From Storm to Conficker - A Changing Perception of Malware Developers

Posted in /etc/IT_security/news, /home/research, /var/rant on March 31st, 2009 by Rick Zhong

I have to admit that the recent malwares like Storm, Conficker have really impressed me - the various top-notch feature implementations and the strong skills and knowledges demonstrated. If you still think the malware developers are the bunch only knows to package published vulnerability POCs and inserts the payloads into the out-dated templates, you probably are still living in the pre-2004 era.  yeah, that’s not very long ago, but long enough for the information security industry to get rid of a bunch of old concepts and ideas.. Here is the original description from SRI about the Conficker worm - Conficker Write-up .

One of the quoted paragraph from this write-up realy sends a chill down the spine for most infosec folks.

“Finally, we must also acknowledge the multiple skill sets that are revealed within the evolving design and implementation of Conficker.  Those responsible for this outbreak have demonstrated Internet-wide programming skills, advanced cryptographic skills, custom dual-layer code packing and code obfuscation skills, and in-depth knowledge of Windows internals and security products.  They are among the first to introduce the Internet rendezvous point scheme, and have now integrated a sophisticated P2P protocol that does not require an embedded peer list.  They have continually seeded the Internet with new MD5 variants, and have adapted their code base to address the latest attempts to thwart Conficker.   They have infiltrated government sites, military networks, home PCs, critical infrastructure, small networks, and universities, around the world.  Perhaps an even greater threat than what they have done so far, is what they have learned and what they will build next.”

While we - the infosec folks are happily talking about nice-looking process, management, frameworks etc.. indulging ourselves in various fanciful security solutions which are full of marketing hoohaaas. We seems to forget about the fundermentals. Probably we need some form of wake-up call - before it is too late.

Tags: , ,

Leave A Comment »

Get rid of monday blue - a self-pwned ads from IBM ISS

Posted in /home/open-source, /tmp/others, /var/rant on March 2nd, 2009 by Rick Zhong

What do you think of when you see the pinky pig ? :-) And the balance
is tilt to the pinky pig !!

http://www.iss.net/

Oink..oink...

Oink..oink...

Tags: , , ,

Leave A Comment »