Changing times

2010-10-01

Helen Martin

Virus Bulletin
Editor: Helen Martin

Abstract

‘Ten years ago the idea of malware writing becoming a profit-making industry simply wasn’t on the radar.' Helen Martin, Virus Bulletin


By the time this issue of VB is published Virus Bulletin will have celebrated the 20th anniversary of the VB conference.

The inaugural VB conference took place in September 1991 – before the term ‘malware’ had been dreamt up and when ‘spam’ was still just a form of tinned luncheon meat. The conference programme spanned two days in a single-stream format, and amongst the material presented, delegates heard that IBM had over 400 different computer viruses in its collection.

Since then, of course, times have moved on – the conference now takes place over three days, in a double-stream format, and the number of speakers and delegates has more than doubled. Times have moved on in the industry too, and for anyone who wasn’t involved in it 20 years ago, the idea that a security company would be proud to have 400 different pieces of malware in its collection seems hard to believe.

But even ten years ago the situation was dramatically different from the world we live in today.

In September 2000 the VB conference celebrated its 10th birthday in Orlando. The keynote address was a paper by IBM’s Steve White entitled ‘Virus Bulletin 2010 – a retrospective’. In it, Steve wrote as if he was an AV researcher living in 2010 looking back on the last ten years of the industry.

While mostly very tongue-in-cheek, a substantial amount of what he wrote was accurate.

He predicted that by 2010 the PC would no longer be the most prevalent computing platform in the world, having been overtaken in number by pervasive computing devices – in other words, PDAs and web phones.

He predicted that dramatically falling prices for commercial computing systems would result in their commoditization and widespread use throughout the world, and he predicted that broadband Internet access from most of the developed world would put much of the earth’s population online 24/7.

However, not all of his predictions were as accurate: he predicted that in 2010 there would be nearly 500,000 viruses in existence – not 500,000 new viruses per month or per week, but 500,000 in total. Today we see in the region of 50,000 new malware files every day. Indeed, in another paper from VB2000 Paul Ducklin described how anti-virus vendors were in the habit of exchanging entire malware collections once a month – with a typical collection ranging in size from 5MB to 10MB. Today, typical malware collections occupy terabytes of disk space, and sharing new samples even on a daily basis takes gigabytes of network bandwidth.

Steve’s paper also failed to pick up on possibly the greatest change we have seen in the malware scene – the change in motivation of malware authors.

Even in some of his seemingly more far-fetched descriptions of virus outbreaks – such as the one he wrote of that brought down the 25th largest bank in the world, or the one that altered victims’ electronic tax returns, there was no mention of malware authors issuing ransom demands, syphoning money out of accounts or stealing data, and so on. Once again, this is a reflection of how much the malware scene has changed – ten years ago the idea of malware writing becoming a profit-making industry simply wasn’t on the radar, while today, the profits generated by cybercrime worldwide are rumoured to match the revenues yielded by the illegal drugs trade.

With such dramatic changes over the last ten years, one has to wonder what the next ten years will have in store for the industry – to quote Eugene Kaspersky (see VB, October 2000, p.19), ‘I can’t predict precisely what will happen in the future, but I’m pretty sure that computer crime and cyber hooligans will not disappear.’

Steve White’s VB2000 paper can be downloaded from http://www.virusbtn.com/conference/vb2000/vb2000White.pdf – although I regret to say that despite our best efforts Virus Bulletin’s technical people are still unable to get the ‘touch references’ to work…

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.