Malware is such a ubiquitous term but not many know the true history and the difference between the disparate types of code. As the authors of multiple pieces of malware, some of which that have leaked into the wild, we represent not only historians but actually part of the history. In this talk we will discuss the definitions and history of different types of malware, how computers get infected, why they are still successful, what types of solutions have been attempted and while they fail, what the future of detection and eradication may be. Finally, we will demonstrate an infection and they type of access the malware can have when all the protections and the user fail to prevent it.
2. Who We Are
*Michael Angelo Vien
Founder and Head of Cyber
@MeasuredRisk
Author of Michaelangelo (written 1987/discovered 1991)
*Greg “mobman” Hanis
Principal Research Scientist
@MeasuredRisk
Author of sub7 RAT (written 1997/discovered 1999)
MeasuredRisk.com
3. Malware Definitions (as we see them)
• Virus – Self-replicating, non-propagating malicious code which
typically required a parasitic relationship with another executable
process
• Worm – Self-replicating, self-propagating malicious code which
exploits vulnerabilities on the target in order to move from computer
to computer
• Ransomware – Malware which restricts access to all or a portion of
the computer resources. It then extorts the user to restore access
MeasuredRisk.com
4. Malware Definitions Continued
Remote Access Trojan
• Non-replicating
• Non-propagating
• Provides full remote access
• Screen capture
• Key logging
• Access to everything the infected user has access to
MeasuredRisk.com
5. First Virus in the Wild
• Elk Cloner was boot-sector virus for Apple DOS 3.3 in 1981
• The term ‘virus’ wasn’t even coined until 1984 by Dr. Fred Cohen
• You read correctly, the first virus was for an Apple computer
• Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
MeasuredRisk.com
7. First Worm in the Wild
• Not the Morris Worm!
• Creeper was the first worm (by definition) as it copied itself from
computer to computer in 1971!
• Infected PDP-10’s running TENEX OS on the ARPANet
• Reaper was the first AV, created to counteract Creeper
MeasuredRisk.com
8. Michaelangelo Virus
• Boot sector virus for DOS
• On March 6 (Michelangelo di Lodovici Buonarroti Simoni’s b-day) the
virus would overwrite the first 100 sectors of the HDD
• Created a doomsday fear for computers users in 1992 who believed
they would lose all their data
• John McAfee was quoted as saying it infected as many as 5 million
computers
10. Sub7 RAT
• Written in Delphi
• Communication notifications of victim(s)
• Fun stuff / pranks
• My use, how it spread (dingdong friends)
• Inspired people to engage security (at least that’s what people say)
• Imitations (failed) and yes I hear about them
11. DEMO Like A Beast!!!!
• A fuckin demo (cause we have to)