Before the arrival of Windows 95, the creators of self-replicating malicious code were deeply concerned about the potential consequences of the new OS on the future of their activity. After the historical generation leap from DOS to the windows-based GUI, however, virus writers gained new confidence in their abilities, expanding their horizons and developing inclinations that occasionally turned into true megalomania. Some of the VXers from the Nineties had the god complex, and they didn’t hide it at all.
Before growing into a worldwide phenomenon run by the worst cyber-criminals gangs out there, spam was an annoyance limited to the few intimate users of the ARPANET network. It was there, before the technology at the foundation of ARPANET gave life to the modern Internet, that 36 years ago the Digital Equipment Corporation (DEC) marketing manager Gary Thuerk sent what is officially acknowledged as the first mass marketing e-mail in history.
In an age where malicious code has turned into cyber-crime and ransomware is asking for lot of money to unlock the access to user’s files, a particular class of malware with ancient origins is still able to survive - even though it’s forced to serve the needs of the aforementioned crime. The class I am talking about is the virus or file virus one, a type of digital pathogen that raged in the MS-DOS times and then began to slowly wane when Windows appeared and Internet worms brought their worldwide epidemics.
The CryptoLocker ransomware is still raging on-line and on users and companies computers, while new details about the source of this dangerous file-abducting trojan propagation come out and willing developers are trying to hinder the infection spreading. The criminal gang which created the malware even comes up with new ways to take money from users affected by the threat, even though in doing so it is forced to contradict itself.
Computer threats are continuously evolving, and there is who would even pretend that they did the leap from the machine to man by infecting RFID microchips installed under the skin. But even though they remain a “simple” IT issue, some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting security companies under pressure. A remarkable “intelligent” threat is for instance Sality, the new generation file virus that according to Symantec has practically turned into an “all-in-one” malware incorporating botnet-alike functionalities as well.
Austrian eighteen years old Peter Kleissner recently become famous for being the author of Stoned, the tool which exploits Master Boot Record rootkits techniques to bypass Microsoft operating systems protections and allow the execution of unauthorized code - be it legit or not. But the popularity the young programmer gained thanks to Stoned caused disagreeing reactions by security market companies.
More than a week after the 1st of April, the day when the Internet stood still because according to the press the Conficker/Downup/Downadup/Kido worm could have destroyed the net, the infrastructures, civilized mankind and the entire planet things are going more or less as usual: Internet remains a dangerous place but it hasn’t exploded like a supernova, and bits are flowing quickly from a part to another one of the planet. The true novelty is that the botnet built up by one of the most complex malware ever finally shows what its true purpose is.
Since, in 2005, the nasty commercial policies of Sony BMG uncovered the possibility to seize control on the operating system to hinder the normal working of the PC and peripherals, the evolution of rootkit software went through an unparalleled acceleration. The interest for the matter rose in research and among cyber-criminals gangs, with the result that can be esteemed in these days: rootkits have reached the lowest levels of electronic devices circuitry by infecting network routers, the BIOS and even the most privileged working mode of the x86 processors.
Conficker/Downup/Downadup/Kido malware, Symantec writes in the first edition of The Downadup Codex, “is, to date, one of the most complex worms in the history of malicious code“. At first spread through a flaw within the Windows Server service, the threat has grown immensely because of a combination of elements that facilitated its diffusion and drove the IT industry to unite in the attempt to block its further proliferation.
Conficker (also known as Downup, Downadup or Kido) is the worm that first, after the Sasser outbreak in 2004, was able to exploit a flaw in a Windows remote service, and due to this unusual ability the malware became in turn the target of a large part of the IT industry that, leaded by Microsoft, is trying in these days to defuse the time bomb of an enormous botnet yet with unknown practical outcomes.
The Conficker worm, also known as Downup, Downadup or Kido, is floating around since October 2008. Security firms know it pretty well, and in the past days the malware has become known as much well to users too having infected a significant amount of machines all over the world. We have returned to the “good” old times of Sasser, Blaster and Mydoom outbreaks, and the already worrisome proliferation of the worm threatens to get even worse because of some conditions that increasingly support its spreading.
From a computer security standpoint, 2008 surely has been a year of passion. Nay worse, it has been a dramatic year characterized by figures beyond any imagination, a steady hammering of new threats that has lasted till the end and that is expected to be the same or even worse during this year.
Trend Micro security enterprise has ranked the attack vectors exploited by the 100 most widespread malware from January to November 2008, and the results speak by themselves: among all the possible infection ways Internet is absolutely the most used (or better still abused) one by worms, trojans and other types of digital pathogenetic agents constantly hunting for victims and unprotected systems to compromise.
It’s a picture full of shadows and few lights the one outlined in the quarterly security report by F-Secure, a well-known Finnish company that produces antivirus software and integrated protection solutions. By analyzing the striking cyber-crime cases reported during the third quarter of 2008, the wrap-up highlights the difficulty to effectively fight an international phenomenon with the only aid from the local laws and the current cooperation treaties between the police authorities.