160 likes | 280 Views
Viruses, Worms, Trojans. Where are we going?. Absurd opinions by: IcE tRe. Past Viruses. Elk Cloner Stoned Michelangelo / Media Darlings Good Times virus. Elk Cloner. “The program with personality. It will get on all your disks. It will infiltrate your chips. Yes it’s Cloner.
E N D
Viruses, Worms, Trojans. Where are we going? Absurd opinions by: IcE tRe
Past Viruses • Elk Cloner • Stoned • Michelangelo / Media Darlings • Good Times virus
Elk Cloner • “The program with personality. • It will get on all your disks. It will infiltrate your chips. Yes it’s Cloner. • It will stick to you like glue. It will modify ram too. Send in the cloner!” • First virus in the wild. • Coded and ran on an Apple ][e. • No damaging payload. • No real threat.
Stoned • Simple boot block virus. • Code is the basis of most boot block viruses including the monkey. Which was much more damaging. • No real damaging payload. • Cute messages displayed upon bootup. Much like Elk Cloner.
Michelangelo / Media Darlings • Few infections of actual virus where seen. • Media attention actually more damaging then the virus could actually be. • Media caused unrealistic expectations of the virus. Only to crash those expectations causing later warnings not to be taken seriously. • No actual damage occurred contrary to Press predictions. • Result the first and last virus to receive such attention. This could be conceived as both good and bad.
Recent Viruses • Nimda • My Doom • Sasser • MS Blaster
The Good Multidistribution virus, uses damn near any method it can get ahold of to try to proliferate, even !fileshares! Fairly inteligent, walks through the filesystem looking for stuff it can use.. Infects websites, changing the index to refer to an infected file, which loads the virus. Website looks the same, but loads the virus.. SMART!!! The Bad Once again! No ambition, it just proliferates. It really doesn't do much of anything other than spread.. I mean seriously what if nimbda had a nasty payload, say something simple but damaging; like destroying the filesystem on the hard drive. Wow, considering how widespread this virus this was, there'd be alot of people with bad hdds Nimda
The Good In my opinion about as good of a virus as blaster. Opens a backdoor, this could be useful! Spreads through Email, Kazza ddos SCO... Good, they deserve it! expiration date: great idea really.. These things don't live forever, and there's a good reason for it. Why assume as the writer that it's going to live forever.. Diversionary tactic! Load notepad, and show garbage! The Bad I mean really, is it actually needed to have 71 ports open for your backdoor? S'allright, I am sure no one will notice anyways... Polymorphic; is it really that hard to change the data in the virus enough to not be detected by simple regexes on the mail server? Still a real lack of ambition here. While sco is a worthy cause, I mean really, is this all we can come up with? Retalitory attacks on a terrible company? My Doom
The Good Similar to blaster, used a lsass vuln to overcome the system same conditions really, just need a machine that's on the network and alive and kicking written in C++ WOw! it's like an actual program and shit! The Bad Yes, while similar to blaster, it's just lame. uses what could be a potential invisible hole in the user subsystem and then makes little to no attempts to hide itself from the end user. Exploit causes alert to user about lsass crashing.. Well there goes low profile.. Opens FTP on port 5554.. eeek! Opens a shell on port 9996.. However will the targets ISP ever find us? FTP sessions are logged in C:/win.log Great, why not leave your name and phone number at the beep while your at it.. Rather quick infection times, so estimated at 8 minutes to encompass the globe. While impressive at first, with rates like this how long did it take before CNN reported on it.. Sasser
The Good Requires nothing other than a vulnerable machine and a network connection. Incredibly prolific, took very little time to spread across the world Opens backdoor used mostly already used ports to proliferate; ie 445 and 135. So even when it was noticed that something was up it was very hard to dertermine what it was. The Bad So prolific, that it called attention to itself, both in sessions spawned and network traffic spikes. No real payload other than a lame DDOS that was mitigated on the DNS level by most ISP's and then Left a backdoor open on a noticable port (4444) Ms Blaster
MS Blaster Infected ! Infected ! Infected ! Infected ! Infected ! Infected ! Infected ! Infected ! Infected ! Infected ! Infected !
Viruses in the Future • The main problem with todays viruses is simple greed. • Attaining to much attention to quickly usually ends up alerting both the users and the media • They could really use it to their advantage.
In the Future Scan host C for vulnerability 3 Scan host A for vulnerability 1. Scan host B for vulnerability 2
Scan host C for vulnerability 1 Scan host A for vulnerability 1. Host B has been patched and can not be infected Infected !
Biblography / Sources • Groups.google.com • fsecur.com • http://securityresponse.symantec.com/