SlideShare une entreprise Scribd logo

Malware

Télécharger en tant que PPT, PDF
Nikola Milosevic
Nikola Milosevic

Nikola Milošević from OWASP local chapter Serbia held presentation on December 10th in University of Belgrade, School of Electrical Engineering about history and evolution of Malware, from Brain to Flame.

Technologie
1  sur  31
History and Evolution of Malware How to fight malicious code Nikola Milošević nikola.milosevic@owasp.org
About Me • My name is Nikola Milošević • OWASP Serbia local chapter leader • OWASP anty-malware project contributor • Interested in topic, wrote and analyzed some keyloggers, spam bombers for self amusement and educational purposes • Working at ManageWP, Company Logo Prelovac Media
What is malware? • Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
How it started? • Brain.A – January 1986. • Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
Then it continued • Stoned -1987 • Cascade – 1987 • Form - 1990 • Omega – showing omega sign on Friday 13 • Michelangelo – 1992 • V-Sign – 1992 • Walker...
Mutation • 1992. MtE or Mutation Engine • Creating polimorph viruses, hard to detect • Author – Dark Avenger
GUI • Virus Creation Labor
Windows came out • WinVir – 1992 – first capable of infecting PE files • Monkey – again Master Boot Record • One_half – polimorphism, crypting • Concept – 1995 – infecting Office files
Windows... • Laroux (X97M/Laroux) 1996. • Boza (jan 1996.) • Marburg (1998) – Wargames CD – PC Power Play CD – Slow polimorphism – After 3 months he shows:
Mail worms... • Happy99 (1998) - first mail virus • Melissa – macro virus+mail worm • LoveLetter (2001) – one of the bigest outbreak in history • Anakournikova – social engineering • Mimail (2003)
Real worms • Morris Worm (1988) – first internet worm • CodeRed (2000) – no user interaction – Spread around the globe in few hours(attacked IIS) – After 19. days lunched DoS attacks (White House)
Real worms 2 • Nimda – mail virus with attachemnt affecting Win 95,98,Me,NT4,2000 – Worm affecting IIS using unicode exploit – Modifies website to offer downloading of infecting files – Used end user machines to scan network – Can reach PC behing firewalls – Has bug that causes crashes or inability to spread
Money, money, money • In 2003 was found first virus made for financial gain • Fizzer – sending spam – Attachment that takes over PC and send spam
Malware authors
Malware authors
Getting destructive • Slapper (September 13th 2002) – used OpenSSL vulnerability to spread. – Had backdoor that listened on port UDP2002. – Infected Linux hosts (Apache servers) • Slammer (2003) – Attacks SQL Server, – never writes anything to HDD. – Generates trafic. – Root nameservers down (5 of 13)
Getting destructive 2 • Blaster (august 2003) – Buffer overflow in DCOM RPC – SYN flood on windowsupdate.com (Aug 15 2003) – 2 messages : • I just want to say LOVE YOU SAN!!soo much • billy gates why do you make this possible ? Stop making money and fix your software!! • Sasser (April 2004.) – Used buffer overflow in Local Security Authority Subsystem Service – Spread over network – Crushed infected PC in minute
Getting destructive 3
Rootkits • Sony BMG (2005) – First rootkit was created by SONY – Kelly Minogue, Ricky Martin and 50 more titles – Intension was copy protection – Hides files that stats with $sys$ – Virus writers used it to hide – Great scandal – Bad PR handling by SONY
Rootkits • Mebroot (2008) – Uses browser explot (used Monica Beluci web site), infects MBR – Hides as rootkit – Sends keystrokes to attacker, if it crashes sends trace to attacker/creator • Conficker(2008) – Created botnet – Spread using USB, NS, LAN – 9-15 million infected
Ransomware • Blackmailing
Let the war begin • Spyware, keyloggers • Cyber espionage, industrial espionage • German police released Troyan spyware in 2010
When the war get serious • Stuxnet (2010) – Big game changer, first intended phisical sabotage of industrial system – Spread over USB, used 5 exploits (4 was 0days) – When it was discovered it already did what it was made for – Kills itself on June 24th 2012. – To do something PC has to be connected to particular PLC that is connected to particular industry
When the war get serious 2 • DoQu (September 2011) – Similar codebase as Stuxnet – Used for information retrieval and espionage of victim, but has injection and rootkit capabilities – Written in higher languages, it is believed OO C, compiled with MS Visual Studio 2008 • Flame(2012) – Can spread using USB or LAN – Can record audio, video, skype calls, network trafic, steal files (Office, PDF, txt)... – About 20MB!!! But modular, so attacker can add more modules – Written in Lua and C++ – Remotly controled and killed – As DoQu and Stuxnet has valid stolen cerificate
Quick classification • Virus • Worm • Troyan horse • Malicious mobile code • Backdoor • User and Kernel level rootkits • Combination malware
Malware analysis • Its all about reverse engineering – Reverse engineer how malware works – Specifiy algorithm for protection – Develop protection • Some malware analysis labs automated some processes • Not everything can be automated
Reverse engineering • Dinamic reverse engineering – Have system diagnostic tools and loggers – Run the code – Observe what is happening to system, network, files... • Static reverse engineering – Decompile the code – Analyze it and find out what is code doing
Questions

Recommandé

How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?Pascal Kotté (ICT-a.ch, CloudReady, LiN, Tech4good)
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)John Joseph San Juan
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanJung Pil (J.P.) Choi
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011warezjoe
 
A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!
A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!
A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!Jun Iio
 
Wifislax
WifislaxWifislax
WifislaxGeri waxel
 
Operating Systems
Operating SystemsOperating Systems
Operating SystemsTarek Kalaji
 

Recommandé

How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?Pascal Kotté (ICT-a.ch, CloudReady, LiN, Tech4good)
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)John Joseph San Juan
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanJung Pil (J.P.) Choi
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011warezjoe
 
A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!
A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!
A Story on Sinatra's F*cking Configuration that Really, Really Bothered Me!Jun Iio
 
Wifislax
WifislaxWifislax
WifislaxGeri waxel
 
Operating Systems
Operating SystemsOperating Systems
Operating SystemsTarek Kalaji
 
Future is now,Future is Opensource
Future is now,Future is OpensourceFuture is now,Future is Opensource
Future is now,Future is OpensourceAhmed Abdou
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer Greater Noida Institute Of Technology
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Linux security-fosster-09
Linux security-fosster-09Linux security-fosster-09
Linux security-fosster-09Dr. Jayaraj Poroor
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux serversJuan Carlos Pérez Pardo
 
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?APNIC
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and VirusesWasif Ali Syed
 
Linux
Linux Linux
Linux Huma Parween
 
IoT security
IoT securityIoT security
IoT securityAbhishek Dwivedi
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+Venkasys Technologies Pvt. Ltd.
 
Linux Security Myth
Linux Security MythLinux Security Myth
Linux Security MythMackenzie Morgan
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet wormsommerville-videos
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringananya0122
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentationshohrabkhan
 
Polymorphism
PolymorphismPolymorphism
PolymorphismRaffaele Doti
 
Malware
MalwareMalware
MalwareNikola Milosevic
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 

Contenu connexe

Tendances

Future is now,Future is Opensource
Future is now,Future is OpensourceFuture is now,Future is Opensource
Future is now,Future is OpensourceAhmed Abdou
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?APNIC
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and VirusesWasif Ali Syed
 

Tendances (12)

Future is now,Future is Opensource
Future is now,Future is OpensourceFuture is now,Future is Opensource
Future is now,Future is Opensource
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology Education
 
Linux security-fosster-09
Linux security-fosster-09Linux security-fosster-09
Linux security-fosster-09
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux servers
 
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
2nd ICANN APAC-TWNIC Engagement Forum: What is Hitting my Honeypots?
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and Viruses
 
Linux
Linux Linux
Linux
 
IoT security
IoT securityIoT security
IoT security
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
Linux Security Myth
Linux Security MythLinux Security Myth
Linux Security Myth
 

En vedette

5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringananya0122
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentationshohrabkhan
 

En vedette (7)

5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet worm
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentation
 
Polymorphism
PolymorphismPolymorphism
Polymorphism
 

Similaire à Malware

Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresNioLemuelLazatinConc
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouCybereason
 
Computer Virus
Computer Virus Computer Virus
Computer Virus Study Hub
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Rahman_Hussain
 
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEvolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEC-Council
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3gpioa
 
Meeting02_RoT.pptx
Meeting02_RoT.pptxMeeting02_RoT.pptx
Meeting02_RoT.pptxothmanomar13
 
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, SwitzerlandReversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, SwitzerlandSignalSEC Ltd.
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedKavin K
 

Similaire à Malware (20)

Malware
MalwareMalware
Malware
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
 
Computer Virus
Computer Virus Computer Virus
Computer Virus
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEvolution of Malware and Attempts to Prevent by Michael Angelo Vien
Evolution of Malware and Attempts to Prevent by Michael Angelo Vien
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3
 
Meeting02_RoT.pptx
Meeting02_RoT.pptxMeeting02_RoT.pptx
Meeting02_RoT.pptx
 
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, SwitzerlandReversing Mobile - Swiss Cyber Storm 2011, Switzerland
Reversing Mobile - Swiss Cyber Storm 2011, Switzerland
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advanced
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 

Plus de Nikola Milosevic

Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Nikola Milosevic
 
Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Nikola Milosevic
 
AI an the future of society
AI an the future of societyAI an the future of society
AI an the future of societyNikola Milosevic
 
Machine learning prediction of stock markets
Machine learning prediction of stock marketsMachine learning prediction of stock markets
Machine learning prediction of stock marketsNikola Milosevic
 
Equity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningEquity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningNikola Milosevic
 
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...Nikola Milosevic
 
Extracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureExtracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureNikola Milosevic
 
Supporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningSupporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningNikola Milosevic
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidNikola Milosevic
 
Table mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureTable mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureNikola Milosevic
 
Sentiment analysis for Serbian language
Sentiment analysis for Serbian languageSentiment analysis for Serbian language
Sentiment analysis for Serbian languageNikola Milosevic
 
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Nikola Milosevic
 
Mašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuMašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuNikola Milosevic
 
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Nikola Milosevic
 
Software Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaSoftware Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaNikola Milosevic
 

Plus de Nikola Milosevic (20)

Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...Classifying intangible social innovation concepts using machine learning and ...
Classifying intangible social innovation concepts using machine learning and ...
 
Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)Machine learning (ML) and natural language processing (NLP)
Machine learning (ML) and natural language processing (NLP)
 
Veštačka inteligencija
Veštačka inteligencijaVeštačka inteligencija
Veštačka inteligencija
 
AI an the future of society
AI an the future of societyAI an the future of society
AI an the future of society
 
Machine learning prediction of stock markets
Machine learning prediction of stock marketsMachine learning prediction of stock markets
Machine learning prediction of stock markets
 
Equity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learningEquity forecast: Predicting long term stock market prices using machine learning
Equity forecast: Predicting long term stock market prices using machine learning
 
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...BelBi2016 presentation: Hybrid methodology for information extraction from ta...
BelBi2016 presentation: Hybrid methodology for information extraction from ta...
 
Extracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literatureExtracting patient data from tables in clinical literature
Extracting patient data from tables in clinical literature
 
Supporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table miningSupporting clinical trial data curation and integration with table mining
Supporting clinical trial data curation and integration with table mining
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
 
Serbia2
Serbia2Serbia2
Serbia2
 
Table mining and data curation from biomedical literature
Table mining and data curation from biomedical literatureTable mining and data curation from biomedical literature
Table mining and data curation from biomedical literature
 
Sentiment analysis for Serbian language
Sentiment analysis for Serbian languageSentiment analysis for Serbian language
Sentiment analysis for Serbian language
 
Http and security
Http and securityHttp and security
Http and security
 
Android business models
Android business modelsAndroid business models
Android business models
 
Android(1)
Android(1)Android(1)
Android(1)
 
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture Sigurnosne prijetnje i mjere zaštite IT infrastrukture
Sigurnosne prijetnje i mjere zaštite IT infrastrukture
 
Mašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jezikuMašinska analiza sentimenta rečenica na srpskom jeziku
Mašinska analiza sentimenta rečenica na srpskom jeziku
 
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
Software Freedom day Serbia - Owasp - informaciona bezbednost u Srbiji open s...
 
Software Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenjaSoftware Freedom day Serbia - Owasp open source resenja
Software Freedom day Serbia - Owasp open source resenja
 

Dernier

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Dernier (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Malware

  • 1. History and Evolution of Malware How to fight malicious code Nikola Milošević nikola.milosevic@owasp.org
  • 2. About Me • My name is Nikola Milošević • OWASP Serbia local chapter leader • OWASP anty-malware project contributor • Interested in topic, wrote and analyzed some keyloggers, spam bombers for self amusement and educational purposes • Working at ManageWP, Company Logo Prelovac Media
  • 3. What is malware? • Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
  • 4. How it started? • Brain.A – January 1986. • Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
  • 5. Then it continued • Stoned -1987 • Cascade – 1987 • Form - 1990 • Omega – showing omega sign on Friday 13 • Michelangelo – 1992 • V-Sign – 1992 • Walker...
  • 6. Mutation • 1992. MtE or Mutation Engine • Creating polimorph viruses, hard to detect • Author – Dark Avenger
  • 8. Windows came out • WinVir – 1992 – first capable of infecting PE files • Monkey – again Master Boot Record • One_half – polimorphism, crypting • Concept – 1995 – infecting Office files
  • 9. Windows... • Laroux (X97M/Laroux) 1996. • Boza (jan 1996.) • Marburg (1998) – Wargames CD – PC Power Play CD – Slow polimorphism – After 3 months he shows:
  • 10.
  • 11. Mail worms... • Happy99 (1998) - first mail virus • Melissa – macro virus+mail worm • LoveLetter (2001) – one of the bigest outbreak in history • Anakournikova – social engineering • Mimail (2003)
  • 12. Real worms • Morris Worm (1988) – first internet worm • CodeRed (2000) – no user interaction – Spread around the globe in few hours(attacked IIS) – After 19. days lunched DoS attacks (White House)
  • 13. Real worms 2 • Nimda – mail virus with attachemnt affecting Win 95,98,Me,NT4,2000 – Worm affecting IIS using unicode exploit – Modifies website to offer downloading of infecting files – Used end user machines to scan network – Can reach PC behing firewalls – Has bug that causes crashes or inability to spread
  • 14. Money, money, money • In 2003 was found first virus made for financial gain • Fizzer – sending spam – Attachment that takes over PC and send spam
  • 17. Getting destructive • Slapper (September 13th 2002) – used OpenSSL vulnerability to spread. – Had backdoor that listened on port UDP2002. – Infected Linux hosts (Apache servers) • Slammer (2003) – Attacks SQL Server, – never writes anything to HDD. – Generates trafic. – Root nameservers down (5 of 13)
  • 18. Getting destructive 2 • Blaster (august 2003) – Buffer overflow in DCOM RPC – SYN flood on windowsupdate.com (Aug 15 2003) – 2 messages : • I just want to say LOVE YOU SAN!!soo much • billy gates why do you make this possible ? Stop making money and fix your software!! • Sasser (April 2004.) – Used buffer overflow in Local Security Authority Subsystem Service – Spread over network – Crushed infected PC in minute
  • 20.
  • 21.
  • 22. Rootkits • Sony BMG (2005) – First rootkit was created by SONY – Kelly Minogue, Ricky Martin and 50 more titles – Intension was copy protection – Hides files that stats with $sys$ – Virus writers used it to hide – Great scandal – Bad PR handling by SONY
  • 23. Rootkits • Mebroot (2008) – Uses browser explot (used Monica Beluci web site), infects MBR – Hides as rootkit – Sends keystrokes to attacker, if it crashes sends trace to attacker/creator • Conficker(2008) – Created botnet – Spread using USB, NS, LAN – 9-15 million infected
  • 25. Let the war begin • Spyware, keyloggers • Cyber espionage, industrial espionage • German police released Troyan spyware in 2010
  • 26. When the war get serious • Stuxnet (2010) – Big game changer, first intended phisical sabotage of industrial system – Spread over USB, used 5 exploits (4 was 0days) – When it was discovered it already did what it was made for – Kills itself on June 24th 2012. – To do something PC has to be connected to particular PLC that is connected to particular industry
  • 27. When the war get serious 2 • DoQu (September 2011) – Similar codebase as Stuxnet – Used for information retrieval and espionage of victim, but has injection and rootkit capabilities – Written in higher languages, it is believed OO C, compiled with MS Visual Studio 2008 • Flame(2012) – Can spread using USB or LAN – Can record audio, video, skype calls, network trafic, steal files (Office, PDF, txt)... – About 20MB!!! But modular, so attacker can add more modules – Written in Lua and C++ – Remotly controled and killed – As DoQu and Stuxnet has valid stolen cerificate
  • 28. Quick classification • Virus • Worm • Troyan horse • Malicious mobile code • Backdoor • User and Kernel level rootkits • Combination malware
  • 29. Malware analysis • Its all about reverse engineering – Reverse engineer how malware works – Specifiy algorithm for protection – Develop protection • Some malware analysis labs automated some processes • Not everything can be automated
  • 30. Reverse engineering • Dinamic reverse engineering – Have system diagnostic tools and loggers – Run the code – Observe what is happening to system, network, files... • Static reverse engineering – Decompile the code – Analyze it and find out what is code doing