SlideShare uma empresa Scribd logo

The Evolution Theory of Malware and Our Thought

Antiy Labs
Antiy Labs
Indústria automotiva
1 de 49
Baixar para ler offline
Antiy Labs Seak The Evolution Theory of Malware and Our Thought
Warn The views as well as the visual effects of pictures in the report may cause some displeasures, so it is not suitable to watch after meals. 中国安天实验室
Outline  The evolution of Antivirus  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
The evolutionary methods of AV Fighting against directly • Anti-virus Adding functions • Regmon and TDI mon Induction to normalization • From AntiOOB to PFW Reflux • Immunity Conversion between • Unknown detection based on neural network foreground and background and Decision Tree Introduction • UTM added AV Engine Hardware and software • Anti-virus card -〉anti-virus software ……
Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
Darwin, as a naturalist, sailed with HMS Beagle for 5 years. The picture is about the anchorage of HMS Beagle on July, 5th, 1832. Form Stowe, K. (1995) "Exploring Ocean Science", 2th ed. 中国安天实验室
The Evolution Theory of Malware:  The status of Malware, Chapter ofthat of the living the similar to Living creatures, is the result of the comprehensive elimination and selection. Actually, it is the same with all the software programs.  The living creatures developed the survival ability during the long-term antagonism, elimination and selection.  Let’s come to the Chapter of Living
Parasitism The infection of files Nasonia and boot sectors • The most primitive skills of viruses • Keeping the infected objects the same as original ones until the viruses begin to attack 中国安天实验室
Reproduction Self-reproducing with a large number Self-replicating • There is an old saying that a male mouse and a female mouse can breed • SQL.Slammer worm two hundred and fifty babies in three years. has infected seventy- five thousand(75,000) computers in just ten minutes across the world. 中国安天实验室
Avoiding Predators Yankee Meerkat • Yankee was found by displaying the songs of Yankee Doodle and became well-known. • Yankee is one of the earliest viruses which can avoid their predators. It will “run away” when finding the Debug module. 中国安天实验室
Protective Coloration Grey pigeons Grasshoppers 中国安天实验室
Mimicry Rootkit Stick insect 中国安天实验室
Allure The snail a kind of fluke hosts on Social engineering means 中国安天实验室
Suspended Animation A millipede in suspended animation Rootkit.Baidu • To intercept the API operation of anti-virus software. When finding the Deletefile, it shows SUCCESS. • The anti-virus software can detect files circularly, so it changes the interception policy.
The Evolution Theory of Malware: the Chapter of Death  Trilobites, dinosaurs, saber-toothed tiger have died out, and the South China tigers are about to die out.  The dead ones left fossils and the dying ones are surviving in the zoos.  The thinking tank of Pakistan and the Morris worm are no longer active. Some of Malwares are at the edge of the attacking field.  The viruses, with no activities, are not harmful any more, and just the source codes or disassembly codes printed in textbooks. 中国安天实验室
Predators Security Points Living Cretures • Preying • Anti-virus • Enhancing immunity to avoid • Defense being hosted on
Environment  A variety of viruses have been eliminated due to the upgrading of the operation systems.  DOS 3.3 >DOS 5  MZ > PE  Ring0  VxD->WDM
Propagation and Migration  The exchanging methods of main data to Malware are as important as the migrating ways to animals.  Disks  E-mails  Remote exploits  Password cracking  USB Flash Drive  WEB injection 中国安天实验室
VX: not the only one to be eliminated  OLE2 Watershed  The security mechanisms like DEP and PatchGuard enhanced by Vista, stop the viruses outside the computers but interrupt the anti-virus vendors’ incapability test for a long time.
The Evolution Theory of Malware: the Chapter of Mutation The core of the evolution is to architect the academic system with the hard evidence of the Origin of Species and Evolution rather than breeding and life-death. This kind of academic system can overthrow the fallacy that God created the world and the species remained unchanged. 中国安天实验室
Variants of the Virus Family  That the Jerusalem had three hundred and fifty-four variants in DOS time seemed to be unbelievable.  At present, there are thousands of variants of virus families which do not include the variants matched out by general features.  The number of the grey pigeon variants accounts for 17percent of the total backdoor variants in the world. 中国安天实验室
A Typical Case to Revisit the Anti-immunity  The modification and evolution of the propagation. 中国安天实验室
Disassembly and Code Evolution  The wide propagation of DOS virus attributes to the disclosure of disassembly results.  The crazy increasing of backdoors disclosed on BO.  The appearance of Rbot with most variants owing to the code disclosure. 中国安天实验室
The Binary Evolution  The evolution of password guessing worms Worm.ronron.a -> Worm.ronron.b └Cloner ->STED -> eleet cals->olo Release Worm.Dvldr 中国安天实验室
Cross-platform Virus: not the Product of Variation  Do the double-state viruses PE and ELF belong to variation?  Do the double-state viruses Macro and DOS.com belong to variation?  Regarding them as amphibians 中国安天实验室
The Change of State Does Not Mean Self-variation  No new features will not be invented in the process of virus variation. we can call it chameleon.  We can call it chameleon. 中国安天实验室
The Evolution Theory of Malware: the Chapter of Anecdotes  Interesting Phenomenon 中国安天实验室
Wildlist VS Zoo Wildlist Zoo
The Secret of Longevity  Klez  Parite  wyx
Species in the Legend Overwhelming Rumors Manufacturing Species • The e-mail virus • The IM information virus • The BIOS virus 中国安天实验室
Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
Darwin or Lamarck? Lamarckism Darwinism • Evolution is the result of • Evolution is the result of natural biological activity. selection. – Use and disuse – Inheritance with uncertainty – Inheritance of acquired – The uncertainty eliminated by characteristics environment 中国安天实验室
Electing Darwin  The malware has no tendency to evolve by itself.  The result of natural selection is that some malwares dying out and some malwares being active. 中国安天实验室
The Confusion  If we consider virus and anti-virus software as animals, the people who work on them belong to environment or are the “creator”?  Both VX and AV mutate owing to the experience and attempt of human beings.  Living creatures breed and are bred in the process of mutating; codes copy and are copied in constance.  The creators and the modificators are the parts of the inherited strand, which are the biggest difference from the Code Darwinism. 中国安天实验室
Is it possible for malware to evolve in a Lamarckian way?  The uncertainty of malware evolution is the transformation of biological activity.  Is it possible for malware to evolve in a Lamarckian way? 中国安天实验室
The Ideal Achievements of Self-study  Picking up the unknown viruses with Neural Networks
Distributed Nightmares  Based on powerful computing ability.  The computing ability of AI built with single point will not reach the level of children after ten years.  How is about the bot of hundreds of thousands of computers?
Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
Why the red pines began to release such large amounts of carbon dioxide? The pine beetles have destroyed 12.8 square kilometers of forest in western Canada by the end of 2006. It is not the first time for the forest destroyed at this level, but the destruction is 10 times as serious as before. The beetles will release large amounts of carbon dioxide after the trees die?
Protecting the Trees or Killing the Beetles?  The purpose of AVER is to maintain the system running normally.  Recalling the key points in the “war”  welchian  Sobig.f  Dvlodr  downloader  MS08-067 中国安天实验室
Dvloder  Dvloder is the most dangerous one of password guessing worms.  Larger password files, faster scanning speeds.  More compact ways to combine together.  Setting up VNC backdoor.  HIT-Antiy CERT (built by HIT and Antiy) found it first, and located the earliest infected computer very fast. 中国安天实验室
Welchian  The adoption of ARP repression and the manipulation of unmanagable network 中国安天实验室
中国安天实验室 The monitoring result of a HIT mail server someday Rank Name Times Traffic 1 I-Worm.sobig 39006 3.7G 2 I-worm.klez.h 34664 5.6G 3 I-Worm.Runonce 34206 3.0G Amount 12.3G
The Process of Downloader  The identification of behaviors  DEMO 中国安天实验室
The Response to MS08-067  Min loading and scanning probe  Class C, 11 severs 中国安天实验室
Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
Religious fanatics ridicule Darwin because he believes apes are our ancestors. Actually, Darwin just says human beings and apes have the same ancestors rather than to say that. 中国安天实验室
On AVER’s Defense  AVER=Extortioner?  AVER has determined the attributes of thousands of documents, analyzed millions of virus samples, extracted more than one million detection rules and named over 340 thousand viruses in past 20 years.  Snort takes respected place in academia with less than 3 thousand (3,000) rules so far. 中国安天实验室
Thank you! Seak http://www.anity.com seak@antiy.net 中国安天实验室

Recomendados

organic apple insect control program biological 7-16-14
organic apple insect control program biological 7-16-14organic apple insect control program biological 7-16-14
organic apple insect control program biological 7-16-14Kurt Schwartau
 
SteilLinkedInResume2015
SteilLinkedInResume2015SteilLinkedInResume2015
SteilLinkedInResume2015Benjamin Steil
 
Virus Chapter No 5 Class XI
Virus Chapter No 5 Class XI Virus Chapter No 5 Class XI
Virus Chapter No 5 Class XI Sajjad Mirani
 
33. an introduction to the viruses
33. an introduction to the viruses33. an introduction to the viruses
33. an introduction to the virusessulochan_lohani
 
11u bio div 06
11u bio div 0611u bio div 06
11u bio div 06mrglosterscience
 
Viral multiplication
Viral multiplicationViral multiplication
Viral multiplicationStudent
 
Virology Dr.Titi
Virology Dr.TitiVirology Dr.Titi
Virology Dr.TitiJejen Nugraha
 
Virus ppt
Virus pptVirus ppt
Virus pptrajendra dangol
 

Recomendados

organic apple insect control program biological 7-16-14
organic apple insect control program biological 7-16-14organic apple insect control program biological 7-16-14
organic apple insect control program biological 7-16-14Kurt Schwartau
 
SteilLinkedInResume2015
SteilLinkedInResume2015SteilLinkedInResume2015
SteilLinkedInResume2015Benjamin Steil
 
Virus Chapter No 5 Class XI
Virus Chapter No 5 Class XI Virus Chapter No 5 Class XI
Virus Chapter No 5 Class XI Sajjad Mirani
 
33. an introduction to the viruses
33. an introduction to the viruses33. an introduction to the viruses
33. an introduction to the virusessulochan_lohani
 
11u bio div 06
11u bio div 0611u bio div 06
11u bio div 06mrglosterscience
 
Viral multiplication
Viral multiplicationViral multiplication
Viral multiplicationStudent
 
Virology Dr.Titi
Virology Dr.TitiVirology Dr.Titi
Virology Dr.TitiJejen Nugraha
 
Virus ppt
Virus pptVirus ppt
Virus pptrajendra dangol
 
Nano biotech animals_2010
Nano biotech animals_2010Nano biotech animals_2010
Nano biotech animals_2010ArtSci_center
 
CYD-X for Codling Moth Control Pdf
CYD-X for Codling Moth Control PdfCYD-X for Codling Moth Control Pdf
CYD-X for Codling Moth Control PdfGregHallquist
 
Virus dan anti virus
Virus dan anti virusVirus dan anti virus
Virus dan anti virusrangga mandela
 
An introduction to the viruses
An introduction to the virusesAn introduction to the viruses
An introduction to the virusesUmair hanif
 
Roberts AFS 09
Roberts AFS 09Roberts AFS 09
Roberts AFS 09sr320
 
DNA MUGSHOTS AGAINST CRIME
DNA MUGSHOTS AGAINST CRIMEDNA MUGSHOTS AGAINST CRIME
DNA MUGSHOTS AGAINST CRIMEPundlik Rathod
 
Notes - Viruses
Notes - VirusesNotes - Viruses
Notes - VirusesDerek Rapp
 
Holm_MScThesis
Holm_MScThesisHolm_MScThesis
Holm_MScThesisKora Holm
 
Transcriptomics: A Tool for Plant Disease Management
Transcriptomics: A Tool for Plant Disease ManagementTranscriptomics: A Tool for Plant Disease Management
Transcriptomics: A Tool for Plant Disease ManagementSHIVANI PATHAK
 
DNA in the Laboratory
DNA in the LaboratoryDNA in the Laboratory
DNA in the LaboratoryKimberlee Dillon
 
Viruses
VirusesViruses
VirusesKarl Pointer
 
Viral structure & properaties
Viral structure & properatiesViral structure & properaties
Viral structure & properatiesStudent
 
Virus, its types, classification and replication of virus
Virus, its types, classification and replication of virusVirus, its types, classification and replication of virus
Virus, its types, classification and replication of virusMuhammad Abdullah Nabeel
 
Forensic Identification using skin bacterial communities
Forensic Identification using skin bacterial communitiesForensic Identification using skin bacterial communities
Forensic Identification using skin bacterial communitiesChristine Kelly
 
Micro Ch13 Edited
Micro Ch13 EditedMicro Ch13 Edited
Micro Ch13 Editedjasonwalkeratl
 
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning AchievementsIg Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning AchievementsEurofins Genomics Germany GmbH
 
viruses
virusesviruses
virusespeer zada suhail
 
SGM 6/9/07
SGM 6/9/07SGM 6/9/07
SGM 6/9/07Mike Cox
 
Edwards.Miller CSTEP 2016
Edwards.Miller CSTEP 2016Edwards.Miller CSTEP 2016
Edwards.Miller CSTEP 2016Hailee Edwards
 
Recombinanant dna technology
Recombinanant dna technologyRecombinanant dna technology
Recombinanant dna technologyRajesh Kumar Singh
 
Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewAntiy Labs
 

Mais conteúdo relacionado

Mais procurados

Nano biotech animals_2010
Nano biotech animals_2010Nano biotech animals_2010
Nano biotech animals_2010ArtSci_center
 
CYD-X for Codling Moth Control Pdf
CYD-X for Codling Moth Control PdfCYD-X for Codling Moth Control Pdf
CYD-X for Codling Moth Control PdfGregHallquist
 
An introduction to the viruses
An introduction to the virusesAn introduction to the viruses
An introduction to the virusesUmair hanif
 
Roberts AFS 09
Roberts AFS 09Roberts AFS 09
Roberts AFS 09sr320
 
DNA MUGSHOTS AGAINST CRIME
DNA MUGSHOTS AGAINST CRIMEDNA MUGSHOTS AGAINST CRIME
DNA MUGSHOTS AGAINST CRIMEPundlik Rathod
 
Notes - Viruses
Notes - VirusesNotes - Viruses
Notes - VirusesDerek Rapp
 
Holm_MScThesis
Holm_MScThesisHolm_MScThesis
Holm_MScThesisKora Holm
 
Transcriptomics: A Tool for Plant Disease Management
Transcriptomics: A Tool for Plant Disease ManagementTranscriptomics: A Tool for Plant Disease Management
Transcriptomics: A Tool for Plant Disease ManagementSHIVANI PATHAK
 
Viral structure & properaties
Viral structure & properatiesViral structure & properaties
Viral structure & properatiesStudent
 
Virus, its types, classification and replication of virus
Virus, its types, classification and replication of virusVirus, its types, classification and replication of virus
Virus, its types, classification and replication of virusMuhammad Abdullah Nabeel
 
Forensic Identification using skin bacterial communities
Forensic Identification using skin bacterial communitiesForensic Identification using skin bacterial communities
Forensic Identification using skin bacterial communitiesChristine Kelly
 
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning AchievementsIg Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning AchievementsEurofins Genomics Germany GmbH
 
SGM 6/9/07
SGM 6/9/07SGM 6/9/07
SGM 6/9/07Mike Cox
 
Edwards.Miller CSTEP 2016
Edwards.Miller CSTEP 2016Edwards.Miller CSTEP 2016
Edwards.Miller CSTEP 2016Hailee Edwards
 

Mais procurados (20)

Nano biotech animals_2010
Nano biotech animals_2010Nano biotech animals_2010
Nano biotech animals_2010
 
CYD-X for Codling Moth Control Pdf
CYD-X for Codling Moth Control PdfCYD-X for Codling Moth Control Pdf
CYD-X for Codling Moth Control Pdf
 
Virus dan anti virus
Virus dan anti virusVirus dan anti virus
Virus dan anti virus
 
An introduction to the viruses
An introduction to the virusesAn introduction to the viruses
An introduction to the viruses
 
Roberts AFS 09
Roberts AFS 09Roberts AFS 09
Roberts AFS 09
 
DNA MUGSHOTS AGAINST CRIME
DNA MUGSHOTS AGAINST CRIMEDNA MUGSHOTS AGAINST CRIME
DNA MUGSHOTS AGAINST CRIME
 
Notes - Viruses
Notes - VirusesNotes - Viruses
Notes - Viruses
 
Holm_MScThesis
Holm_MScThesisHolm_MScThesis
Holm_MScThesis
 
Transcriptomics: A Tool for Plant Disease Management
Transcriptomics: A Tool for Plant Disease ManagementTranscriptomics: A Tool for Plant Disease Management
Transcriptomics: A Tool for Plant Disease Management
 
DNA in the Laboratory
DNA in the LaboratoryDNA in the Laboratory
DNA in the Laboratory
 
Viruses
VirusesViruses
Viruses
 
Viral structure & properaties
Viral structure & properatiesViral structure & properaties
Viral structure & properaties
 
Virus, its types, classification and replication of virus
Virus, its types, classification and replication of virusVirus, its types, classification and replication of virus
Virus, its types, classification and replication of virus
 
Forensic Identification using skin bacterial communities
Forensic Identification using skin bacterial communitiesForensic Identification using skin bacterial communities
Forensic Identification using skin bacterial communities
 
Micro Ch13 Edited
Micro Ch13 EditedMicro Ch13 Edited
Micro Ch13 Edited
 
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning AchievementsIg Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
Ig Nobel Prize 2021 – The 9 Funny and Scientific Winning Achievements
 
viruses
virusesviruses
viruses
 
SGM 6/9/07
SGM 6/9/07SGM 6/9/07
SGM 6/9/07
 
Edwards.Miller CSTEP 2016
Edwards.Miller CSTEP 2016Edwards.Miller CSTEP 2016
Edwards.Miller CSTEP 2016
 
Recombinanant dna technology
Recombinanant dna technologyRecombinanant dna technology
Recombinanant dna technology
 

Destaque

Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityAntiy Labs
 
Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewAntiy Labs
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
english reading skill by mati khan ahmadzai
english reading skill by mati khan ahmadzaienglish reading skill by mati khan ahmadzai
english reading skill by mati khan ahmadzaiMati Khan Ahmadzai
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection SystemAntiy Labs
 
diference bitween islam and terrorism
diference bitween islam and terrorismdiference bitween islam and terrorism
diference bitween islam and terrorismouhida
 
Presentation Skill
Presentation SkillPresentation Skill
Presentation Skillmzkarim
 
Classification and Keys
Classification and KeysClassification and Keys
Classification and KeysMrs Parker
 
Essentialism and perennialism
Essentialism and perennialismEssentialism and perennialism
Essentialism and perennialismcinth26
 
Plato's Objection to Poetry and Aristotle's Defence
Plato's Objection to Poetry and Aristotle's DefencePlato's Objection to Poetry and Aristotle's Defence
Plato's Objection to Poetry and Aristotle's DefenceDilip Barad
 

Destaque (15)

Data Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network IdentityData Storage and Security Strategies of Network Identity
Data Storage and Security Strategies of Network Identity
 
Malware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial ViewMalware in Mobile Platform from Panoramic Industrial View
Malware in Mobile Platform from Panoramic Industrial View
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
english reading skill by mati khan ahmadzai
english reading skill by mati khan ahmadzaienglish reading skill by mati khan ahmadzai
english reading skill by mati khan ahmadzai
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Scopes trial
Scopes trialScopes trial
Scopes trial
 
diference bitween islam and terrorism
diference bitween islam and terrorismdiference bitween islam and terrorism
diference bitween islam and terrorism
 
Presentation Skill
Presentation SkillPresentation Skill
Presentation Skill
 
Presentation skill
Presentation skillPresentation skill
Presentation skill
 
Classification and Keys
Classification and KeysClassification and Keys
Classification and Keys
 
Essentialism and perennialism
Essentialism and perennialismEssentialism and perennialism
Essentialism and perennialism
 
Plato's Objection to Poetry and Aristotle's Defence
Plato's Objection to Poetry and Aristotle's DefencePlato's Objection to Poetry and Aristotle's Defence
Plato's Objection to Poetry and Aristotle's Defence
 
Perennialism
PerennialismPerennialism
Perennialism
 
Evolution powerpoint
Evolution powerpointEvolution powerpoint
Evolution powerpoint
 

Semelhante a The Evolution Theory of Malware and Our Thought

Proofing against malware
Proofing against malwareProofing against malware
Proofing against malwareSensePost
 
Ezkare Presentation : Light Color Version
Ezkare Presentation : Light Color VersionEzkare Presentation : Light Color Version
Ezkare Presentation : Light Color VersionMadlis
 
Ezkare Presentation : Dark Color Version
Ezkare Presentation : Dark Color VersionEzkare Presentation : Dark Color Version
Ezkare Presentation : Dark Color VersionMadlis
 
Viruses and Viroids - Is There A Difference.pdf
Viruses and Viroids - Is There A Difference.pdfViruses and Viroids - Is There A Difference.pdf
Viruses and Viroids - Is There A Difference.pdfVerne Bio
 
Helminths Are Parasitic Worms
Helminths Are Parasitic WormsHelminths Are Parasitic Worms
Helminths Are Parasitic WormsCrystal Torres
 
The Rubella Virus
The Rubella VirusThe Rubella Virus
The Rubella VirusRenee Jones
 
2009 Kl Cybercrime Kaspersky
2009 Kl Cybercrime Kaspersky2009 Kl Cybercrime Kaspersky
2009 Kl Cybercrime KasperskyICTloket.be
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
The Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesThe Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesChuck Thompson
 
Chapter 4 isolation identification-and-cultivation
Chapter 4 isolation identification-and-cultivationChapter 4 isolation identification-and-cultivation
Chapter 4 isolation identification-and-cultivationAlia Najiha
 
d8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.ppt
d8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.pptd8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.ppt
d8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.pptAmine307994
 
Malicious software
Malicious softwareMalicious software
Malicious softwarerajakhurram
 
Transformations of cells
Transformations of cellsTransformations of cells
Transformations of cellsanjana goel
 
CRISPR Origins: The Battle Between Viruses & Bacteria
CRISPR Origins: The Battle Between Viruses & BacteriaCRISPR Origins: The Battle Between Viruses & Bacteria
CRISPR Origins: The Battle Between Viruses & BacteriaKumaraguru Veerasamy
 

Semelhante a The Evolution Theory of Malware and Our Thought (20)

Bacteria and viruses
Bacteria and virusesBacteria and viruses
Bacteria and viruses
 
Arena Virus
Arena VirusArena Virus
Arena Virus
 
Proofing against malware
Proofing against malwareProofing against malware
Proofing against malware
 
Ezkare Presentation : Light Color Version
Ezkare Presentation : Light Color VersionEzkare Presentation : Light Color Version
Ezkare Presentation : Light Color Version
 
Ezkare Presentation : Dark Color Version
Ezkare Presentation : Dark Color VersionEzkare Presentation : Dark Color Version
Ezkare Presentation : Dark Color Version
 
Viruses and Viroids - Is There A Difference.pdf
Viruses and Viroids - Is There A Difference.pdfViruses and Viroids - Is There A Difference.pdf
Viruses and Viroids - Is There A Difference.pdf
 
Helminths Are Parasitic Worms
Helminths Are Parasitic WormsHelminths Are Parasitic Worms
Helminths Are Parasitic Worms
 
The Rubella Virus
The Rubella VirusThe Rubella Virus
The Rubella Virus
 
2009 Kl Cybercrime Kaspersky
2009 Kl Cybercrime Kaspersky2009 Kl Cybercrime Kaspersky
2009 Kl Cybercrime Kaspersky
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
The Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesThe Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer Viruses
 
Chapter 4 isolation identification-and-cultivation
Chapter 4 isolation identification-and-cultivationChapter 4 isolation identification-and-cultivation
Chapter 4 isolation identification-and-cultivation
 
d8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.ppt
d8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.pptd8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.ppt
d8a7d984d8a3d985d8b1d8a7d8b6-d8a7d984d985d8b9d8afd98ad8a97.ppt
 
Virology - Basic Idea & Classification
Virology - Basic Idea & ClassificationVirology - Basic Idea & Classification
Virology - Basic Idea & Classification
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Virus
VirusVirus
Virus
 
Viruses
Viruses Viruses
Viruses
 
Transformations of cells
Transformations of cellsTransformations of cells
Transformations of cells
 
CRISPR Origins: The Battle Between Viruses & Bacteria
CRISPR Origins: The Battle Between Viruses & BacteriaCRISPR Origins: The Battle Between Viruses & Bacteria
CRISPR Origins: The Battle Between Viruses & Bacteria
 

Último

Welcome to Auto Know University Orientation
Welcome to Auto Know University OrientationWelcome to Auto Know University Orientation
Welcome to Auto Know University Orientationxlr8sales
 
Increasing Community Impact with Meaningful Engagement by Brytanee Brown
Increasing Community Impact with Meaningful Engagement by Brytanee BrownIncreasing Community Impact with Meaningful Engagement by Brytanee Brown
Increasing Community Impact with Meaningful Engagement by Brytanee BrownForth
 
Bizwerx Innovation & Mobility Hub by Dr. Cassandra Little
Bizwerx Innovation & Mobility Hub by Dr. Cassandra LittleBizwerx Innovation & Mobility Hub by Dr. Cassandra Little
Bizwerx Innovation & Mobility Hub by Dr. Cassandra LittleForth
 
Clean Mobility Options Program by Sarah Huang
Clean Mobility Options Program by Sarah HuangClean Mobility Options Program by Sarah Huang
Clean Mobility Options Program by Sarah HuangForth
 
ABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILES
ABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILESABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILES
ABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILESsriharshaganjam1
 
Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...
Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...
Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...IEABODI2SnVVnGimcEAI
 
怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道
怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道
怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道7283h7lh
 
Human Resource Practices TATA MOTORS.pdf
Human Resource Practices TATA MOTORS.pdfHuman Resource Practices TATA MOTORS.pdf
Human Resource Practices TATA MOTORS.pdfAditiMishra247289
 

Último (8)

Welcome to Auto Know University Orientation
Welcome to Auto Know University OrientationWelcome to Auto Know University Orientation
Welcome to Auto Know University Orientation
 
Increasing Community Impact with Meaningful Engagement by Brytanee Brown
Increasing Community Impact with Meaningful Engagement by Brytanee BrownIncreasing Community Impact with Meaningful Engagement by Brytanee Brown
Increasing Community Impact with Meaningful Engagement by Brytanee Brown
 
Bizwerx Innovation & Mobility Hub by Dr. Cassandra Little
Bizwerx Innovation & Mobility Hub by Dr. Cassandra LittleBizwerx Innovation & Mobility Hub by Dr. Cassandra Little
Bizwerx Innovation & Mobility Hub by Dr. Cassandra Little
 
Clean Mobility Options Program by Sarah Huang
Clean Mobility Options Program by Sarah HuangClean Mobility Options Program by Sarah Huang
Clean Mobility Options Program by Sarah Huang
 
ABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILES
ABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILESABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILES
ABOUT REGENERATIVE BRAKING SYSTEM ON AUTOMOBILES
 
Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...
Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...
Infineon-Infineon_DC_EV_Charging_Trends_and_system_solutions-ApplicationPrese...
 
怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道
怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道
怎么办理美国UCONN毕业证康涅狄格大学学位证书一手渠道
 
Human Resource Practices TATA MOTORS.pdf
Human Resource Practices TATA MOTORS.pdfHuman Resource Practices TATA MOTORS.pdf
Human Resource Practices TATA MOTORS.pdf
 

The Evolution Theory of Malware and Our Thought

  • 1. Antiy Labs Seak The Evolution Theory of Malware and Our Thought
  • 2. Warn The views as well as the visual effects of pictures in the report may cause some displeasures, so it is not suitable to watch after meals. 中国安天实验室
  • 3. Outline  The evolution of Antivirus  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
  • 4. The evolutionary methods of AV Fighting against directly • Anti-virus Adding functions • Regmon and TDI mon Induction to normalization • From AntiOOB to PFW Reflux • Immunity Conversion between • Unknown detection based on neural network foreground and background and Decision Tree Introduction • UTM added AV Engine Hardware and software • Anti-virus card -〉anti-virus software ……
  • 5. Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
  • 6. Darwin, as a naturalist, sailed with HMS Beagle for 5 years. The picture is about the anchorage of HMS Beagle on July, 5th, 1832. Form Stowe, K. (1995) "Exploring Ocean Science", 2th ed. 中国安天实验室
  • 7. The Evolution Theory of Malware:  The status of Malware, Chapter ofthat of the living the similar to Living creatures, is the result of the comprehensive elimination and selection. Actually, it is the same with all the software programs.  The living creatures developed the survival ability during the long-term antagonism, elimination and selection.  Let’s come to the Chapter of Living
  • 8. Parasitism The infection of files Nasonia and boot sectors • The most primitive skills of viruses • Keeping the infected objects the same as original ones until the viruses begin to attack 中国安天实验室
  • 9. Reproduction Self-reproducing with a large number Self-replicating • There is an old saying that a male mouse and a female mouse can breed • SQL.Slammer worm two hundred and fifty babies in three years. has infected seventy- five thousand(75,000) computers in just ten minutes across the world. 中国安天实验室
  • 10. Avoiding Predators Yankee Meerkat • Yankee was found by displaying the songs of Yankee Doodle and became well-known. • Yankee is one of the earliest viruses which can avoid their predators. It will “run away” when finding the Debug module. 中国安天实验室
  • 11. Protective Coloration Grey pigeons Grasshoppers 中国安天实验室
  • 12. Mimicry Rootkit Stick insect 中国安天实验室
  • 13. Allure The snail a kind of fluke hosts on Social engineering means 中国安天实验室
  • 14. Suspended Animation A millipede in suspended animation Rootkit.Baidu • To intercept the API operation of anti-virus software. When finding the Deletefile, it shows SUCCESS. • The anti-virus software can detect files circularly, so it changes the interception policy.
  • 15. The Evolution Theory of Malware: the Chapter of Death  Trilobites, dinosaurs, saber-toothed tiger have died out, and the South China tigers are about to die out.  The dead ones left fossils and the dying ones are surviving in the zoos.  The thinking tank of Pakistan and the Morris worm are no longer active. Some of Malwares are at the edge of the attacking field.  The viruses, with no activities, are not harmful any more, and just the source codes or disassembly codes printed in textbooks. 中国安天实验室
  • 16. Predators Security Points Living Cretures • Preying • Anti-virus • Enhancing immunity to avoid • Defense being hosted on
  • 17. Environment  A variety of viruses have been eliminated due to the upgrading of the operation systems.  DOS 3.3 >DOS 5  MZ > PE  Ring0  VxD->WDM
  • 18. Propagation and Migration  The exchanging methods of main data to Malware are as important as the migrating ways to animals.  Disks  E-mails  Remote exploits  Password cracking  USB Flash Drive  WEB injection 中国安天实验室
  • 19. VX: not the only one to be eliminated  OLE2 Watershed  The security mechanisms like DEP and PatchGuard enhanced by Vista, stop the viruses outside the computers but interrupt the anti-virus vendors’ incapability test for a long time.
  • 20. The Evolution Theory of Malware: the Chapter of Mutation The core of the evolution is to architect the academic system with the hard evidence of the Origin of Species and Evolution rather than breeding and life-death. This kind of academic system can overthrow the fallacy that God created the world and the species remained unchanged. 中国安天实验室
  • 21. Variants of the Virus Family  That the Jerusalem had three hundred and fifty-four variants in DOS time seemed to be unbelievable.  At present, there are thousands of variants of virus families which do not include the variants matched out by general features.  The number of the grey pigeon variants accounts for 17percent of the total backdoor variants in the world. 中国安天实验室
  • 22. A Typical Case to Revisit the Anti-immunity  The modification and evolution of the propagation. 中国安天实验室
  • 23. Disassembly and Code Evolution  The wide propagation of DOS virus attributes to the disclosure of disassembly results.  The crazy increasing of backdoors disclosed on BO.  The appearance of Rbot with most variants owing to the code disclosure. 中国安天实验室
  • 24. The Binary Evolution  The evolution of password guessing worms Worm.ronron.a -> Worm.ronron.b └Cloner ->STED -> eleet cals->olo Release Worm.Dvldr 中国安天实验室
  • 25. Cross-platform Virus: not the Product of Variation  Do the double-state viruses PE and ELF belong to variation?  Do the double-state viruses Macro and DOS.com belong to variation?  Regarding them as amphibians 中国安天实验室
  • 26. The Change of State Does Not Mean Self-variation  No new features will not be invented in the process of virus variation. we can call it chameleon.  We can call it chameleon. 中国安天实验室
  • 27. The Evolution Theory of Malware: the Chapter of Anecdotes  Interesting Phenomenon 中国安天实验室
  • 29. The Secret of Longevity  Klez  Parite  wyx
  • 30. Species in the Legend Overwhelming Rumors Manufacturing Species • The e-mail virus • The IM information virus • The BIOS virus 中国安天实验室
  • 31. Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
  • 32. Darwin or Lamarck? Lamarckism Darwinism • Evolution is the result of • Evolution is the result of natural biological activity. selection. – Use and disuse – Inheritance with uncertainty – Inheritance of acquired – The uncertainty eliminated by characteristics environment 中国安天实验室
  • 33. Electing Darwin  The malware has no tendency to evolve by itself.  The result of natural selection is that some malwares dying out and some malwares being active. 中国安天实验室
  • 34. The Confusion  If we consider virus and anti-virus software as animals, the people who work on them belong to environment or are the “creator”?  Both VX and AV mutate owing to the experience and attempt of human beings.  Living creatures breed and are bred in the process of mutating; codes copy and are copied in constance.  The creators and the modificators are the parts of the inherited strand, which are the biggest difference from the Code Darwinism. 中国安天实验室
  • 35. Is it possible for malware to evolve in a Lamarckian way?  The uncertainty of malware evolution is the transformation of biological activity.  Is it possible for malware to evolve in a Lamarckian way? 中国安天实验室
  • 36. The Ideal Achievements of Self-study  Picking up the unknown viruses with Neural Networks
  • 37. Distributed Nightmares  Based on powerful computing ability.  The computing ability of AI built with single point will not reach the level of children after ten years.  How is about the bot of hundreds of thousands of computers?
  • 38. Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
  • 39. Why the red pines began to release such large amounts of carbon dioxide? The pine beetles have destroyed 12.8 square kilometers of forest in western Canada by the end of 2006. It is not the first time for the forest destroyed at this level, but the destruction is 10 times as serious as before. The beetles will release large amounts of carbon dioxide after the trees die?
  • 40. Protecting the Trees or Killing the Beetles?  The purpose of AVER is to maintain the system running normally.  Recalling the key points in the “war”  welchian  Sobig.f  Dvlodr  downloader  MS08-067 中国安天实验室
  • 41. Dvloder  Dvloder is the most dangerous one of password guessing worms.  Larger password files, faster scanning speeds.  More compact ways to combine together.  Setting up VNC backdoor.  HIT-Antiy CERT (built by HIT and Antiy) found it first, and located the earliest infected computer very fast. 中国安天实验室
  • 42. Welchian  The adoption of ARP repression and the manipulation of unmanagable network 中国安天实验室
  • 43. 中国安天实验室 The monitoring result of a HIT mail server someday Rank Name Times Traffic 1 I-Worm.sobig 39006 3.7G 2 I-worm.klez.h 34664 5.6G 3 I-Worm.Runonce 34206 3.0G Amount 12.3G
  • 44. The Process of Downloader  The identification of behaviors  DEMO 中国安天实验室
  • 45. The Response to MS08-067  Min loading and scanning probe  Class C, 11 severs 中国安天实验室
  • 46. Outline  The conclusive history of AV vs. VX  The virus ecology in the Evolution Theory  Lamarck, Darwin, and AI Empire  I am the nature—thinking on the creating and struggling  Meditating in front of Darwin’s portrait
  • 47. Religious fanatics ridicule Darwin because he believes apes are our ancestors. Actually, Darwin just says human beings and apes have the same ancestors rather than to say that. 中国安天实验室
  • 48. On AVER’s Defense  AVER=Extortioner?  AVER has determined the attributes of thousands of documents, analyzed millions of virus samples, extracted more than one million detection rules and named over 340 thousand viruses in past 20 years.  Snort takes respected place in academia with less than 3 thousand (3,000) rules so far. 中国安天实验室