SlideShare ist ein Scribd-Unternehmen logo

Malware

Nikola Milosevic
Nikola Milosevic

Presentation about history and evolution of malware from BSides Manchester cyber secutity conference held on June 28th

SoftwareTechnologie
1 von 29
Downloaden Sie, um offline zu lesen
History and Evolution of Malware Nikola Milošević nikola.milosevic@owasp.org ● @dreadknight011
About Me • My name is Nikola Milošević • OWASP Serbia local chapter leader • OWASP Seraphimdroid project leader • OWASP anti-malware project contributor • Interested in topic; wrote and analyzed some key-loggers, spam bombers for self amusement and educational purposes • PhD student at University of Manchester
What is malware? ● Malware, short for malicious software, is software used or created by attackers to disrupt computer operation. It gathers sensitive information or gains access to private computer systems.
How it started? • Brain.A – January 1986. Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination………… $#@%$@!!
Then it continued • Stoned -1987 • Cascade – 1987 • Form - 1990 • Omega – showing omega sign on Friday 13 • Michelangelo – 1992 • V-Sign – 1992 • Walker...
Mutation • 1992. MtE or Mutation Engine • Creating polymorph viruses, hard to detect • Author – Dark Avenger
GUI •Virus Creation Laboratory
Windows came out • WinVir – 1992 – first capable of infecting PE files • Monkey – again Master Boot Record • One_half – polymorphism, encrypting • Concept – 1995 – infecting Office files
Windows... • Laroux (X97M/Laroux) 1996. • Boza (jan 1996.) • Marburg (1998) –Wargames CD –PC Power Play CD –Slow polymorphism –After 3 months he shows:
Mail worms... • Happy99 (1998) - first mail virus • Melissa - macro virus+mail worm • LoveLetter (2001) – one of the biggest outbreak in history • Anakournikova (2001) - social engineering • Mimail (2003)
Real worms • Morris Worm (1988) – first internet worm • CodeRed (2000) – no user interaction –Spread around the globe in few hours (attacked IIS) –After 19. days lunched DoS attacks (White House)
Real worms 2 • Nimda –E-mail virus with attachment affecting Win 95, 98, Me, NT4, 2000 –Worm affecting IIS using Unicode exploit –Modifies website to offer downloading of infectious files –Uses end user machines to scan network –Can reach PC behind firewalls –Has bug that causes crashes or inability to spread
Money, money, money • In 2003, first virus was made for financial gain • Fizzer – sending spam –Attachment that takes over PC and sends spam
Malware authors
Malware authors
Getting destructive • Slapper (September 13th 2002) – Used OpenSSL vulnerability to spread. – Had backdoor that listened on port UDP2002. – Infected Linux hosts (Apache servers) • Slammer (2003) – Attacks SQL Server, – Never writes anything to HDD. – Generates traffic – Root name-servers down (5 of 13)
Getting destructive 2 • Blaster (august 2003) –Buffer overflow in DCOM RPC –SYN flood on windowsupdate.com (Aug 15 2003) –2 messages : • I just want to say LOVE YOU SAN!!soo much • billy gates why do you make this possible ? Stop making money and fix your software!! • Sasser (April 2004.) –Used buffer overflow in Local Security Authority Subsystem Service –Spread over network –Crushed infected PC in minute
Getting destructive 3
Rootkits • Sony BMG (2005) –First rootkit was created by SONY –Kelly Minogue, Ricky Martin and 50 more titles –Intention was copy protection –Hides files that stats with $sys$ –Virus writers used it to hide –Great scandal –Bad PR handling by SONY
Rootkits • Mebroot (2008) –Uses browser exploit (used Monica Beluci web site), infects MBR –Hides as rootkit –Sends keystrokes to attacker, if it crashes sends trace to attacker/creator • Conficker(2008) –Created botnet –Spread using USB, NS, LAN –9-15 million infected
Ransomware •Blackmailing (GPCode.ax - 2010)
Let the war begin • Spyware, key-loggers • Cyber espionage, industrial espionage • German police released Trojan spyware in 2010
When the war get serious • Stuxnet (2010) –Big game changer, first intended physical sabotage of industrial system –Spread over USB, used 5 exploits (4 was 0days) –When it was discovered it already did what it was made for –Kills itself on June 24th 2012. –To do something, PC has to be connected to particular PLC that is connected to particular industry
When the war get serious 2 – DuQu (September 2011) – Similar code base as Stuxnet – Used for information retrieval and espionage of victim and has a rootkit capabilities – Written in higher languages, it is believed OO C, compiled with MS Visual Studio 2008 • Flame(2012) – Can spread using USB or LAN – Can record audio, video, skype calls, network traffic, steal files(Office, PDF, txt)... – About 20MB!!! But modular, so attacker can add more modules – Written in Lua and C++ – Remotely controlled and killed – DuQu and Stuxnet had valid stolen certificate
Quick classification • Virus • Worm • Trojan horse • Malicious mobile code • Backdoor • User level rootkits • Kernel level rootkits • Combination malware
Thank you http://inspiratron.org nikola.milosevic@owasp.org @dreadknight011

Empfohlen

Common malware and countermeasures
Common malware and countermeasuresCommon malware and countermeasures
Common malware and countermeasuresNoushin Ahson
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware MenaceTami Brass
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Malware
MalwareMalware
MalwareTuhin_Das
 
Computer Virus
Computer VirusComputer Virus
Computer VirusGisha Mathyari
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Computer virus
Computer virusComputer virus
Computer virusShubham_Indrawat
 
Malware and security
Malware and securityMalware and security
Malware and securityGurbakash Phonsa
 

Empfohlen

Common malware and countermeasures
Common malware and countermeasuresCommon malware and countermeasures
Common malware and countermeasuresNoushin Ahson
 
The Malware Menace
The Malware MenaceThe Malware Menace
The Malware MenaceTami Brass
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Malware
MalwareMalware
MalwareTuhin_Das
 
Computer Virus
Computer VirusComputer Virus
Computer VirusGisha Mathyari
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Computer virus
Computer virusComputer virus
Computer virusShubham_Indrawat
 
Malware and security
Malware and securityMalware and security
Malware and securityGurbakash Phonsa
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Malware
MalwareMalware
MalwareMohsinHusenManasiya
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
Historyofviruses
HistoryofvirusesHistoryofviruses
HistoryofvirusesFathoni Mahardika II
 
Computer Virus and Spyware
Computer Virus and SpywareComputer Virus and Spyware
Computer Virus and SpywareMahamudul Hassan Niaz
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignmentainmz
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Malwares
MalwaresMalwares
MalwaresAbolfazl Naderi
 
Computer virus
Computer virusComputer virus
Computer virusDikshyanta Dhungana
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
What is Spyware?
What is Spyware?What is Spyware?
What is Spyware?cnbweg45
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Rahman_Hussain
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virussharing notes123
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail sonykhan3
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIROTakagi Kun
 
MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
 
Malwares
MalwaresMalwares
MalwaresJoVilsinski
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignmentainmz
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
What is Spyware?
What is Spyware?What is Spyware?
What is Spyware?cnbweg45
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Rahman_Hussain
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virussharing notes123
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail sonykhan3
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIROTakagi Kun
 

Was ist angesagt? (20)

Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Malware
MalwareMalware
Malware
 
Malicious
MaliciousMalicious
Malicious
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
MALWARE
MALWAREMALWARE
MALWARE
 
Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
 
Computer Virus and Spyware
Computer Virus and SpywareComputer Virus and Spyware
Computer Virus and Spyware
 
Ict Assignment
Ict AssignmentIct Assignment
Ict Assignment
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Malwares
MalwaresMalwares
Malwares
 
Computer virus
Computer virusComputer virus
Computer virus
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
What is Spyware?
What is Spyware?What is Spyware?
What is Spyware?
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Wong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-VirusWong Pau Tung-special-topic-02-Virus
Wong Pau Tung-special-topic-02-Virus
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIRO
 

Andere mochten auch

MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
 
Computer Malware
Computer MalwareComputer Malware
Computer Malwareaztechtchr
 

Andere mochten auch (6)

MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPress
 
Malwares
MalwaresMalwares
Malwares
 
Big Data For Flight Delay Report
Big Data For Flight Delay ReportBig Data For Flight Delay Report
Big Data For Flight Delay Report
 
BIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPT
BIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPTBIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPT
BIG DATA TO AVOID WEATHER RELATED FLIGHT DELAYS PPT
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 

Ähnlich wie Malware

Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresNioLemuelLazatinConc
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Computer Virus
Computer Virus Computer Virus
Computer Virus Study Hub
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Network security history
Network security historyNetwork security history
Network security historyshahab ali
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEvolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEC-Council
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Jay Beale
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus Ammy Vijay
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 

Ähnlich wie Malware (20)

Malware
MalwareMalware
Malware
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer Virus
Computer Virus Computer Virus
Computer Virus
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
Network security history
Network security historyNetwork security history
Network security history
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEvolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
Virus
Virus Virus
Virus
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
What happened on October 21
What happened on October 21What happened on October 21
What happened on October 21
 

Mehr von Nikola Milosevic

Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Nikola Milosevic
 
Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Nikola Milosevic
 
AI an the future of society
AI an the future of societyAI an the future of society
AI an the future of societyNikola Milosevic
 
Machine learning prediction of stock markets
Machine learning prediction of stock marketsMachine learning prediction of stock markets
Machine learning prediction of stock marketsNikola Milosevic
 
Equity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningEquity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningNikola Milosevic
 
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...Nikola Milosevic
 
Extracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureExtracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureNikola Milosevic
 
Supporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningSupporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningNikola Milosevic
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidNikola Milosevic
 
Table mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureTable mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureNikola Milosevic
 
Sentiment analysis for Serbian language
Sentiment analysis for Serbian languageSentiment analysis for Serbian language
Sentiment analysis for Serbian languageNikola Milosevic
 
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Nikola Milosevic
 
Mašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuMašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuNikola Milosevic
 
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Nikola Milosevic
 
Software Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaSoftware Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaNikola Milosevic
 

Mehr von Nikola Milosevic (20)

Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...
 
Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)
 
Veštačka inteligencija
Veštačka inteligencijaVeštačka inteligencija
Veštačka inteligencija
 
AI an the future of society
AI an the future of societyAI an the future of society
AI an the future of society
 
Machine learning prediction of stock markets
Machine learning prediction of stock marketsMachine learning prediction of stock markets
Machine learning prediction of stock markets
 
Equity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningEquity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learning
 
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
 
Extracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureExtracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literature
 
Supporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningSupporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table mining
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
 
Serbia2
Serbia2Serbia2
Serbia2
 
Table mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureTable mining and data curation from biomedical literature
Table mining and data curation from biomedical literature
 
Sentiment analysis for Serbian language
Sentiment analysis for Serbian languageSentiment analysis for Serbian language
Sentiment analysis for Serbian language
 
Http and security
Http and securityHttp and security
Http and security
 
Android business models
Android business modelsAndroid business models
Android business models
 
Android(1)
Android(1)Android(1)
Android(1)
 
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
 
Mašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuMašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jeziku
 
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
 
Software Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaSoftware Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenja
 

Kürzlich hochgeladen

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationShrmpro
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 

Kürzlich hochgeladen (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

Malware

  • 1. History and Evolution of Malware Nikola Milošević nikola.milosevic@owasp.org ● @dreadknight011
  • 2. About Me • My name is Nikola Milošević • OWASP Serbia local chapter leader • OWASP Seraphimdroid project leader • OWASP anti-malware project contributor • Interested in topic; wrote and analyzed some key-loggers, spam bombers for self amusement and educational purposes • PhD student at University of Manchester
  • 3. What is malware? ● Malware, short for malicious software, is software used or created by attackers to disrupt computer operation. It gathers sensitive information or gains access to private computer systems.
  • 4. How it started? • Brain.A – January 1986. Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination………… $#@%$@!!
  • 5. Then it continued • Stoned -1987 • Cascade – 1987 • Form - 1990 • Omega – showing omega sign on Friday 13 • Michelangelo – 1992 • V-Sign – 1992 • Walker...
  • 6. Mutation • 1992. MtE or Mutation Engine • Creating polymorph viruses, hard to detect • Author – Dark Avenger
  • 8. Windows came out • WinVir – 1992 – first capable of infecting PE files • Monkey – again Master Boot Record • One_half – polymorphism, encrypting • Concept – 1995 – infecting Office files
  • 9. Windows... • Laroux (X97M/Laroux) 1996. • Boza (jan 1996.) • Marburg (1998) –Wargames CD –PC Power Play CD –Slow polymorphism –After 3 months he shows:
  • 10.
  • 11. Mail worms... • Happy99 (1998) - first mail virus • Melissa - macro virus+mail worm • LoveLetter (2001) – one of the biggest outbreak in history • Anakournikova (2001) - social engineering • Mimail (2003)
  • 12. Real worms • Morris Worm (1988) – first internet worm • CodeRed (2000) – no user interaction –Spread around the globe in few hours (attacked IIS) –After 19. days lunched DoS attacks (White House)
  • 13. Real worms 2 • Nimda –E-mail virus with attachment affecting Win 95, 98, Me, NT4, 2000 –Worm affecting IIS using Unicode exploit –Modifies website to offer downloading of infectious files –Uses end user machines to scan network –Can reach PC behind firewalls –Has bug that causes crashes or inability to spread
  • 14. Money, money, money • In 2003, first virus was made for financial gain • Fizzer – sending spam –Attachment that takes over PC and sends spam
  • 17. Getting destructive • Slapper (September 13th 2002) – Used OpenSSL vulnerability to spread. – Had backdoor that listened on port UDP2002. – Infected Linux hosts (Apache servers) • Slammer (2003) – Attacks SQL Server, – Never writes anything to HDD. – Generates traffic – Root name-servers down (5 of 13)
  • 18. Getting destructive 2 • Blaster (august 2003) –Buffer overflow in DCOM RPC –SYN flood on windowsupdate.com (Aug 15 2003) –2 messages : • I just want to say LOVE YOU SAN!!soo much • billy gates why do you make this possible ? Stop making money and fix your software!! • Sasser (April 2004.) –Used buffer overflow in Local Security Authority Subsystem Service –Spread over network –Crushed infected PC in minute
  • 20.
  • 21.
  • 22. Rootkits • Sony BMG (2005) –First rootkit was created by SONY –Kelly Minogue, Ricky Martin and 50 more titles –Intention was copy protection –Hides files that stats with $sys$ –Virus writers used it to hide –Great scandal –Bad PR handling by SONY
  • 23. Rootkits • Mebroot (2008) –Uses browser exploit (used Monica Beluci web site), infects MBR –Hides as rootkit –Sends keystrokes to attacker, if it crashes sends trace to attacker/creator • Conficker(2008) –Created botnet –Spread using USB, NS, LAN –9-15 million infected
  • 25. Let the war begin • Spyware, key-loggers • Cyber espionage, industrial espionage • German police released Trojan spyware in 2010
  • 26. When the war get serious • Stuxnet (2010) –Big game changer, first intended physical sabotage of industrial system –Spread over USB, used 5 exploits (4 was 0days) –When it was discovered it already did what it was made for –Kills itself on June 24th 2012. –To do something, PC has to be connected to particular PLC that is connected to particular industry
  • 27. When the war get serious 2 – DuQu (September 2011) – Similar code base as Stuxnet – Used for information retrieval and espionage of victim and has a rootkit capabilities – Written in higher languages, it is believed OO C, compiled with MS Visual Studio 2008 • Flame(2012) – Can spread using USB or LAN – Can record audio, video, skype calls, network traffic, steal files(Office, PDF, txt)... – About 20MB!!! But modular, so attacker can add more modules – Written in Lua and C++ – Remotely controlled and killed – DuQu and Stuxnet had valid stolen certificate
  • 28. Quick classification • Virus • Worm • Trojan horse • Malicious mobile code • Backdoor • User level rootkits • Kernel level rootkits • Combination malware