evolution of malware and attempts to prevent by michael angelo vien
TRANSCRIPT
![Page 1: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/1.jpg)
Evolution of Malware and Attempts to Prevent
![Page 2: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/2.jpg)
Who We Are
*Michael Angelo VienFounder and Head of Cyber@MeasuredRiskAuthor of Michaelangelo (written 1987/discovered 1991)*Greg “mobman” HanisPrincipal Research Scientist@MeasuredRiskAuthor of sub7 RAT (written 1997/discovered 1999)
MeasuredRisk.com
![Page 3: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/3.jpg)
Malware Definitions (as we see them)• Virus – Self-replicating, non-propagating malicious code which
typically required a parasitic relationship with another executable process• Worm – Self-replicating, self-propagating malicious code which
exploits vulnerabilities on the target in order to move from computer to computer• Ransomware – Malware which restricts access to all or a portion of
the computer resources. It then extorts the user to restore access
MeasuredRisk.com
![Page 4: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/4.jpg)
Malware Definitions Continued
Remote Access Trojan• Non-replicating• Non-propagating• Provides full remote access• Screen capture• Key logging• Access to everything the infected user has access to
MeasuredRisk.com
![Page 5: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/5.jpg)
First Virus in the Wild
• Elk Cloner was boot-sector virus for Apple DOS 3.3 in 1981• The term ‘virus’ wasn’t even coined until 1984 by Dr. Fred Cohen• You read correctly, the first virus was for an Apple computer• Elk Cloner: The program with a personality
It will get on all your disksIt will infiltrate your chipsYes, it's Cloner!It will stick to you like glueIt will modify RAM tooSend in the Cloner!
MeasuredRisk.com
![Page 6: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/6.jpg)
Protection
MeasuredRisk.com
![Page 7: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/7.jpg)
First Worm in the Wild
• Not the Morris Worm!• Creeper was the first worm (by definition) as it copied itself from
computer to computer in 1971!• Infected PDP-10’s running TENEX OS on the ARPANet• Reaper was the first AV, created to counteract Creeper
MeasuredRisk.com
![Page 8: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/8.jpg)
Michaelangelo Virus
• Boot sector virus for DOS • On March 6 (Michelangelo di Lodovici Buonarroti Simoni’s b-day) the
virus would overwrite the first 100 sectors of the HDD• Created a doomsday fear for computers users in 1992 who believed
they would lose all their data• John McAfee was quoted as saying it infected as many as 5 million
computers
![Page 9: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/9.jpg)
Michael Angelo
![Page 10: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/10.jpg)
Sub7 RAT
• Written in Delphi• Communication notifications of victim(s)• Fun stuff / pranks• My use, how it spread (dingdong friends)• Inspired people to engage security (at least that’s what people say)• Imitations (failed) and yes I hear about them
![Page 11: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/11.jpg)
DEMO Like A Beast!!!!
• A fuckin demo (cause we have to)
![Page 12: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/12.jpg)
For Profit Malware
MeasuredRisk.comBy FBI [1] - FBI, Public Domain, https://commons.wikimedia.org/w/index.php?curid=38458409
![Page 13: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/13.jpg)
For Profit Malware
MeasuredRisk.com
![Page 14: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/14.jpg)
For Profit Malware
MeasuredRisk.com
![Page 15: Evolution of Malware and Attempts to Prevent by Michael Angelo Vien](https://reader036.vdocuments.mx/reader036/viewer/2022062316/587081b71a28ab57368b6869/html5/thumbnails/15.jpg)
Q&A
• MeasuredRisk.com
MeasuredRisk.com