Malware

By | 06/04/2015

General terms:

  • Bot / Zombie – Machine under the control of the attacker
  • Backdoor – A way to access into the system without the owner knows

Malware components:

  • Insertion – getting on the computer
  • Avoidance – hide
  • Eradication – cover tracks
  • Propagation – replication
  • Trigger – initiation of payload
  • Payload – what is delivered, malicious actions

Types of malware:

  • Virus
  • Worms – service/server vulnerability
  • Trojan – Unauthorized program inside a legitimate program.
  • Logic Bomb – time or condition to start
  • Blended threat – multi-vector attack

Timeline of malware:

  • 1966 – First though – John von Neumann
  • 1971 – Creeper – Proof of concept – Bob Thomas
  • 1983 – Virus term – Frederick Cohen
  • 1986 – Brain – IBM PC Compatible virus
  • 1989 – Ghostball – Multi vector attack
  • 1992 – Michelangelo – Expected to create a digital apocalypse
  • 1995 – Concept – Macro virus
  • 1996 – Ply – Polymorphic virus
  • 1999 – Happy and Melissa – Email as delivery vector
  • 1999 – Explorer.zip – Damage from payload
  • 2000 – LoveLetter / I love you – Address book attack
  • 2001 – Code red – Web server malware
  • 2003 – SQL slammer – Database server malware
  • 2003 – Welchia / Nachi – Antiworm remove blaster and patch
  • 2004 – Santy – Webworm or php
  • 2007 – Storm – Botnet herder
  • 2009 – Dozor – Directed target
  • 2010 – BSoD – Trojan / Logic bomb based on patch initiation

Significant malware

  • Chernobyl
  • Explore.Zip
  • LoveLetter
  • SQL Slammer
  • Melissa
  • Pretty Park
  • BugBear
  • Klez
  • SirCam
  • Nimda
  • Code Red
  • MS Blaster