Evolution of Malware and Attempts to Prevent
Who We Are
*Michael Angelo VienFounder and Head of Cyber@MeasuredRiskAuthor of Michaelangelo (written 1987/discovered 1991)*Greg “mobman” HanisPrincipal Research Scientist@MeasuredRiskAuthor of sub7 RAT (written 1997/discovered 1999)
MeasuredRisk.com
Malware Definitions (as we see them)• Virus – Self-replicating, non-propagating malicious code which
typically required a parasitic relationship with another executable process• Worm – Self-replicating, self-propagating malicious code which
exploits vulnerabilities on the target in order to move from computer to computer• Ransomware – Malware which restricts access to all or a portion of
the computer resources. It then extorts the user to restore access
MeasuredRisk.com
Malware Definitions Continued
Remote Access Trojan• Non-replicating• Non-propagating• Provides full remote access• Screen capture• Key logging• Access to everything the infected user has access to
MeasuredRisk.com
First Virus in the Wild
• Elk Cloner was boot-sector virus for Apple DOS 3.3 in 1981• The term ‘virus’ wasn’t even coined until 1984 by Dr. Fred Cohen• You read correctly, the first virus was for an Apple computer• Elk Cloner: The program with a personality
It will get on all your disksIt will infiltrate your chipsYes, it's Cloner!It will stick to you like glueIt will modify RAM tooSend in the Cloner!
MeasuredRisk.com
Protection
MeasuredRisk.com
First Worm in the Wild
• Not the Morris Worm!• Creeper was the first worm (by definition) as it copied itself from
computer to computer in 1971!• Infected PDP-10’s running TENEX OS on the ARPANet• Reaper was the first AV, created to counteract Creeper
MeasuredRisk.com
Michaelangelo Virus
• Boot sector virus for DOS • On March 6 (Michelangelo di Lodovici Buonarroti Simoni’s b-day) the
virus would overwrite the first 100 sectors of the HDD• Created a doomsday fear for computers users in 1992 who believed
they would lose all their data• John McAfee was quoted as saying it infected as many as 5 million
computers
Michael Angelo
Sub7 RAT
• Written in Delphi• Communication notifications of victim(s)• Fun stuff / pranks• My use, how it spread (dingdong friends)• Inspired people to engage security (at least that’s what people say)• Imitations (failed) and yes I hear about them
DEMO Like A Beast!!!!
• A fuckin demo (cause we have to)
For Profit Malware
MeasuredRisk.comBy FBI [1] - FBI, Public Domain, https://commons.wikimedia.org/w/index.php?curid=38458409
For Profit Malware
MeasuredRisk.com
For Profit Malware
MeasuredRisk.com
Q&A
• MeasuredRisk.com
MeasuredRisk.com