Slashdot Mirror

← Back to Stories (view on slashdot.org)

Future Trends of Malware

Posted by CmdrTaco on from the something-to-read dept.

An anonymous reader writes "What are the driving forces behind the rise of malware? Who's behind it, and what tactics do they use? How are vendors responding, and what should organizations, researchers, and end users keep in mind for the upcoming future? All these questions and more are answered in the well written (MHO) Future Trends of Malware"

14 of 179 comments (clear)

  1. 56% increase in trust in AntiVirus by CrazyJim1 · · Score: 5, Insightful

    It seems like parents everywhere trust their AntiVirus to stop everything. When they get spyware, and you tell em you got to remove it, they'll retort,"Oh, just run Mcaffee". The funny part that we all know here is that there are too much malware out there for one Antivirus software to stop and they keep coming. To me, Antivirus software seems a lot like SnakeWater.

    --
    God spoke to me.
    1. Re:56% increase in trust in AntiVirus by igb · · Score: 4, Interesting
      I'm not quite sure what `parents' has to do with it. A huge proportion of the population, with or without children, falls into one of three categories:
      • They don't know spyware or viruses from a hole in the ground, and they either re-install or buy a new computer every time their machine gets too slow
      • OR they believe their firewall and/or AV product is total protection, and they convince themselves that their machine isn't slow and isn't behaving badly, even when it it
      • OR they simply accept that computers are shit and tolerate it running badly.
      A certain sort of quasi-autistic geek then makes snotty comments and plays ``blame the victim'' by pointing out all the measures that the victim could have taken. The real solutions are:
      • For operating system vendors to sort out their problems. Oh, OK, for one particular OS vendor to sort out its problems.
      • For law enforcement to stop treating the perpetrators as cute kids, and actually do something serious about the issue.
      Blaming the victim just isn't on. `We' (ie people who provide computer and telecommunication services) sold them a machine. It's up to us to make sure it behaves reasonably. There's an ``Unsafe at Any Speed'' brewing, if but we could see it.

      ian

  2. The goggles do nothing. by orthogonal · · Score: 5, Funny

    I'm sure it's a great paper. But when it's presented as black and sky blue text on a purple background, reading it is almost like having my eyes infected with malware.

    --
    Opinions on the Twiddler2 hand-held keyboard?
  3. Key summary points and conclusion by millwall · · Score: 5, Insightful

    Key summary points
    --------------
    Malware authors update their multi-vendor anti virus signatures faster than most end users and enterprises do altogether

    The high pressure put on malware authors by the experienced vendors is causing them to unite efforts and assets, and realize that it's hard to compete on their own. Yet this doesn't stop them from waging a war in between

    Intellectual property theft worms have to potential to dominate in today's knowledge-driven society acting as tools for espionage

    Don't matter what you always wanted to do to ecriminals, in case of a cryptoviral extortion, you'll be the one having to initiate the contact

    The growing Internet population, E-commerce flow, and the demand for illegal/unethical services, would fuel the development of an Ecosystem, for anything, but legal

    The "Web as a platform" is a powerful medium for malware attackers understanding the new Web

    The unprecedented growth of E-commerce would always remain the main incentive for illegal activities

    7.0 Conclusion
    --------------

    I hope that the points I have raised in this research, would prove valuable to both end users, businesses and anti-virus vendors. The Internet as a growing force shaping our ways of thinking and living is as useful, as easy to exploit as well. The clear growth in E-commerce, today's open-source nature of malware, the growing penetration of the Internet in respect to insecure connected PCs, are among the main driving factors of the scene. Do your homework and stay ahead of the threats, most of all, less branding when making security decisions, but high preferences! Please, feel free to direct your opinions, remarks, or any feedback to me, at dancho.danchev AT hush.com or at ddanchev.blogspot.com where you can directly comment on my publication. Nothing is impossible, the impossible just takes a little while!

  4. Exclamation Replication! by digitaldc · · Score: 5, Funny

    I counted 45! exclamation points in that article!

    Now after reading it, I have become so depressed that I have decided not to connect my computer to the internet ever again!!!

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  5. Is this a college paper? by kook44 · · Score: 4, Insightful

    Horribly written, lots of (mostly) un-referenced statistics without any analysis. Rambles on without any real point. Anything groundbreaking here?

  6. One word: Legitimization. by Caspian · · Score: 4, Insightful

    Malware meets so many of the deep desires of the marketing world (and the corporate world in general). It can provides market data in bulk, practically "for free" (from the company's perspective). It can provide a further degree of control over a user's computer. It can enforce DRM. It can force ads on people.

    Thus, I can only conclude that the future of malware is for it to go from something created by shady companies like Gator (a.k.a. "Claria") and 419WebSolutions (or whatever) to something created (or at least branded) by "household name" companies like HP, Dell, etc. A first step towards a future in which major corporations embrace malware has already occurred; just look at all the crap Dell shovels onto their much-maligned default software installations.

    --
    With spending like this, exactly what are "conservatives" conserving?
    1. Re:One word: Legitimization. by Caspian · · Score: 5, Insightful

      Oh yes, I almost forgot! Another word: "Sony". Their rootkit is the future. Sure, people bitch now, but in time, the companies will either find a "compromise" solution that infuriates people less (for instance, a rootkit without horrific security flaws), or simply establish rootkits and other malware as the "industry standard", critics (read: angry geeks) be damned.

      --
      With spending like this, exactly what are "conservatives" conserving?
  7. P2P worms? by sczimme · · Score: 4, Insightful


    From the article:

    modular - new features are easily added to further improve its impact, want it to have P2P propagation capability, add it, want it to disseminate over IM, done.

    Okay, malware can be modular - makes sense.

    The lack of P2P worms is, I think, a logical consequence of the RIAA's busts around the U.S, and the global response towards P2P networks copyright infringement.

    How did the author manage to come to that "logical" conclusion? How is the presence (or !presence) of malware related to the "global response... copyright infringement"?

    Given today's P2P concepts, and the disruptive BitTorrent technology, it is not longer required to on purposely slow down transfers to hide the activity on a user's host.

    And where the heck is he going with this??

    Submitter, if this is your idea of "well written", I respectfully suggest you broaden your literary scope.

    --
    I want to drag this out as long as possible. Bring me my protractor.
  8. What if we sandbox major apps like browsers? by Dr.+Manhattan · · Score: 4, Insightful
    We already put servers in their own groups (e.g. an httpd running as "www-data" or something). What if we made similar limitations for user-level apps. Something like this.

    user1 is member of group "users" and "user1group", "user1Firefoxgroup", etc.

    Firefox is user "user1Firefox" and a member of "user1group" and "user1Firefoxgroup".

    Thunderbird is user "user1Thunderbird" and a member of "user1group" and "user1Thunderbirdgroup".

    In /home/user1 is a directory called "protected_applications" owned by user1:user1group with "rwxr-x---" permission. General config information common to all apps goes in here, probably only readable, not writable, by "user1group". Below it are subdirectories like "Firefox" (owned by "user1Firefox:user1Firefoxgroup" with permissions "rwxrwx---". Maybe some sticky bits set.

    This way the apps can only write to and read from their own little subdirectory tree, and not any of the others, but the main user can read and write to any of the subdirectories.

    It wouldn't solve everything, but it would help limit further the damage malware could do. It could access (and corrupt) the data for the particular application it suborned, but without exploiting secondary holes it couldn't do more. This would prevent, say, a hole in Firefox from allowing malware to get at your Gnucash data. It also doesn't require much any new permission-checking code, the kernel already does file-access checks anyway.

    --
    PHEM - party like it's 1997-2003!
  9. Seems kind of pointless... by Nephroth · · Score: 4, Insightful
    They put an an awful lot of effort into saying something that could be summed up in just a few words:

    Malicious software can make money now, that which makes money attracts sellers.

    It's that simple, whereas in the past malware was mostly out of a quest for fame or percieved revenge, the malware of today is business malware, the nasty programs of old all dressed up in suit and tie and making someone filthy rich.

    This problem is exacerbated by the fact that nearly everyone runs Windows XP these days and Microsoft wasn't very attentive to security when they designed it. The sheer number of critical vulnerabilities that the operating system has is mind boggling. Recently, it was stated by some firm or another that Linux had released more patches than any other OS this year. Now, aside from the obvious problem with that statement (the patches weren't patches for Linux itself but for software in common Linux distributions, which is vastly greater in number than that of a Windows installation) if you look at the things patched, they aren't terribly dangerous. They are things like "potentially vulnerable to DNS attack" or "Local user can gain partial root privileges" and such, they are not like "Someone on the other side of a planet can send you a magic packet that makes your computer their bitch permanently," which is what the vast majority of Windows vulnerabilities allow.

    In short, malware has grown because malware is like any pathogen, it lies in wait until conditions are optimal for its growth and when they are it takes over quite rapidly. Remove one of its primary growth factors, and you'll slow it down. Remove more, and you'll potentially kill it.

    --
    Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
  10. Malware is becoming dangerous by Mr.Fork · · Score: 4, Insightful

    From my point of view, a security specialist, is that only 20-30% of the attacks on businesses and corporations are done electronicly from the outside, the rest (70-80%) are inside, mostly disgrunted employees. With the current trend of money/public focused companies treating employees like crap, all it would take is a vicious malware application to take them down.

    Malware is also becoming intelligently designed, no longer the 'see-this-famous-tennis-star-naked so-I-can-use-built-in-vbs-code to-email-everyone-in-your-addressbook' stupid-is-as-stupid-does tricks. They're pointed, direct, and very very scary.

    Here's to paying and treating your geek employee well!

    --
    Management is doing things right; leadership is doing the right things. - Peter F. Drucker
    1. Re:Malware is becoming dangerous by WhiteWolf666 · · Score: 4, Funny

      Malware is also becoming intelligently designed

      Are you sure its not evolving?

      Ba-duh-chick!

      --
      WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  11. Categories by goal by G4from128k · · Score: 4, Interesting
    Malware can be categorized by the goal of the creator. This can include:
    1. Marketing: Redirecting browser windows or overlaying pop-ups to promote a product or service
    2. Phishing: attacking an individual to extract passwords that let a criminal access the victim's accounts or identity
    3. Vandalism: Wanton destruction of a PC or network
    4. Spam Broadcasting: creating and controlling a botnet for spamming
    5. Extortion: Forcing a company to pay a ransom to avoid a DDoS or the triggering of an embedded bit of malware.
    6. Vilgilantism: Attacking P2P, spamming, or phishing networks to forestall perceived illegal activity
    7. Espionage: Illegally accessing company or country's secrets
    8. Military: Damaging an opponent country's IT infrastructure

    Note that some of these goals target individuals and their PCs whereas other target larger organizations. One key commonality of nearly all of the goals is that they target large numbers of PCs or require large numbers of infected machines to achieve the goal. Thus immunological approaches that look for the spread of unusual code or data packet patterns can help address this problem. On the other hand, immunological approaches won't work if the malware attack targets a single individual or company -- e.g. implanting a unique virus in one computer in a company for purposes of espionage or extortion.

    Note that half of the goals are very different from the stereotypical destructive virus or worm of yesteryear. With the exception of vandalism, extortion, vigilantism, and military, the other goals are essentially non-destructive. The malware creator's goals are not achieved if the malware crashes the target machine.
    --
    Two wrongs don't make a right, but three lefts do.