The Malware of the Future May Come Bearing Real Gifts 103
An anonymous reader writes "Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time. Prof. Vigna, speaking at IP Expo in London, outlined a fearful future of 'mimicry' in evolved strains of malware. In the current stage of the war between malware and security researchers, the emphasis is almost entirely on the attempt to convince increasingly intelligent — and increasingly suspicious — malware that it is operating in a bare-metal environment when it is in fact in a sandbox or VM environment. For the malware, the stakes are tremendously high — if it has reached the point of OS-level execution without its hash being indexed and red-flagged by online security databases, it cannot afford to reveal its intentions in a test environment. This article outlines the extraordinary game of cat-and-mouse being played between researchers and hackers, and how future malware exploits are likely to abandon a rush for the buffer overflow in favor of 'the long game' — and to make themselves useful in the process.
Malware (Score:5, Insightful)
Re: Malware (Score:1)
There is a difference. Google is an advertising company, this *is* their core business. Apple earn their money selling devices and MS licenses.
Re: (Score:2)
The NSA was established in Nov 4, 1952
The history of the Internet begins with the development of electronic computers in the 1950s. Initial concepts of packet networking originated in several computer science laboratories in the United States, Great Britain, and France. The US Department of Defense awarded contracts as early as the 1960s for packet network systems, including the development of the ARPANET (which would become the first network to use the Internet Protocol.)
Re: (Score:2)
It's already here. They're called smartphone apps.
Actually, that is probably the holy grail for malware. If you can sneak an app past Apple's testing by delaying its activities you would open up a whole lot of phones to infections. Given the readiness of people to d/l and trust smartphone apps you could probably get away with it for quite some times I doubt many people look for suspicious behavior once your inside the walled garden; just look at what today's apps can (somewhat) openly collect. The challenge is to build one that avoids detection and bypasse
Re: (Score:3)
Not really. The nice/nasty thing about Apple's walled garden, depending on your point of view, is that if just one user notices and reports your malware doing something it shouldn't Apple can revoke the relevant certificates and it's game over within a matter of hours.
Since one also has to provide proof of identity and pay a subscription to get the certificates in the first place unless the author took a lot of trouble to create a false identity they could be tracked down and prosecuted.
Now, I am sure there
Re: (Score:1)
Re: (Score:1)
It's already here. They're called smartphone apps.
Exactly. If the ${INSERT_SPY_ORG_HERE} wants to know what you are doing, you will only be presented with a notice that one of your apps has been updated. The government with the most influence over the companies that control the app stores wins the spy war. There are three majors. They are all multinationals based in the U.S.
When any one of these companies stops playing ball with the U.S., their IRS tax bill will come due. That's your clue to how well they are protecting your privacy.
Re: (Score:1)
Far older than that. It is called MS Windows and MS office and those were only the first large-scale implementations of the idea. The strategy is called "embrace and extend". Really, has this person been living under a rock?
Re: (Score:1)
Or Facebook?
Oblig. xkcd (Score:4, Funny)
Re: (Score:2)
1. Write great software that everyone wants
2. Profit!
3. Break everything
5. Go to Jail?
Re: (Score:3)
Re:but useful software is not cheap to make (Score:5, Informative)
AC? Meet download.cnet.com [cnet.com]. All the crap you could ever want, nicely bundled with more spyware than you care to imagine. If you're ever in the market for some free software, and dumb enough to use Google to find it, chances are you'll be presented with a forest of hits all directing you there.
Quality has nothing to do with it. These guys have made a business out of bundling mediocre with bad or downright malicious, and have put in a lot of effort to appear high enough on search engines to catch eyes. Malware authors don't need to produce anything useful at all.
Re: (Score:2)
A friend of mine worked on a customer's machine that had some uber virus in it. He told me all the tech details, but thanks to one to many Hoegaardens I forgot them. He was only able to isolate the virus by hooking up the customer's HD to a Linux box and fix it.
Long story short, he innocently contacted Cnet to tell them that software XYZ had a virus in it, ony to be told something along the lines of "yeah, we know, but we get paid to put them there, so there's nothing we can do about it."
Re: (Score:1)
Re: (Score:2)
uh... no, that would be illegal in most developed jurisdictions. Download.com is full of scumware of all shapes I can absolutely confirm.
Re: (Score:3)
http://botcrawl.com/cnet-downl... [botcrawl.com]
From 2013:
"It’s now verified that CNET bundles malware with their downloads in order to monetize free products and services. To add more, CNET has been sued by numerous software manufacturers for bundling malware with installments of their distributed software, even without notifying the developers. This often causes victims of CNET malware to report the legitimate software they downloaded from the distributor as unethical."
I stopped using cnet in 2011, the first time
Re: (Score:2)
Re: (Score:1)
"We were unable to detect your operating system." Well, shit, it's Mint 17, is that so hard? Where can I go to get some of that swell CNet spyware for Linux??
Re: (Score:2)
That was his point- at least, in the talk at IP Expo; it hasn't made it so well to the article. The goal is to make effective malware harder and more expensive to write
Adobe Digital Editions 4 (Score:5, Informative)
Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time.
Some of it will even turn the American public library system into an infectious host. Adobe Digital Editions 4 [slashdot.org] scans your hard drive and sends some of the data it finds, in the clear, back to Adobe.
Adobe market leader! (Score:2)
The anti-malware of the future (Score:4, Insightful)
Re: (Score:1)
I'm already changing my admin username to "andy"
Pirated software (Score:1)
I bet that software pirates already have injected malware in many warez, mainly heavy graphics games. Doing so they could discreetly control a lot of powerful machines.
Re:Pirated software (Score:5, Interesting)
No, the software itself isn't infected with malware, actually. What happens is they infect the keygens or cracks. This is because most software applications are actually signed, as are installers, so they don't bother infecting that - they distribute the original installers with all the original signatures intact.
But since to use it requires running the crack executable to get the key, well, the user will just double-click it, get their machine infected, and the key to unlock the program they just installed.
And it's been happening a long time - it's why cracks and keygens are long tagged by AV apps - because while there are a few clean cracks and keygens, you can bet most you find on torrent sites and elsewhere are infected.
Re: (Score:2)
This is because most software applications are actually signed, as are installers, so they don't bother infecting that - they distribute the original installers with all the original signatures intact.
It's a real shame too. Used to be that you could buy a game and then download a clean installer without the DRM malware in it, and enter your code from the retail packaging. Now you have no choice but to accept the malware, even on a legitimate purchase. Well, you can chose not to play of course.
Re: (Score:2)
I thought this died out now that everyone's using Steam. You could buy a retail box which is just an installer that copies the bulk of the data to your hard drive (saving you a download), but in the end it was just
Re: (Score:3)
which is one reason I don't use Steam (sorry to burst your "everyone" bubble, even my KSP is standalone) - when I buy software, I own that particular instance; fuck clickthru license terms, try Doctrine of Sale.
Re: (Score:1)
What if... (Score:2)
What if I can convince malware that my bare metal is actually a VM? Then will the malware authors work as hard as they can to have their stuff NOT install on my machine?
Re:What if... (Score:5, Interesting)
Or just run each app in its own VM so that when it turns rogue, you can cleanly shoot it in the head without any widespread damage.
Re: (Score:2)
The NSA are one of their biggest customers
STDs have been doing this since "forever" (Score:3)
There's a gift, which may be ongoing, but it has a nasty payload.
Never had either an STD or computer malware.
Paranoia is your friend, 'cause they ARE out to get you.
Re: (Score:3)
It's not that you don't take chances, but that you recognise the dangers and take a few precautions. Not "going down" on the woman you just picked up at the bar might save you a case of HIV (Magic Johnson, for example). Doesn't mean you can't have some fun together, but use condoms, for pity's sake.
Don't download "cute" crapware. Don't visit sites Firefox and its plugins warn you are attack sites. Don't blindly give away your bank account info (at least in the Corporate States of America, where you have
Re: (Score:1)
Just because you're paranoid . . . (Score:2)
You need to get a sense of humor. (Score:2)
Numbers (Score:3)
Some citations:
Transmission rates based on infected partner's progression stage [oxfordjournals.org]
Risk based on type of sexual act [catie.ca]
It is difficult to get HIV from a woman. Not impossible, but the odds are very low.
Well, not that low, only half the odds, according to study 2.
Now getting HIV from taking it on the butt, it is much more dangerous
Yup. 0.08/0.04 (vaginal) vs 1.4 (annal receptive). About 20x more odds.
And then black woman have a much higher rate of HIV.
Technically, its "women in poorer communities". It happens that in the US black ethnic are often at the bottom of the social scale due to past racial discriminations, etc. but even there they are not alone at the bottom of the scale.
On all this counts, Magic Johnson is not exactly the best example.
He might happen to also be ethnical
"Evolved strains?" (Score:3)
Is this guy new here or what? Ostensibly useful ("friendly", since TFS apparently wants to anthropomorphize software) programs that carry a nasty payload that doesn't trigger immediately? How's that any different from 20 years ago, when they were called "trojans?"
Google? (Score:1)
The more that changes... (Score:1)
The Malware of the Future May Come Bearing Real Gifts
Malware you can't delete off your machine and that destroys your computer slowly, such as Symantec and MacAfee, have gifted users free trials for years.
Hidden malware... MMO Bots (Score:1)
There is a site, www.thebuddyforum.com that sells just such a thing. These are the obnoxious bots you see running around your favorite MMORPG, stealing your kills, farming gold, powerleveling, etc. They have to be sandboxed to hide them the anti-cheating tools, and have to run in environments without virus scanners because... they are malware themselves. (In an attempt to sandbox ones of these to get a hash to report to hackshield, my anti-virus software deleted the bot multiple times. Yes I had to ****ing
Don't most trojans already work kinda like this? (Score:4, Informative)
Re: (Score:3)
Re: (Score:1)
Old Story (Score:4, Interesting)
Reminds me of the late 90s/early 2000s when millions of accounts for a german online service (T-Online) have been stolen - by 3rd party tool for that service that offered additional services including up/downing your connection (which was essential for those high, minute based rates back then. Butso it had your password, of course)
It was a PITA to convince people to stop using that tool because it was so usefull.
They are called trojans (Score:3)
Well this makes it easy then.... (Score:2)
To protect yourself from malware, litter your system with artefacts that mimic sandboxes and virtual machines :)
Re: (Score:2)
I went with a small plastic shovel and pail.
We've Had This For Twenty Years (Score:1)
It's called "Microsoft Windows(tm)(R)(c)"
By this definition, FB and GOOG are malware (Score:1)
The circle comes around (Score:2)
We had the "useful" malware back in the 90's. It was called Bonzi Buddy.
Re: (Score:2)
"Malware" has come packaged with semi-useful software right since the beginning. Even the most naive of grandmas don't typically install standalone viruses deliberately.
Shurely Jpegs at this point (Score:1)
The Malware of the Future May Come Bearing Real Gifs
Any sufficiently modern malware produces it's instant gratification in the form of jpegs. Unisys patented porn is now mostly dead pixels and bears.
I encountered one of these YESTERDAY (Score:2)
It started as one of my typical IT service calls: a Windows Vista laptop was clogged with malware and running slowly. I soon discovered that one of the major culprits was Conduit, a virus that wraps itself kudzu-like around browsers, making every Web page it touches into a hijacked slug. But the customer was running Incredimail, a mail client she loved and had been using for years. Apparently not long ago Conduit bought Incredimail and now requires that a certain amount of their malware be running to keep I
Dr. Evil (Score:2)
Its already happening (Score:1)
Its called I-tunes.
network connected medical devices (Score:2)
anyone?
Re: (Score:2)
that's the point of the trojan - you don't know or care what the real payload is, you're only interested in the kim kardashian nude photos.
Evolutionary (Score:2)
And I mean my subject literally. This is precisely how we ended up with mitochondria and much of the junk DNA in our genome. Some foreign invader played the long game so well that it just became part of the organism.
It will be interesting to see if we get to a point where the malware is so useful, that instead of cleaning it out we just find a way to keep the good parts.
Happened a Long Time Ago (Score:2)
Back in the late 90's following the idea of real pathogens favoring a long life for their hosts, we talked about how eventually computer viruses would do the same. We joked how they would be built to keep the computer up and running and actually have functions to make it do all the maintenance that normal users never do and that tech support (the jobs we were doing then) would actually advise catching certain viruses to solve hardware issues. This has just about played out. There have long been things like
Biggest malware of the future is wellknow (Score:1)
Malware of the future is an institutionnal malware :
https://www.techworm.net/2014/... [techworm.net]