DOCSLIB.ORG

Malware History.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Malware History.Pdf Malware History Malware History Table of Contents Malware History ................................................................................................................................................ 1 Table of Contents ............................................................................................................................................. 1 Table of Figures ................................................................................................................................................. 4 Revision History ................................................................................................................................................. 4 Disclaimer .......................................................................................................................................................... 5 Introduction ....................................................................................................................................................... 6 What Malware Really Is ................................................................................................................................. 6 Spreading Malware – A Business that Brings Billions.................................................................................... 6 Types of Malware .............................................................................................................................................. 7 1. Viruses ................................................................................................................................................... 7 2. Worms and Mass-Mailers ..................................................................................................................... 7 3. Trojan Horses ......................................................................................................................................... 8 4. Backdoors ............................................................................................................................................ 11 5. Exploits ................................................................................................................................................ 11 6. Rootkits ................................................................................................................................................ 12 7. Spyware ............................................................................................................................................... 12 8. Adware ................................................................................................................................................ 13 9. Phishing ............................................................................................................................................... 13 Malware History .............................................................................................................................................. 14 Pre-History: From Innocent Pranks to Widespread Infections ................................................................... 14 Duality: The Anti-Virus Virus ....................................................................................................................... 15 The Seventies: Computer Games That Spell Disaster ................................................................................. 15 The Eighties: Experimenting with Malice .................................................................................................... 17 Worms Start Biting from the Apple ......................................................................................................... 17 Vienna: Actively Fighting Malware Threats ............................................................................................. 19 Security Experts Start Looking for the Antidote ...................................................................................... 21 The NSA versus Morris: $100 Million in Damage .................................................................................... 23 The Nineties: Malware Creators Start Building Communities .................................................................... 27 From Michelangelo to Self-Mutating Engine .......................................................................................... 30 New Removable Media gives Malware a Boost ...................................................................................... 33 2 The contents of this document is © 2008-2010 BitDefender. All Rights Reserved! 2 Malware History The Modern Ages: Y2K and the Digital Apocalypse .................................................................................... 43 2001: the Year of the Worm .................................................................................................................... 47 2003 - Sobig and the Botnet .................................................................................................................... 50 2004 – Google Draws the Curtains .......................................................................................................... 51 2005 – The Sony BMG Scandal ................................................................................................................ 52 2006 – MacOS X Rides On the Trojan Horse ........................................................................................... 53 2007 – Malware Takes the World by Storm ............................................................................................ 55 2008 – The Emergence of Rogue Antivirus Software .............................................................................. 55 2009 – The Downadup Invasion .............................................................................................................. 61 2010 – New Security Risks Lurking: Ransomware and P2P Worms ........................................................ 63 Future Outlook ................................................................................................................................................ 67 Appendix .......................................................................................................................................................... 69 How to Tell if You Got Infected? ................................................................................................................. 69 Additional reading ........................................................................................................................................... 71 3 The contents of this document is © 2008-2010 BitDefender. All Rights Reserved! 3 Malware History Table of Figures The Virus Making Laboratory was an extremely popular utility that allowed newbie malware creators to spawn new viruses without having to write any code. ........................................................................................................................ 32 Virus generating applications gain popularity among less skillful malware developers. ................................................. 36 The Koobface CAPTHCA breaker ....................................................................................................................................... 58 Rogue AV trying to scare users into purchasing a "license" ............................................................................................. 59 Win32.Xorer.EK - a virus that prepends its body to the host application ......................................................................... 64 Error message thrown before the MBR destruction ......................................................................................................... 65 The Elk Cloner virus would display a poem as part of its payload. ................................................................................... 17 The Cascade virus forced text to be displayed on the bottom side of the window, simulating a waterfall. ..................... 20 the Denzuko.A virus would display its logo when users would attempt to perform an Alt+Ctrl+Del reboot. ................... 23 On each September 22nd, the Frodo virus would display the "FRODO LIVES" message in caps ........................................ 26 Initially designed as a remote access tool, the BackOrifice utility was mostly use by hackers to seize control over victims’ computers. ........................................................................................................................................................... 39 Melissa was one of the fastest-spreading mail worms ever ............................................................................................. 40 The Netbus 2 Pro utility was able to infect even NT-based operating systems. ............................................................... 41 The Kakworm exploited the same IE security loophole as the Bubbleboy VBS script. ...................................................... 42 The LoveLetter worm took advantage of users’ curiosity in order to infect hosts and spread to other computers. ........ 44 Sircam would infect .doc and .xls files, and then it would send them as attachments to miscellaneous addresses. ....... 48 In order to prevent users from unwillingly running malicious attachments, many e-mail clients block potentially unsafe attachments.....................................................................................................................................................................
Load more

Recommended publications
  • Hackers Hit Supermarket Self-Checkout Lanes, Steal Money
    December 15, 2011 INSIDE THIS ISSUE Hackers Hit Supermarket Self-Checkout Lanes, Steal Hackers Hit Supermarket Self- Money from Shoppers Checkout Lanes, Steal Money Ars Technica from Shoppers Microsoft's New Windows Criminals have tampered with the credit and debit card readers at self-checkout Defender Tool Runs Outside lanes in more than 20 supermarkets operated by a [U.S.] California chain, Windows allowing them to steal money from shoppers who used the compromised machines. The chain, Lucky Supermarkets, which is owned by Save Mart, is now inspecting the rest of its 234 stores in northern California and northern Nevada MICROSOFT and urging customers who used self-checkout lanes to close their bank and credit RESOURCES card accounts. Microsoft Security Home Related reading: Magnetic Strip Technology in Our Credit Cards Facilitates Fraud. Microsoft Trustworthy Computing Analysis: Microsoft Security Sites It is the holiday season so it seemed appropriate to report on security stories Worldwide affecting shoppers. Stories about electronic skimmers and identity theft are definitely not something new in our world today — as a matter of fact they are a daily occurrence. The availability of credit card skimmers for a really cheap price and the profit made when an identity is sold make this a very lucrative business. In the current economy people seem to be using this business model to earn extra money as indicated by these stories on the FBI [U.S. Federal Bureau of Investigation] website. While it is important to be extra careful about packages being stolen from your doorstep during the holidays, it pays to be extra vigilant about your credit card information and identity as well.
    [Show full text]
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information
    [Show full text]
  • Undergraduate Report
    UNDERGRADUATE REPORT Attack Evolution: Identifying Attack Evolution Characteristics to Predict Future Attacks by MaryTheresa Monahan-Pendergast Advisor: UG 2006-6 IINSTITUTE FOR SYSTEMSR RESEARCH ISR develops, applies and teaches advanced methodologies of design and analysis to solve complex, hierarchical, heterogeneous and dynamic problems of engineering technology and systems for industry and government. ISR is a permanent institute of the University of Maryland, within the Glenn L. Martin Institute of Technol- ogy/A. James Clark School of Engineering. It is a National Science Foundation Engineering Research Center. Web site http://www.isr.umd.edu Attack Evolution 1 Attack Evolution: Identifying Attack Evolution Characteristics To Predict Future Attacks MaryTheresa Monahan-Pendergast Dr. Michel Cukier Dr. Linda C. Schmidt Dr. Paige Smith Institute of Systems Research University of Maryland Attack Evolution 2 ABSTRACT Several approaches can be considered to predict the evolution of computer security attacks, such as statistical approaches and “Red Teams.” This research proposes a third and completely novel approach for predicting the evolution of an attack threat. Our goal is to move from the destructive nature and malicious intent associated with an attack to the root of what an attack creation is: having successfully solved a complex problem. By approaching attacks from the perspective of the creator, we will chart the way in which attacks are developed over time and attempt to extract evolutionary patterns. These patterns will eventually
    [Show full text]
  • Malware Analysis and Antivirus Technologies: Kernel Malware & A
    Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware Today Protecting the irreplaceable | f-secure.com Copyright F-Secure 2010. All rights reserved. 2 06 April, 2011 © F-Secure Confidential Brain • Brain is the first known PC virus • Discovered in 1986 • Boot sector virus • First versions only infected 360k floppies • Stealth features • Hides infected boot sector by hooking sector read interrupt • Marks sectors in FAT bad • … but after all hiding efforts, some variants change floppy label to “© Brain” 3 06 April, 2011 © F-Secure Brain: Boot Sector Before Infection 4 06 April, 2011 © F-Secure Brain: Infected Boot Sector 5 06 April, 2011 © F-Secure Demo: Brain PUBLIC 7 06 April, 2011 © F-Secure Confidential 8 06 April, 2011 © F-Secure Confidential 9 06 April, 2011 © F-Secure Confidential Definition “Kernel malware is malicious software that runs fully or partially at the most privileged execution level, ring 0, having full access to memory, all CPU instructions, and all hardware.” • Can be divided into two subcategories • Full-Kernel malware • Semi-Kernel malware Copyright F-Secure 2010. All rights reserved. History • Kernel malware is not new – it has just been rare • WinNT/Infis • Discovered in November 1999 • Full-Kernel malware • Payload – PE EXE file infector • Virus.Win32.Chatter • Discovered in January 2003 • Semi-Kernel malware • Payload – PE SYS file infector • Mostly proof of concepts Copyright F-Secure 2010. All rights reserved. Increase of Kernel-Mode Malware Unique malicious drivers 37000 32000 15500
    [Show full text]
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • Strategies of Computer Worms
    304543_ch09.qxd 1/7/05 9:05 AM Page 313 CHAPTER 9 Strategies of Computer Worms “Worm: n., A self-replicating program able to propagate itself across network, typically having a detrimental effect.” —Concise Oxford English Dictionary, Revised Tenth Edition 313 304543_ch09.qxd 1/7/05 9:05 AM Page 314 Chapter 9—Strategies of Computer Worms 9.1 Introduction This chapter discusses the generic (or at least “typical”) structure of advanced computer worms and the common strategies that computer worms use to invade new target systems. Computer worms primarily replicate on networks, but they represent a subclass of computer viruses. Interestingly enough, even in security research communities, many people imply that computer worms are dramatically different from computer viruses. In fact, even within CARO (Computer Antivirus Researchers Organization), researchers do not share a common view about what exactly can be classified as a “worm.” We wish to share a common view, but well, at least a few of us agree that all computer worms are ultimately viruses1. Let me explain. The network-oriented infection strategy is indeed a primary difference between viruses and computer worms. Moreover, worms usually do not need to infect files but propagate as standalone programs. Additionally, several worms can take con- trol of remote systems without any help from the users, usually exploiting a vul- nerability or set of vulnerabilities. These usual characteristics of computer worms, however, do not always hold. Table 9.1 shows several well-known threats. Table
    [Show full text]
  • Paradise Lost , Book III, Line 18
    _Paradise Lost_, book III, line 18 %%%%%%%%%%%%%%%%%%%%%%%% ++++++++++Hacker's Encyclopedia++++++++ ===========by Logik Bomb (FOA)======== <http://www.xmission.com/~ryder/hack.html> ---------------(1997- Revised Second Edition)-------- ##################V2.5################## %%%%%%%%%%%%%%%%%%%%%%%% "[W]atch where you go once you have entered here, and to whom you turn! Do not be misled by that wide and easy passage!" And my Guide [said] to him: "That is not your concern; it is his fate to enter every door. This has been willed where what is willed must be, and is not yours to question. Say no more." -Dante Alighieri _The Inferno_, 1321 Translated by John Ciardi Acknowledgments ---------------------------- Dedicated to all those who disseminate information, forbidden or otherwise. Also, I should note that a few of these entries are taken from "A Complete List of Hacker Slang and Other Things," Version 1C, by Casual, Bloodwing and Crusader; this doc started out as an unofficial update. However, I've updated, altered, expanded, re-written and otherwise torn apart the original document, so I'd be surprised if you could find any vestiges of the original file left. I think the list is very informative; it came out in 1990, though, which makes it somewhat outdated. I also got a lot of information from the works listed in my bibliography, (it's at the end, after all the quotes) as well as many miscellaneous back issues of such e-zines as _Cheap Truth _, _40Hex_, the _LOD/H Technical Journals_ and _Phrack Magazine_; and print magazines such as _Internet Underground_, _Macworld_, _Mondo 2000_, _Newsweek_, _2600: The Hacker Quarterly_, _U.S. News & World Report_, _Time_, and _Wired_; in addition to various people I've consulted.
    [Show full text]
  • An Introduction to Malware
    Downloaded from orbit.dtu.dk on: Sep 24, 2021 An Introduction to Malware Sharp, Robin Publication date: 2017 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Sharp, R. (2017). An Introduction to Malware. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. An Introduction to Malware Robin Sharp DTU Compute Spring 2017 Abstract These notes, written for use in DTU course 02233 on Network Security, give a short introduction to the topic of malware. The most important types of malware are described, together with their basic principles of operation and dissemination, and defenses against malware are discussed. Contents 1 Some Definitions............................2 2 Classification of Malware........................2 3 Vira..................................3 4 Worms................................
    [Show full text]
  • Tangled Web : Tales of Digital Crime from the Shadows of Cyberspace
    TANGLED WEB Tales of Digital Crime from the Shadows of Cyberspace RICHARD POWER A Division of Macmillan USA 201 West 103rd Street, Indianapolis, Indiana 46290 Tangled Web: Tales of Digital Crime Associate Publisher from the Shadows of Cyberspace Tracy Dunkelberger Copyright 2000 by Que Corporation Acquisitions Editor All rights reserved. No part of this book shall be reproduced, stored in a Kathryn Purdum retrieval system, or transmitted by any means, electronic, mechanical, pho- Development Editor tocopying, recording, or otherwise, without written permission from the Hugh Vandivier publisher. No patent liability is assumed with respect to the use of the infor- mation contained herein. Although every precaution has been taken in the Managing Editor preparation of this book, the publisher and author assume no responsibility Thomas Hayes for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Project Editor International Standard Book Number: 0-7897-2443-x Tonya Simpson Library of Congress Catalog Card Number: 00-106209 Copy Editor Printed in the United States of America Michael Dietsch First Printing: September 2000 Indexer 02 01 00 4 3 2 Erika Millen Trademarks Proofreader Benjamin Berg All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Que Corporation cannot Team Coordinator attest to the accuracy of this information. Use of a term in this book should Vicki Harding not be regarded as affecting the validity of any trademark or service mark. Design Manager Warning and Disclaimer Sandra Schroeder Every effort has been made to make this book as complete and as accurate Cover Designer as possible, but no warranty or fitness is implied.
    [Show full text]
  • Dictionary of Health Information Technology and Security
    DICTIONARY OF HEALTH INFORMATION TECHNOLOGY AND SECURITY Dr. David Edward Marcinko, MBA , CFP© Certifi ed Medical Planner© Editor-in-Chief Hope Rachel Hetico, RN, MSHA, CPHQ Certifi ed Medical Planner© Managing Editor NEW YORK 33021009_FM1.indd021009_FM1.indd i 003/17/20073/17/2007 116:48:506:48:50 Copyright © 2007 Springer Publishing Company, LLC All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmit- ted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of Springer Publishing Company, LLC. Springer Publishing Company, LLC 11 West 42nd Street New York, NY 10036 www.springerpub.com Acquisitions Editor: Sheri W. Sussman Production Editor: Carol Cain Cover design: Mimi Flow Composition: Apex Publishing, LLC 07 08 09 10/ 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data Dictionary of health information technology and security / David Edward Marcinko, editor-in-chief, Hope Rachel Hetico, managing editor. p. ; cm. Includes bibliographical references. ISBN-13: 978-0-8261-4995-4 (alk. paper) ISBN-10: 0-8261-4995-2 (alk. paper) 1. Medical informatics—Dictionaries. 2. Medicine—Information technology—Dictionaries. 3. Medical informatics—Security measures— Dictionaries. I. Marcinko, David E. (David Edward) II. Hetico, Hope R. [DNLM: 1. Informatics—Dictionary—English. 2. Medical Informatics— Dictionary—English. 3. Computer Communication Networks—Dictionary— English. 4. Computer Security—Dictionary—English. W 13 D557165 2007] R858.D53 2007 610.3—dc22 2007005879 Printed in the United States of America by RR Donnelley. 33021009_FM1.indd021009_FM1.indd iiii 003/17/20073/17/2007 116:48:516:48:51 Th e Dictionary of Health Information Technology and Security is dedicated to Edward Anthony Marcinko Sr., and Edward Anthony Marcinko Jr., of Fell’s Point, Maryland.
    [Show full text]
  • F-1 Attachment F ACCESSING the FCC NETWORK USING WINDOWS
    Attachment F ACCESSING THE FCC NETWORK USING WINDOWS 3.1 OR 3.11 This attachment describes how to access the FCC Network from a system that is running the Microsoft Windows 3.1 or Windows for Workgroups 3.11 operating system. This involves using the FCC-supplied Point-to-Point Protocol (PPP) Dialer. This attachment summarizes the hardware and software required for the PPP Dialer, then describes the procedures for performing the following tasks: C Downloading the Dialer files from the Internet or the FCC Bulletin Board C Extracting the Dialer from the downloaded files C Installing the Dialer application C Configuring PPP C Establishing a PPP connection The attachment also describes how to troubleshoot and uninstall the PPP Dialer application, and tells how to get help from the FCC. Conventions The instructions in this attachment use the following typographical conventions: bold Represents objects on the screen that you click with the mouse pointer, including buttons, Internet links, icons, tabs, menu items (e.g., Cancel button, Auctions link, Save option in the File menu). italic Represents field names or areas of a screen (e.g., Licensee Name field, Applicant Information area of a screen). bold italic Represents characters that you must type exactly as they appear in the instructions. For example, if you are instructed to type http://www.fcc.gov, you should type all of the characters shown in bold italic exactly as they are printed. SMALL CAPS Represents keys on the keyboard (e.g., ENTER, CTRL, ESC). F-1 Hardware and Software Requirements Applicants who want to connect to the FCC Network using the FCC PPP Dialer will need the following hardware and software.
    [Show full text]