permission-checking code, the kernel already does file-access checks anyway.
PHEM - party like it's 1997-2003!
Malicious software can make money now, that which makes money attracts sellers.
It's that simple, whereas in the past malware was mostly out of a quest for fame or percieved revenge, the malware of today is business malware, the nasty programs of old all dressed up in suit and tie and making someone filthy rich.
This problem is exacerbated by the fact that nearly everyone runs Windows XP these days and Microsoft wasn't very attentive to security when they designed it. The sheer number of critical vulnerabilities that the operating system has is mind boggling. Recently, it was stated by some firm or another that Linux had released more patches than any other OS this year. Now, aside from the obvious problem with that statement (the patches weren't patches for Linux itself but for software in common Linux distributions, which is vastly greater in number than that of a Windows installation) if you look at the things patched, they aren't terribly dangerous. They are things like "potentially vulnerable to DNS attack" or "Local user can gain partial root privileges" and such, they are not like "Someone on the other side of a planet can send you a magic packet that makes your computer their bitch permanently," which is what the vast majority of Windows vulnerabilities allow.
In short, malware has grown because malware is like any pathogen, it lies in wait until conditions are optimal for its growth and when they are it takes over quite rapidly. Remove one of its primary growth factors, and you'll slow it down. Remove more, and you'll potentially kill it.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
My God, the grammatical errors in that paper are painful. Is a paper displaying such an appalling lack of quality really worthy of the attention of hundreds of thousands of SlashDot geeks?
With spending like this, exactly what are "conservatives" conserving?
Its really easy to fix: don't use winders
Hi there
From my point of view, a security specialist, is that only 20-30% of the attacks on businesses and corporations are done electronicly from the outside, the rest (70-80%) are inside, mostly disgrunted employees. With the current trend of money/public focused companies treating employees like crap, all it would take is a vicious malware application to take them down.
Malware is also becoming intelligently designed, no longer the 'see-this-famous-tennis-star-naked so-I-can-use-built-in-vbs-code to-email-everyone-in-your-addressbook' stupid-is-as-stupid-does tricks. They're pointed, direct, and very very scary.
Here's to paying and treating your geek employee well!
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Could the person who called this article "well-written" be so kind as to tell me what this means? The article is filled with crap like this; I'd give it a C-, at best, as a freshman paper.
Note that some of these goals target individuals and their PCs whereas other target larger organizations. One key commonality of nearly all of the goals is that they target large numbers of PCs or require large numbers of infected machines to achieve the goal. Thus immunological approaches that look for the spread of unusual code or data packet patterns can help address this problem. On the other hand, immunological approaches won't work if the malware attack targets a single individual or company -- e.g. implanting a unique virus in one computer in a company for purposes of espionage or extortion.
Note that half of the goals are very different from the stereotypical destructive virus or worm of yesteryear. With the exception of vandalism, extortion, vigilantism, and military, the other goals are essentially non-destructive. The malware creator's goals are not achieved if the malware crashes the target machine.
Two wrongs don't make a right, but three lefts do.
I think the ultimate future of malware will encompass biometric and RFID. Rather than key loggers, we will see biometric image capture (e.g. a scan/image capture of the user's thumbprint). Or capturing RFID patterns.
I still say purveyors and criminal users of malware should be subject to life prison sentences if not death.
Ignorance is curable, stupid is forever.
Anti Virus companies will always be slower than malware writers. The whole signature-based antivirus approach is fundamentally flawed. The solution? Either by using heuristics (could get pretty difficult), or don't allow the malware to get onto your machine in the first place. That shouldn't be too difficult, if you think about it.
With a multiuser system that actually enforces permissions, it's your fault if you click on that attachment. And the only thing that happens is you lose your home dir. I agree that using your personal data this way is much worse than losing system data, but it is also much more educating. If it happens to you once, you'll remember when you get the next suspiciously looking email. On the other hand, if your system slowly goes down due to the number of malware you have installed, you curse the vendor (M$), but you don't realise it's your own fault.
So (for example) did nobody have any right to say that Sony should not include a rootkit in the software on their CDs? Does nobody have the right to say that Microsoft Windows should be better quality? If some software destroyed your hard disk, would you just say "it's a blessing that I could have chosen not to install it"?
> when the author suddenly decides that free doesn't pay the bills
I don't think he decided it as much as he *realised* it.
So far, malware has been treated as an IT/commercial problem (which is what this article does), but it has become so pervasive and costly that it is also now a political problem. The barely fettered growth of malware - its sheer scale, organization and the amounts of money involved - raises a lot of questions about privacy, international cooperation and what to do about the internet itself. I don't think it's something that the IT industry can tackle on its own. You can have as much protection as you like, but so long as malware outfits can slip through 1001 transnational loopholes and exploit safe-haven jurisdictions there will always be a serious problem.
.ru or .ro can apparently do what they like, and some notorious spammers and phishers remain on Top 50 lists for years without anyone so much as slapping their wrist. In previous centuries, the whole thing was called "piracy" and states tackled it with, erm, "extreme prejudice". Sometimes, I feel they may have been on to something.
I don't pretend to know the answers, but waving a copy of Norton Internet Security at the bad boys isn't it, for sure. Perhaps there is an element of deliberate wimping out going on here. The IT industry doesn't want to admit it cannot solve things alone, because it doesn't want politicians and regulators muscling in. And politicians like to pretend that malware is purely an IT problem because they don't want the headache of involvement in sorting out the mess.
As one result, perhaps, domains ending in letters like
Las qué passoun
tournoun pas maï
"did nobody have any right to say that Sony should not include a rootkit in the software"
You're comparing apples to oranges here. The difference with Daemon Tools is that it gives you an option to not install additional software and when you tell it no thanks that is the end of it. In the case of Sony's rootkit however there was no option to not install this extra software. The problem most people have with this is not that the software was there in the first place, but that the installer used vague wording to conceal what will actually be installed and if you told it not to install the software it did it anyway.
"Does nobody have the right to say that Microsoft Windows should be better quality?"
Yes. With your pocket book. You may be able to do the same with Daemon Tools. The author is obviously looking for some kind of compensation for untold hours of hard labor. Why not make a donation for the days, weeks, years of use you got out of it? Alternatively, as someone else suggested, why not ask the author to make a paid version instead of including extra software? Just because it's free does not make it afraid of money.
money
Look, money is a perfectly fine motivation for script kiddies and Nigerian scam artists and ex-KGB Russian/Ukrainian mafiosi.
But there's an outfit sitting behind a router in the PRC that has a different motivation; something along the lines of "Geopolitical World Dominance":
It's kinda like the board game "Risk", only this is the real McCoy.All the examples you give, and infact your entire reply, are about the right and individual has to bitch about something bad that has happened to them. And you can bitch if you're so inclined, I never said grandparent couldn't say it's a damn shame, and that he now has a different opinion of D-Tools or it's author. I was merely pointing out in my first post that Barik should be bloody grateful Daemon Tools is not as bad as any of the examples you give.
On a tangent, your Windows/OS analogy could be better served by Linux. You pay for Windows one way or another, therefore you expect, have some kind of mediocre right to receive, or atleast can acceptably demand, a level of service, maintenance or warrenty with the product. The Linux kernel on the other hand, I believe, is explicitly distributed with "absolutely no warranty, whatsoever". The quality of the product, in reality, is irrelevent to your point.
Yes, it does annoy me that much. If an author is willing to include spyware in the first place, what else are they willing to do with their software? When you download a piece of software, you expect that software, and not random bundles of non-related software.
You are correct that I have no right to say what the author can and cannot do. I can simply choose not to use the software anymore, which I have done. And in this case, since it for corporate use, I can vote with my wallet as well.
Titus Barik
That's what they call future trends? If that's right we're pretty safe then.
What would be interesting would be malware written in popular high level scripting or bytecode languages - e.g. perl, python, lisp. These do and will run on windows - with broadband becoming widespread it doesn't take long to download and run the relevant packed perl/python/lisp executable, and such executables do have legitimate uses anyway.
You can very easily write games/utils in such languages to help them spread as trojans.
It'll be interesting to see how the AV people will cope with these.
An attacker should be able to rapidly generate multiple versions of the malware faster than the AV people can generate signatures.
The malware can search for updates and download them with the help of search engines like google (google groups) and various blog/discussion sites. They might even be able to communicate with each other via spam email.
I'm not even sure if the code signing stuff will help.
After all the initial code could be innocuous with perhaps one or two really terrible "bugs". But subsequent code could be totally different. Because with such languages once the first bit is in, fetching and executing new code isn't as hard as downloading a new executable binary (which may require passing checks by the O/S and AV software), it's just downloading/finding the correctly identified/tagged string and running the equivalent of "eval" on it. Heck, one could just blindly run a string and catch the resulting exceptions if it's not proper code.
I'm not a malware author, but I think most malware is rather primitive (esp those on windows[1]). I'm wondering how advanced the malware detection and prevention stuff really is.
[1] I guess they don't need to be very sophisticated when the users actually do stuff like help enter the right passwords to unzip the malware and then voluntarily run the payload! Even better those users usually run as admin.
Has anybody looked into the idea that companies (such as pharmaceutical marketers) are paying Microsoft to not fix vulnerabilities? This is something that I've wondered about often, but never read anything about. A "Halloween Document" on this would be very interesting...
A lot of users have asked me over the years if Microsoft is paid by antivirus companies not to fix vulnerabilities. This is apparently an easy leap of logic for the most untechnical folks. We know that pharmaceutical marketers are using bots to crawl and reap email addresses, as the Perl developer that tried to blow the whistle on them last year had his computers confiscated by the cops, who were sent by his employer to ensure a cover-up (stop their ex-employee from publishing company secrets using some kind of Industrial Espionage legislation). Sigh.
If fingerprints ever start being widely used, muggers will just hit you over the head and cut off your fingers. They can check to see if you have a bank account later. If you think that there are not plenty of people that would cut your fingers off for the chance of a couple of hundred dollars, you are sadly mistaken, and a danger to the rest of society.