BSides algiers - Malware History - Sofiane Talmat
•Transferir como PPTX, PDF•
1 gostou•2,301 visualizações
Recomendados
Mais conteúdo relacionado
Semelhante a BSides algiers - Malware History - Sofiane Talmat
Semelhante a BSides algiers - Malware History - Sofiane Talmat (20)
Mais de Shellmates
Mais de Shellmates (13)
Último
Último (20)
BSides algiers - Malware History - Sofiane Talmat
- 1. L’industrie du Malware (Part I) Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) http://www.synapse-labs.com info@synapse-labs.com
- 2. Security Corporate Services Services Solution Trainings Development http://www.synapse-labs.com info@synapse-labs.com
- 3. Viruses don't harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky) http://www.synapse-labs.com info@synapse-labs.com
- 4. • 1948 – 1966 (First theroical Approach) • John von Neumann « Theory of self-reproducing automata » http://www.synapse-labs.com info@synapse-labs.com
- 5. • 1971 (First Worm) • Robert (Bob) H. Thomas (BBN technologies) "I'm the creeper, catch me if you can!" • Machine : PDP-10 • System : TENEX • Transport : ARPANET http://www.synapse-labs.com info@synapse-labs.com
- 6. WORM http://www.synapse-labs.com info@synapse-labs.com
- 7. • 1974/1975 (First Trojan Virus) • John Walker « ANIMAL » UNIVAC 1108 http://www.synapse-labs.com info@synapse-labs.com
- 8. TROJAN HORSE http://www.synapse-labs.com info@synapse-labs.com
- 9. • 1982/1982 (First microcomputer Virus) • Rich Skrenta « Elk Cloner » Apple II Boot Sector http://www.synapse-labs.com info@synapse-labs.com
- 10. BOOT SECTOR http://www.synapse-labs.com info@synapse-labs.com
- 11. • 1986 (First IBM-PC Virus) • Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore » http://www.synapse-labs.com info@synapse-labs.com
- 12. • 1986 (First File Infector Virus) • Ralf Burger VirDem Ver.: 1.06 (Generation #) aktive. « Virdem model» Copyright by R.Burger 1986,1987 Phone.: D - 05932/5451 .com This is a demoprogram for computerviruses. Please put in a number now. If you're right, you'll be able to continue. The number is between 0 and x http://www.synapse-labs.com info@synapse-labs.com
- 13. COM INFECTION http://www.synapse-labs.com info@synapse-labs.com
- 14. • 1987 (Destructive Virus) – Vienna / Lehigh / Yale / Stoned / Ping Pong • Cascade (self-encrypting file virus) IBM Antivirus http://www.synapse-labs.com info@synapse-labs.com
- 15. SELF-ENCRYPTED http://www.synapse-labs.com info@synapse-labs.com
- 16. • 1987 • Jerusalem 1808(EXE) 1813(COM) « Infecting .EXE » ArabStar BlackBox • Interrupt BlackWindow Friday13th • Friday 13th HebrewUniversity Israeli PLO Russian http://www.synapse-labs.com info@synapse-labs.com
- 17. EXE Infection http://www.synapse-labs.com info@synapse-labs.com
- 18. • 1988 (First Internet Worm) • Robert Tappan Morris « The Morris worm » Buffer Overflow 6000 infections http://www.synapse-labs.com info@synapse-labs.com
- 19. BUFFER OVERFLOW http://www.synapse-labs.com info@synapse-labs.com
- 20. • 1988 (First Multipartite Virus) Ghostball • EXE/COM/Boot Sector http://www.synapse-labs.com info@synapse-labs.com
- 21. Multipartite virus http://www.synapse-labs.com info@synapse-labs.com
- 22. • 1988 (First Polymorphic Virus) • Mark Washburn & Ralf Burger « the Chameleon family » « Vienna and Cascade » 1260 http://www.synapse-labs.com info@synapse-labs.com
- 23. Polymorphism http://www.synapse-labs.com info@synapse-labs.com
- 24. • 1995 (First Macro Virus) « Concept » Sub MAIN REM That's enough to prove my point End Sub http://www.synapse-labs.com info@synapse-labs.com
- 25. Macro Virus http://www.synapse-labs.com info@synapse-labs.com
- 26. • 1998 • Chen Ing Hau • CIH v1 « Chernobyl / Spacefiller » Sep.1998 : Yamaha Driver Oct.1998 : Jeux Activision SiN Mar.1999: IBM Aptivas http://www.synapse-labs.com info@synapse-labs.com
- 27. • 1999 (Year of the worms) – Janvier 20: Happy99 worm (emails) (Spanska) – Mars 26: Melissa worm (Microsoft Word/ Outlook) – Juin 06: ExploreZip worm(Microsoft Office documents) – Decembre 30: Kak worm (Javascript worm / Outlook Express bug) http://www.synapse-labs.com info@synapse-labs.com
- 28. • 2000 (The most damaging worm ever) « ILOVEYOU worm (VBS/Loveletter) » VBScript http://www.synapse-labs.com info@synapse-labs.com
- 29. • 2000 (The year of Exploits) – Mai : Sadmind worm (Sun Solaris / Microsoft IIS) – Juillet : Code Red worm (Microsoft IIS indexing) – Septembre : Nimda worm (Windows/Code Red / Sadmind) – Octobre : Klez worm (MS IE / MS Outlook / Outlook Express) http://www.synapse-labs.com info@synapse-labs.com
- 30. • 2002 (Metamorphic virus) • Mental Driller « Win32/Simile » (Etap / MetaPHOR) 90% metamorphose May 14 / System locale http://www.synapse-labs.com info@synapse-labs.com
- 31. METAMORPHIC VIRUS http://www.synapse-labs.com info@synapse-labs.com
- 32. • 2002/2003 (Rise of the RAT & Trojans) – Beast (Delphi) – Optix Pro – Graybird – ProRat http://www.synapse-labs.com info@synapse-labs.com
- 33. • 2003 (More worms in the wild) – SQL Slammer worm • 75,000 en 10 minutes – Blaster worm (RPC) (similar to sasser 2004) • DDoS with SYN flood (windowsupdate.com) http://www.synapse-labs.com info@synapse-labs.com
- 34. • 2004 (First Webworm) « Santy » - Target : phpbb forums - 40 000 sites infectés http://www.synapse-labs.com info@synapse-labs.com
- 35. • 2006 (First ever Mac OS X virus) « OSX/Leap-A or OSX/Oompa-A » – Lan worm – Bonjour Protocol (iChat buddy list) – Destruit les fichiers infectes http://www.synapse-labs.com info@synapse-labs.com
- 36. • 2007 (Vous avez dit ZEUS ?) « ZEUS » (drive-by downloads /phishing) – 196 pays – Juin.2009 : 74,000 comptes FTP – 3.6 million d’infections aux USA – 28 Oct.2009 : 1.5 million de messages fishing sur facebook – 14/15 Nov. 2009 : 9 millions emails infectes(Verizon Wireless) – Cartes de credits de 15 banques compromises – 1 Oct.2010 : FBI / 70 millions $ et 90 arrestations – Mai.2011 : le code source est dévoilé http://www.synapse-labs.com info@synapse-labs.com
- 37. • 2007 (Mise a pirx : 250 000 $) « Conflicker » NetBIOS Exploits MS08-067 http://www.synapse-labs.com info@synapse-labs.com
- 38. BOTNET http://www.synapse-labs.com info@synapse-labs.com
- 39. • 2009 (Cyber attack) « W32.Dozer » « July 2009 Cyber Attacks » – 04/07/2009 : • USA / Corée du Sud – 07/07/2009 : • Corée du Sud – 09/07/2009 : • Corée du Sud http://www.synapse-labs.com info@synapse-labs.com
- 40. Cyber Weapons !!!!! 2010 : STUXNET 2011 : Duqu http://www.synapse-labs.com info@synapse-labs.com
- 41. Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labs http://www.synapse-labs.com info@synapse-labs.com