Old viruses.

Not sure if ive posted in the correct place but here goes.Back in the 1980,s i was the proud owner and user of a commodore amiga 500 computer and it was a beautiful machine with top graphics and sound for its time.Not sure if any other members had one ,but viruses were quite rare in that time.
I only ever experienced 1 which was called the SCA virus and all this did was put red dots and lines on the screen.

If we look at how viruses have evolved in time the capabilities of modern malware is very scary and very much real and there has been a huge leap in their destructive powers,from opening your disktray to totally hosing your system and i often wonder why these people do it because they seem to be dare i say it "talented" programmers.

Ok my point of this thread is to discover where wilders members believe malware is heading.?
What does it come to.?
Will malware writers simply run out of ideas and everything will be detected and we can all enjoy a malware free internet experience or is todays malware just the tip of the iceberg and even worse incarnations of malware are on the horizon.?

Surely it has to come to a full stop at some point.

 

Never, it's big business. There's lots of money to be made and lots of people are looking for information and they're willing to pay with no questions asked!

For me, malware is getting more scary because of the national security issues. Govenments can now disrupt essential services, financial institutions, the Military, etc. because of the inherent insecurity of these systems.

Full stop, no way, I think we've seen only the tip of the iceberg.

Jim

 

Besides the apparent talent, and greed of these programmers, there, imho, has to be a pretty big spite factor involved here. Even for money, or fame amongst their peers, why would someone, or some group, wreak such potential havoc for such a large number of people or organizations, without a care? You have to have a large amount of disdain for those you've screwed up..

 

I think malware will continue to exist at least as long as people have the ability to build working software without having to have it approved, to acquire and install working software from other than approved sources, and to control what that software is allowed to do. IOW, be careful what you wish for.

 

I don't see it ever stopping. As long as the basic motives exist, fame, money, power, malware writers will keep coming up with new ideas. The path that PCs and applications are taking in their evolution pretty much guarantees that it won't stop. Take HTML5 and IPv6 for example. In spite of all the improvements, both will create as many new problems as they solve. Windows has been following a similar path from the beginning. They've never taken the time to develop an OS to its true potential. Just about the time a Windows OS gets to the point that it works really well, they release a new one, drop support for the mature OS, and we do it all over again. Change for the sake of profits is one of the primary reason for the problem.

IOW, trusted computing and approved vendors. I'd rather deal with the malware. The only way I would even consider such an arrangement is if all of the "approved software" (including the OS) was Open Source with the code freely available for inspection, combined with an easy way to make sure that the software matches that code completely.

 

If you look at the deluge of recent attacks, from redirect exploits on compromised sites, to targeted attacks to organizations, the immediate goal of the attack is to install a trojan executable.

This has not changed in many years. What has changed are the means of delivery, or attack vectors. Malware writers do their homework: beginning at least as far back as 2004 with the .ani exploit (IE6) and .wmf (Image viewers) they discover flaws in the coding of applications, moving forward to the PDF Reader, JAVA application plug-in, Flash application plug-in, MSOffice documents applications, etc. They create attack code that uses the application to trigger the download of the executable. From an article on the latest Java exploit, cited in this thread:

Once it is understood how all of this works, the fear factor is greatly reduced because secure policies and procedures can be implemented to protect against these attack vectors.

This is a nice idea, but prone to exploitation. One could download from Oracle's approved source, the latest Java version with its Sandbox protection, only to find it soon exploited. From another article cited here:

I would always want to be prepared in case what I deem to be trusted, becomes vulnerable to exploitation.


----
rich

 

As long as the technology is there and new techniques become available, malware will continue to exist in varying forms. It has been and will continue to be a cat-and-mouse game; one invents technologies to defend and others find ways to try circumvent those. It starts all over again with each new piece of technology. The cycle keeps on going.

 

Malware is going to be around for a long, long time.

My particular prediction is that social engineering will get even more popular. Computers are getting harder to fool around with, but users (mostly) aren't, and most blackhats are going to go for the easy money.

 

Ok.
Looking at things from a different angle and taking into account that security vendors very livelihood and existence is reliant on malware being an agrressive entity in the world would it be a safe assumption to make that perhaps some of these vendors themselves create strains of malware just to enhance their own products.
Before i get a barrage of criticism i would like to say that i am not pointing any fingers here at any specific companies but speaking generally and im sure like myself many people have heard the rumours and read the various blogs on the internet purporting to indict some companies on this.
The only case which sticks out in my mind is the case of the rising software company although as ive said it was mainly rumours but maybe we should stop and think about how some companies operate and we the public really dont know what occurs behind closed doors in some nefarious software companies which exist.

 

Why would they bother? Selling "security" to inexperienced end users is easier, less hazardous, and makes more money.

As for actual conspiracies, it's worth noting that the most egregious abuses don't take place behind closed doors. See China, Congo, etc. - this stuff is public knowledge, but the scale of the abuse and the physical distances involved result in a public that doesn't really care.

 

Me too but in the 90s. It's a shame that Micro$oft did all they could to help kill the Amiga, which ins day was vastly superior to the PC and Mac.

 

The "idea" was a bit more extreme than that. If you wanted to design a computer that is maximally impervious to malware, what would you do? You would cast its functionality in stone. Pure firmware burned into one time programmable surface mount devices soldered to the board. No configuration options to speak of. No support for bringing executable/active content onto the device and executing it. It would only accept and operate on passive data. You would simplify everything you can. You, and you alone, would control (approve) every aspect of the hardware and software implementation. There would be no Java, or if there were, the only Java code that could be executed is that which you wrote or reviewed/approved. That wouldn't guarantee that the manufacturer doing this eliminated all vulnerabilities and didn't design in their own malfeatures of course, but I think that is an extreme example of where things would have to go in order to "eliminate" the threat of malware. A nice idea for certain applications and certain people, not a nice idea for all though.

 

True, but at least with the release of Vista, then 7, there have been significant security improvements such as integrity levels, ASLR and UIPI (user interface privilege isolation). So with that said and as Rmus alluded to, as seems to be the current trend already, I think attacks will be focused far more against common applications and plug-ins more than against the O/S.

 

I can't find the link on irongeek, but he had a great video that discussed the changes of malicious agents and the delivery methods over the last decade or so. What the presenter concluded was that the methods of delivery and the targets of the malicious agents really hadn't changed much over the last 10-15 years. Further more, even when they taught those malicious agents new tricks, these tactics were geared at other applications instead of the security tools on your system. The only example I can recall off hand was an article about some malicious agents go inert in virtual environments. The issues wasn't that they could by-pass or kill your anti-virus, but that the security firms had to find a way to coax the agent into running for testing.

Where I see trouble for consumers and businesses in the future is not so much from hackers and malware, but from:

- store personnel and online blogs/articles giving bad advise to consumers in order to market them applications and hardware. I can't count the number of times a best buy employee has done this because I lack additional digits.

- government agencies developing malicious agents like flame and the having that code reverse engineered and utilized by some 18 year old punk down at star bucks.

- A growing community of users that are resistant/numb to computer security and privacy concerns because of excessive hammering by IT departments. Some people simply don't care about security and privacy until after it affects them personally.

 

This is major worry I feel. It's when the source code get's out there not if. And when it does boy there will be trouble. Malware writers read the same Kaspersky blogs as we do, the same info-sec news as we do. So it's no wonder we are seeing new techniques like using Google Docs & Twitter as C&C infrastructure.

 

No matter how destructive the virus may be or seem, it still has to be delivered to the target victim(s) in much the same way any others are, and if one has the security in place to stop the delivery process, then that's all that really matters. Stuxnet and variants should be no more a concern than any of the current, most common viruses in the wild.

 

@wat0114

It's funny, after spending a year navigating some of the online hacking communities, many of them pointed out the same problem. What started with a malicious application getting detected over a couple days because within a couple hours and then within a couple minutes. Most of these forums closed shop when their user bases left. But I think this shows that delivery is an incredible obstacle to overcome and get around. This aside, the governments resourcefulness in bypassing commercial limitations makes me wonder if there might be a vulnerability not yet protected by commercial applications and system tweaks.

 

I have to disagree with you there. Stuxnet is like the first Atomic Bomb test, it's changed society forever. The internet has lost it's innocence so to speak because now it's seen as a weapon. And Stuxnet has ushered in the era of the militarization of computers as we know it. Everyone is bumping cyber security spending, and we know nations know have cyber security task forces and armies to carry out operations.

Now what bothers me the most is that other nations will want a piece of the action. They will want their own Stuxnet too, why shouldn't they be allowed to have one if others do too?

In the course of humanity this is a turning point. Things like Stuxnet are not for the betterment of mankind, they are soulless and destructive weapons. It should never have been made in my view, it's opened Pandora's box.

 

... I think there are a lot of people who might find your analogy insulting and objectionable.

Stuxnet was, in retrospect, probably a bad idea. I just fail to understand how you can possibly even think of lumping it together with nukes.

 

Because both should never have happened. Humankind would be better off if both didn't happen.

 

I get what you're saying, I just think the gulf in terms of severity is ridiculous.

Think about it. When was the last time malware actually killed someone?

 

I agree it's complex well engineered malware, but it's main target was industrial process control systems, and it spreads mainly through USB drives. Well I don't run an industrial control system in my home, as I'm sure most home users don't, plus nothing at all can autorun from USB or other removable drives on any of the pc's in this home, not to mention the measures I have in place that stop other typical malware delivery methods.

Sure, I suppose it could potentially be re-engineered to target home users and business end users for other purposes, most likely for financial gain, but I don't see why it can't be thwarted just as easily as other malware using sound security and policy mechanisms.

 

It can kill in theory. Think medical devices. Think water storage and electricity companies. This is the age of microchips and the interconnected world through technology.

Severity wise it may not be on the same level, but Stuxnet is a monster that has opened Pandora's box. Make no mistake we are in a cyber arms race, just like other countries wanted a Atomic Bomb they will want their Stuxnet as well.

Study Flame and it's MD5 collision attacks & using windows update. How are you meant to protect against that?

And remember that was their throw away, they knew it would be discovered. Imagine what else they have under wraps that no one knows about.

 

Interfering with medical devices is unlikely. Utilities may be a problem, but only because they shouldn't be controlled by Internet-connected computers.

If we can be hurt by malware, it's because we're using general purpose computers for things they should never be used for.

 

Two recent articles on malware and medical devices:
http://www.technologyreview.com/new...-are-rampant-on-medical-devices-in-hospitals/
http://threatpost.com/en_us/blogs/medical-device-security-need-major-upgrade-101712

It is frequently the case that COTS solutions and components cost less than custom designs, and can be rolled-out/updated more quickly too. Which isn't to say that COTS is the best approach for all applications. Many custom designs are built around existing protocols and technology as well, in part to maximize interoperability with other devices. Many of the products in the medical space, utility space, etc are generally available commercial products with documentation, so someone wanting to target them can gather some information and if motivated enough probably even find equipment to test their malware on.