SlideShare une entreprise Scribd logo

BSides algiers - Malware History - Sofiane Talmat

Télécharger en tant que PPTX, PDF
Shellmates
Shellmates
TechnologieDivertissement et humour
1  sur  41
L’industrie du Malware (Part I) Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) http://www.synapse-labs.com info@synapse-labs.com
Security Corporate Services Services Solution Trainings Development http://www.synapse-labs.com info@synapse-labs.com
Viruses don't harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky) http://www.synapse-labs.com info@synapse-labs.com
• 1948 – 1966 (First theroical Approach) • John von Neumann « Theory of self-reproducing automata » http://www.synapse-labs.com info@synapse-labs.com
• 1971 (First Worm) • Robert (Bob) H. Thomas (BBN technologies) "I'm the creeper, catch me if you can!" • Machine : PDP-10 • System : TENEX • Transport : ARPANET http://www.synapse-labs.com info@synapse-labs.com
WORM http://www.synapse-labs.com info@synapse-labs.com
• 1974/1975 (First Trojan Virus) • John Walker « ANIMAL » UNIVAC 1108 http://www.synapse-labs.com info@synapse-labs.com
TROJAN HORSE http://www.synapse-labs.com info@synapse-labs.com
• 1982/1982 (First microcomputer Virus) • Rich Skrenta « Elk Cloner » Apple II Boot Sector http://www.synapse-labs.com info@synapse-labs.com
BOOT SECTOR http://www.synapse-labs.com info@synapse-labs.com
• 1986 (First IBM-PC Virus) • Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore » http://www.synapse-labs.com info@synapse-labs.com
• 1986 (First File Infector Virus) • Ralf Burger VirDem Ver.: 1.06 (Generation #) aktive. « Virdem model» Copyright by R.Burger 1986,1987 Phone.: D - 05932/5451 .com This is a demoprogram for computerviruses. Please put in a number now. If you're right, you'll be able to continue. The number is between 0 and x http://www.synapse-labs.com info@synapse-labs.com
COM INFECTION http://www.synapse-labs.com info@synapse-labs.com
• 1987 (Destructive Virus) – Vienna / Lehigh / Yale / Stoned / Ping Pong • Cascade (self-encrypting file virus) IBM Antivirus http://www.synapse-labs.com info@synapse-labs.com
SELF-ENCRYPTED http://www.synapse-labs.com info@synapse-labs.com
• 1987 • Jerusalem 1808(EXE) 1813(COM) « Infecting .EXE » ArabStar BlackBox • Interrupt BlackWindow Friday13th • Friday 13th HebrewUniversity Israeli PLO Russian http://www.synapse-labs.com info@synapse-labs.com
EXE Infection http://www.synapse-labs.com info@synapse-labs.com
• 1988 (First Internet Worm) • Robert Tappan Morris « The Morris worm » Buffer Overflow 6000 infections http://www.synapse-labs.com info@synapse-labs.com
BUFFER OVERFLOW http://www.synapse-labs.com info@synapse-labs.com
• 1988 (First Multipartite Virus) Ghostball • EXE/COM/Boot Sector http://www.synapse-labs.com info@synapse-labs.com
Multipartite virus http://www.synapse-labs.com info@synapse-labs.com
• 1988 (First Polymorphic Virus) • Mark Washburn & Ralf Burger « the Chameleon family » « Vienna and Cascade » 1260 http://www.synapse-labs.com info@synapse-labs.com
Polymorphism http://www.synapse-labs.com info@synapse-labs.com
• 1995 (First Macro Virus) « Concept » Sub MAIN REM That's enough to prove my point End Sub http://www.synapse-labs.com info@synapse-labs.com
Macro Virus http://www.synapse-labs.com info@synapse-labs.com
• 1998 • Chen Ing Hau • CIH v1 « Chernobyl / Spacefiller » Sep.1998 : Yamaha Driver Oct.1998 : Jeux Activision SiN Mar.1999: IBM Aptivas http://www.synapse-labs.com info@synapse-labs.com
• 1999 (Year of the worms) – Janvier 20: Happy99 worm (emails) (Spanska) – Mars 26: Melissa worm (Microsoft Word/ Outlook) – Juin 06: ExploreZip worm(Microsoft Office documents) – Decembre 30: Kak worm (Javascript worm / Outlook Express bug) http://www.synapse-labs.com info@synapse-labs.com
• 2000 (The most damaging worm ever) « ILOVEYOU worm (VBS/Loveletter) » VBScript http://www.synapse-labs.com info@synapse-labs.com
• 2000 (The year of Exploits) – Mai : Sadmind worm (Sun Solaris / Microsoft IIS) – Juillet : Code Red worm (Microsoft IIS indexing) – Septembre : Nimda worm (Windows/Code Red / Sadmind) – Octobre : Klez worm (MS IE / MS Outlook / Outlook Express) http://www.synapse-labs.com info@synapse-labs.com
• 2002 (Metamorphic virus) • Mental Driller « Win32/Simile » (Etap / MetaPHOR) 90% metamorphose May 14 / System locale http://www.synapse-labs.com info@synapse-labs.com
METAMORPHIC VIRUS http://www.synapse-labs.com info@synapse-labs.com
• 2002/2003 (Rise of the RAT & Trojans) – Beast (Delphi) – Optix Pro – Graybird – ProRat http://www.synapse-labs.com info@synapse-labs.com
• 2003 (More worms in the wild) – SQL Slammer worm • 75,000 en 10 minutes – Blaster worm (RPC) (similar to sasser 2004) • DDoS with SYN flood (windowsupdate.com) http://www.synapse-labs.com info@synapse-labs.com
• 2004 (First Webworm) « Santy » - Target : phpbb forums - 40 000 sites infectés http://www.synapse-labs.com info@synapse-labs.com
• 2006 (First ever Mac OS X virus) « OSX/Leap-A or OSX/Oompa-A » – Lan worm – Bonjour Protocol (iChat buddy list) – Destruit les fichiers infectes http://www.synapse-labs.com info@synapse-labs.com
• 2007 (Vous avez dit ZEUS ?) « ZEUS » (drive-by downloads /phishing) – 196 pays – Juin.2009 : 74,000 comptes FTP – 3.6 million d’infections aux USA – 28 Oct.2009 : 1.5 million de messages fishing sur facebook – 14/15 Nov. 2009 : 9 millions emails infectes(Verizon Wireless) – Cartes de credits de 15 banques compromises – 1 Oct.2010 : FBI / 70 millions $ et 90 arrestations – Mai.2011 : le code source est dévoilé http://www.synapse-labs.com info@synapse-labs.com
• 2007 (Mise a pirx : 250 000 $) « Conflicker » NetBIOS Exploits MS08-067 http://www.synapse-labs.com info@synapse-labs.com
BOTNET http://www.synapse-labs.com info@synapse-labs.com
• 2009 (Cyber attack) « W32.Dozer » « July 2009 Cyber Attacks » – 04/07/2009 : • USA / Corée du Sud – 07/07/2009 : • Corée du Sud – 09/07/2009 : • Corée du Sud http://www.synapse-labs.com info@synapse-labs.com
Cyber Weapons !!!!! 2010 : STUXNET 2011 : Duqu http://www.synapse-labs.com info@synapse-labs.com
Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labs http://www.synapse-labs.com info@synapse-labs.com

Recommandé

BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatBSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatShellmates
 
Erlang/OTP
Erlang/OTPErlang/OTP
Erlang/OTPvoluntas
 
A N T I A V
A N T I A VA N T I A V
A N T I A VNgo Hung Long
 
Unsafe Java World - Crossing the Borderline - JokerConf 2014 Saint Petersburg
Unsafe Java World - Crossing the Borderline - JokerConf 2014 Saint PetersburgUnsafe Java World - Crossing the Borderline - JokerConf 2014 Saint Petersburg
Unsafe Java World - Crossing the Borderline - JokerConf 2014 Saint PetersburgChristoph Engelbert
 
Trojan removal
Trojan removalTrojan removal
Trojan removalheath1221streak
 
Cryptography basics
Cryptography basicsCryptography basics
Cryptography basicsShellmates
 
Cryptography
CryptographyCryptography
CryptographyTushar Swami
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 

Recommandé

BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatBSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatShellmates
 
Erlang/OTP
Erlang/OTPErlang/OTP
Erlang/OTPvoluntas
 
A N T I A V
A N T I A VA N T I A V
A N T I A VNgo Hung Long
 
Unsafe Java World - Crossing the Borderline - JokerConf 2014 Saint Petersburg
Unsafe Java World - Crossing the Borderline - JokerConf 2014 Saint PetersburgUnsafe Java World - Crossing the Borderline - JokerConf 2014 Saint Petersburg
Unsafe Java World - Crossing the Borderline - JokerConf 2014 Saint PetersburgChristoph Engelbert
 
Trojan removal
Trojan removalTrojan removal
Trojan removalheath1221streak
 
Cryptography basics
Cryptography basicsCryptography basics
Cryptography basicsShellmates
 
Cryptography
CryptographyCryptography
CryptographyTushar Swami
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith Jones, PhD
 
History of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesHistory of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesblaufish
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
radhika.pdf
radhika.pdfradhika.pdf
radhika.pdfdharmendra321361
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Malware Trends Developments
Malware Trends DevelopmentsMalware Trends Developments
Malware Trends DevelopmentsTuhin_Das
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Minseok(Jacky) Cha
 
Computer viruses
Computer virusesComputer viruses
Computer viruseskamrannasiriiui
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoTouhami Kasbaoui
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Malware
MalwareMalware
MalwareNikola Milosevic
 
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat Security Conference
 
10 malware
10 malware10 malware
10 malwareSuresh Palace
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortVincent Ohprecio
 
Computer viruses
Computer virusesComputer viruses
Computer virusesAli Al Sarraf
 
Malware
MalwareMalware
MalwareNikola Milosevic
 
Atilim üniversitesi ceh sunum
Atilim üniversitesi ceh sunumAtilim üniversitesi ceh sunum
Atilim üniversitesi ceh sunumEPICROUTERS
 
Involutionary%20Self-Replicating%20Machines.ppt_1
Involutionary%20Self-Replicating%20Machines.ppt_1Involutionary%20Self-Replicating%20Machines.ppt_1
Involutionary%20Self-Replicating%20Machines.ppt_1David Keirsey
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cybersecurity cyberlab1
Cybersecurity cyberlab1Cybersecurity cyberlab1
Cybersecurity cyberlab1rayborg
 
HTML basics
HTML basics HTML basics
HTML basics Shellmates
 
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Shellmates
 

Contenu connexe

Similaire à BSides algiers - Malware History - Sofiane Talmat

Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith Jones, PhD
 
History of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesHistory of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesblaufish
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Malware Trends Developments
Malware Trends DevelopmentsMalware Trends Developments
Malware Trends DevelopmentsTuhin_Das
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Minseok(Jacky) Cha
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoTouhami Kasbaoui
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat Security Conference
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortVincent Ohprecio
 
Atilim üniversitesi ceh sunum
Atilim üniversitesi ceh sunumAtilim üniversitesi ceh sunum
Atilim üniversitesi ceh sunumEPICROUTERS
 
Involutionary%20Self-Replicating%20Machines.ppt_1
Involutionary%20Self-Replicating%20Machines.ppt_1Involutionary%20Self-Replicating%20Machines.ppt_1
Involutionary%20Self-Replicating%20Machines.ppt_1David Keirsey
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cybersecurity cyberlab1
Cybersecurity cyberlab1Cybersecurity cyberlab1
Cybersecurity cyberlab1rayborg
 

Similaire à BSides algiers - Malware History - Sofiane Talmat (20)

Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
History of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesHistory of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniques
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?
 
radhika.pdf
radhika.pdfradhika.pdf
radhika.pdf
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Malware Trends Developments
Malware Trends DevelopmentsMalware Trends Developments
Malware Trends Developments
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Malware
MalwareMalware
Malware
 
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
 
10 malware
10 malware10 malware
10 malware
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malware
MalwareMalware
Malware
 
Atilim üniversitesi ceh sunum
Atilim üniversitesi ceh sunumAtilim üniversitesi ceh sunum
Atilim üniversitesi ceh sunum
 
Involutionary%20Self-Replicating%20Machines.ppt_1
Involutionary%20Self-Replicating%20Machines.ppt_1Involutionary%20Self-Replicating%20Machines.ppt_1
Involutionary%20Self-Replicating%20Machines.ppt_1
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Cybersecurity cyberlab1
Cybersecurity cyberlab1Cybersecurity cyberlab1
Cybersecurity cyberlab1
 

Plus de Shellmates

Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Shellmates
 
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniAtelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniShellmates
 
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiJavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiShellmates
 
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniIntroduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniShellmates
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerShellmates
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalBSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalShellmates
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesShellmates
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliShellmates
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarShellmates
 
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniBSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniShellmates
 

Plus de Shellmates (13)

HTML basics
HTML basics HTML basics
HTML basics
 
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
 
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniAtelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El Hassani
 
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiJavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria Smahi
 
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniIntroduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El Hassani
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalBSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
 
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniBSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia Ounini
 

Dernier

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Dernier (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

BSides algiers - Malware History - Sofiane Talmat

  • 1. L’industrie du Malware (Part I) Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) http://www.synapse-labs.com info@synapse-labs.com
  • 2. Security Corporate Services Services Solution Trainings Development http://www.synapse-labs.com info@synapse-labs.com
  • 3. Viruses don't harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky) http://www.synapse-labs.com info@synapse-labs.com
  • 4. • 1948 – 1966 (First theroical Approach) • John von Neumann « Theory of self-reproducing automata » http://www.synapse-labs.com info@synapse-labs.com
  • 5. • 1971 (First Worm) • Robert (Bob) H. Thomas (BBN technologies) "I'm the creeper, catch me if you can!" • Machine : PDP-10 • System : TENEX • Transport : ARPANET http://www.synapse-labs.com info@synapse-labs.com
  • 6. WORM http://www.synapse-labs.com info@synapse-labs.com
  • 7. • 1974/1975 (First Trojan Virus) • John Walker « ANIMAL » UNIVAC 1108 http://www.synapse-labs.com info@synapse-labs.com
  • 9. • 1982/1982 (First microcomputer Virus) • Rich Skrenta « Elk Cloner » Apple II Boot Sector http://www.synapse-labs.com info@synapse-labs.com
  • 11. • 1986 (First IBM-PC Virus) • Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore » http://www.synapse-labs.com info@synapse-labs.com
  • 12. • 1986 (First File Infector Virus) • Ralf Burger VirDem Ver.: 1.06 (Generation #) aktive. « Virdem model» Copyright by R.Burger 1986,1987 Phone.: D - 05932/5451 .com This is a demoprogram for computerviruses. Please put in a number now. If you're right, you'll be able to continue. The number is between 0 and x http://www.synapse-labs.com info@synapse-labs.com
  • 14. • 1987 (Destructive Virus) – Vienna / Lehigh / Yale / Stoned / Ping Pong • Cascade (self-encrypting file virus) IBM Antivirus http://www.synapse-labs.com info@synapse-labs.com
  • 16. • 1987 • Jerusalem 1808(EXE) 1813(COM) « Infecting .EXE » ArabStar BlackBox • Interrupt BlackWindow Friday13th • Friday 13th HebrewUniversity Israeli PLO Russian http://www.synapse-labs.com info@synapse-labs.com
  • 18. • 1988 (First Internet Worm) • Robert Tappan Morris « The Morris worm » Buffer Overflow 6000 infections http://www.synapse-labs.com info@synapse-labs.com
  • 20. • 1988 (First Multipartite Virus) Ghostball • EXE/COM/Boot Sector http://www.synapse-labs.com info@synapse-labs.com
  • 22. • 1988 (First Polymorphic Virus) • Mark Washburn & Ralf Burger « the Chameleon family » « Vienna and Cascade » 1260 http://www.synapse-labs.com info@synapse-labs.com
  • 24. • 1995 (First Macro Virus) « Concept » Sub MAIN REM That's enough to prove my point End Sub http://www.synapse-labs.com info@synapse-labs.com
  • 26. • 1998 • Chen Ing Hau • CIH v1 « Chernobyl / Spacefiller » Sep.1998 : Yamaha Driver Oct.1998 : Jeux Activision SiN Mar.1999: IBM Aptivas http://www.synapse-labs.com info@synapse-labs.com
  • 27. • 1999 (Year of the worms) – Janvier 20: Happy99 worm (emails) (Spanska) – Mars 26: Melissa worm (Microsoft Word/ Outlook) – Juin 06: ExploreZip worm(Microsoft Office documents) – Decembre 30: Kak worm (Javascript worm / Outlook Express bug) http://www.synapse-labs.com info@synapse-labs.com
  • 28. • 2000 (The most damaging worm ever) « ILOVEYOU worm (VBS/Loveletter) » VBScript http://www.synapse-labs.com info@synapse-labs.com
  • 29. • 2000 (The year of Exploits) – Mai : Sadmind worm (Sun Solaris / Microsoft IIS) – Juillet : Code Red worm (Microsoft IIS indexing) – Septembre : Nimda worm (Windows/Code Red / Sadmind) – Octobre : Klez worm (MS IE / MS Outlook / Outlook Express) http://www.synapse-labs.com info@synapse-labs.com
  • 30. • 2002 (Metamorphic virus) • Mental Driller « Win32/Simile » (Etap / MetaPHOR) 90% metamorphose May 14 / System locale http://www.synapse-labs.com info@synapse-labs.com
  • 32. • 2002/2003 (Rise of the RAT & Trojans) – Beast (Delphi) – Optix Pro – Graybird – ProRat http://www.synapse-labs.com info@synapse-labs.com
  • 33. • 2003 (More worms in the wild) – SQL Slammer worm • 75,000 en 10 minutes – Blaster worm (RPC) (similar to sasser 2004) • DDoS with SYN flood (windowsupdate.com) http://www.synapse-labs.com info@synapse-labs.com
  • 34. • 2004 (First Webworm) « Santy » - Target : phpbb forums - 40 000 sites infectés http://www.synapse-labs.com info@synapse-labs.com
  • 35. • 2006 (First ever Mac OS X virus) « OSX/Leap-A or OSX/Oompa-A » – Lan worm – Bonjour Protocol (iChat buddy list) – Destruit les fichiers infectes http://www.synapse-labs.com info@synapse-labs.com
  • 36. • 2007 (Vous avez dit ZEUS ?) « ZEUS » (drive-by downloads /phishing) – 196 pays – Juin.2009 : 74,000 comptes FTP – 3.6 million d’infections aux USA – 28 Oct.2009 : 1.5 million de messages fishing sur facebook – 14/15 Nov. 2009 : 9 millions emails infectes(Verizon Wireless) – Cartes de credits de 15 banques compromises – 1 Oct.2010 : FBI / 70 millions $ et 90 arrestations – Mai.2011 : le code source est dévoilé http://www.synapse-labs.com info@synapse-labs.com
  • 37. • 2007 (Mise a pirx : 250 000 $) « Conflicker » NetBIOS Exploits MS08-067 http://www.synapse-labs.com info@synapse-labs.com
  • 38. BOTNET http://www.synapse-labs.com info@synapse-labs.com
  • 39. • 2009 (Cyber attack) « W32.Dozer » « July 2009 Cyber Attacks » – 04/07/2009 : • USA / Corée du Sud – 07/07/2009 : • Corée du Sud – 09/07/2009 : • Corée du Sud http://www.synapse-labs.com info@synapse-labs.com
  • 40. Cyber Weapons !!!!! 2010 : STUXNET 2011 : Duqu http://www.synapse-labs.com info@synapse-labs.com
  • 41. Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labs http://www.synapse-labs.com info@synapse-labs.com