Evolution of Malware and Attempts to Prevent

Who We Are

*Michael Angelo VienFounder and Head of Cyber@MeasuredRiskAuthor of Michaelangelo (written 1987/discovered 1991)*Greg “mobman” HanisPrincipal Research Scientist@MeasuredRiskAuthor of sub7 RAT (written 1997/discovered 1999)

MeasuredRisk.com

Malware Definitions (as we see them)• Virus – Self-replicating, non-propagating malicious code which

typically required a parasitic relationship with another executable process• Worm – Self-replicating, self-propagating malicious code which

exploits vulnerabilities on the target in order to move from computer to computer• Ransomware – Malware which restricts access to all or a portion of

the computer resources. It then extorts the user to restore access

MeasuredRisk.com

Malware Definitions Continued

Remote Access Trojan• Non-replicating• Non-propagating• Provides full remote access• Screen capture• Key logging• Access to everything the infected user has access to

MeasuredRisk.com

First Virus in the Wild

• Elk Cloner was boot-sector virus for Apple DOS 3.3 in 1981• The term ‘virus’ wasn’t even coined until 1984 by Dr. Fred Cohen• You read correctly, the first virus was for an Apple computer• Elk Cloner: The program with a personality

It will get on all your disksIt will infiltrate your chipsYes, it's Cloner!It will stick to you like glueIt will modify RAM tooSend in the Cloner!

MeasuredRisk.com

Protection

MeasuredRisk.com

First Worm in the Wild

• Not the Morris Worm!• Creeper was the first worm (by definition) as it copied itself from

computer to computer in 1971!• Infected PDP-10’s running TENEX OS on the ARPANet• Reaper was the first AV, created to counteract Creeper

MeasuredRisk.com

Michaelangelo Virus

• Boot sector virus for DOS • On March 6 (Michelangelo di Lodovici Buonarroti Simoni’s b-day) the

virus would overwrite the first 100 sectors of the HDD• Created a doomsday fear for computers users in 1992 who believed

they would lose all their data• John McAfee was quoted as saying it infected as many as 5 million

computers

Michael Angelo

Sub7 RAT

• Written in Delphi• Communication notifications of victim(s)• Fun stuff / pranks• My use, how it spread (dingdong friends)• Inspired people to engage security (at least that’s what people say)• Imitations (failed) and yes I hear about them

DEMO Like A Beast!!!!

• A fuckin demo (cause we have to)

For Profit Malware

MeasuredRisk.comBy FBI [1] - FBI, Public Domain, https://commons.wikimedia.org/w/index.php?curid=38458409

For Profit Malware

MeasuredRisk.com

For Profit Malware

MeasuredRisk.com

Q&A

• MeasuredRisk.com

MeasuredRisk.com