MoMusings

Random ramblings and musings about all things malware and related net-nasties...

Tuesday, 25 September 2007

Oh, Vienna...Update

As promised in my last posting, I have now created a PDF version of the paper I presented last week [Thursday the 20th of September] at the Virus Bulletin 2007 international conference in Vienna, Austria.



Karlskirche, Karlsplatz, Vienna
[Picture (c) Copyright, Martin Overton 2007, All Rights Reserved]

Here's the abstract:

Abstract:
This paper will discuss the observed trends that have emerged since the start of the malware problem on DOS and Windows and how things have changed over the years.

The paper will discuss examples of the following:

  • Malware types.

  • Targets; file formats and operating systems.

  • Obfuscation and related tricks and counter techniques.

  • The use of social-engineering by malware authors.

  • The cat and mouse game between the malware authors and vendors.

  • The challenges of classification of malware.

  • Changes in motivations.

The paper will discuss the changes witnessed in the malware/anti-malware arena seen since the start of it all with Brain. This will cover the emergence of stealth, polymorphism, macro and script malware and go on to cover the growth of mass-mailing worms, bots and the rebirth of stealth as rootkits.

This paper will include clear trend analysis showing the major shifts in malware over the years using a consistent data source which I have compiled. Key shifts from both sides of the problem will be covered, such as polymorphism [including TPE and DAME] and the resulting move to emulation and generic decryption to counter the threat. The growth in the use of packers, compressors and social engineering will also be covered.

Finally, the paper will cover the change in motivation for the malware authors, not just covering the excuses/reasons that they offer, but also the real reasons. It will also cover the changing landscapes of types or malware used and the now often confused classification situation.

The paper is now available on my web site, and one of my other mirror sites. Here and here. Also, later this week I will post a short review of the conference, as I have done for the last 3 or 4 years.

Labels: , , ,

posted by Martin @ 13:28

Digg! Slashdot Slashdot It! Save This Page

0 Comments:

Post a Comment

<< Home