Today as part of my MSc Course we had a special guest speaker from Kaspersky Antivirus labs do a presentation on the history and current landscape of Internet Security vulnerabilities, so i thought is share some of the info i got from the presentation here !

Well, lets start back at the beginning, before many of us new their were even viruses out their, security threats and malicious attackers out to do harm, Kaspersky had approximately 75 Viruses on file in 1990 most of which were Farly harmless. At the time, the original architects of viruses were aimed at notoriety, getting their reputation as a hacker/cracker with some know-how… This was achieved primarily through a competition of ‘Biggest Dick’ who could infect the most machine, who could cause the biggest denial of service, who could get Britney spears boobs on the most monitors… And while all this is fun and slightly annoying, its for the most part harmless and just an irritation.

Well thats changed over the years, by 1992 their were so many viruses floating around the Internet that AntiVirus (AV) organisations like Kaspersky were calling the phenomenon ‘GLUT’ as a term to describe their inability to keep up with the growing number of potential threats. Tactics were changed and now in 2008 Kaspersky has over 500, 000 Virus definitions floating around in its Definitions Library.

So what got us, as the consumer to notice this… well in short, attacks such as the Melissa virus and love letter, although only annoyances and still classed as ‘Wow’ style attacks within the hacker community (aka, biggest attack) these were the largest on the scene and drew the attention of many a home user and business into the concept of not letting their machine be the ‘willing’ victim of this style of abuse again.

Unfortunately, hackers motives have changed again over the years, whereby previously it was a competition to see who could be bigger, now its a lot more organised and focused towards getting the hacker some form of financial gain. Back in the 1990’s Viruses accounted for virtually all of the malicious code on the net, now in 2008 its only around 5%, with a whopping 90% dedicated to that of Trojans, backdoor applications which compromise a victims machine and use it for their own means.

The Trojan infection proves far more useful for the needs of many of the current hackers, creating what are known as ‘Botnet Army’s’ or ‘Zombie Army’s’ of compromised machines (small groups of machines, which are at the hackers mercy). The success of this style of attack can be seen just by having a quick browse around the net, many of these botnet Armies are created, just so the attacker can sell them to other hackers. Seems hacking has become a service orientated business by these standards.

The complexity of these attacks has also increased drastically since the original days, with Trojans attacking each other if they find themselves on the same machine (Looks like the days of Sarah Connor and her Terminators might not be too far off). The ability to mask themselves and hide from the user and AV software continues to evolve with each variant of infection. Polymorphic versions which appear totally different on each infected machine, rendered the traditional ‘Virus Definition’ Library useless, and force AV organisations to move towards Statistical Analysis and Heuristic Approaches to detect the characteristics of these infections, rather than their signature in active memory.

A prime example of a current worm which is proving to be difficult to terminate is that of the Storm worm, which uses Peer 2 Peer (P2P) control mechanisms to avoid the problem of a central controlled network. Traditionally a case such as this would be simply be stopped by stopping the controlling hacker or their means of controlling the worm (aka, blocking ports, or traffic analysis), but with a P2P style control, not all the infected hosts know about each other and none of them are aware who is the controller. So lets face it, if P2P has been working so well for Movie, Music and Software piracy for the last 10 years, i think this worm might be onto a winning tactic !

As said, more and more these attacks are aimed at financial gain for the attacking hacker, hence we can see a definite rise in the use of the Internet for Online Fraud, with over 17 Million UK based users now conducting their banking online its no surprise that 2006 saw a loss of £33.5 Million to online Fraud.

Phishing, as a tool of social engineering provides a perfect example of how this new evolution of hacking is being implemented in the real world, a technique which is only about 2 years old and in its infancy was a pathetic and a joke to most experienced Internet users has now grown into an industry generating millions. Two years ago if an phishing email was dropped into your inbox claiming to be from ebay, with the ‘reply to’ address “ebay@borris-navrist.rs” and ebay spelt ‘ebey’ with worse grammar than a 5 year old on crack, most of us would hit the delete button. But now, their getting better, with forged message headers, experienced web designers of their own, these attackers are creating forged emails and even websites which look convincing to the best of us ! A survey conducted by the University of Indiana showed than 2 - 3% of phishing recipients actually fall for the attack, which doesn’t seem like much, but when placed into context where 1 million phishing emails can be sent with the click of a button, thats 2 - 3 hundred thousand successful attacks ! Not bad for a days work eh !

Of course, phishing is the user interaction version of this, who now a days wants to rely in the user when the computer itself can do some of the work for you… Malware infections can infect a machine, disguise themselves as legitimate processes on the machine and perform any number of tasks, including forwarding all your passwords, credit details (stored within financial apps such as Quicken, MS Money, etc), documents (with keywords in name) to a waiting server under the attackers control (or even one of their botnet machines). Makes you think twice about installing that toolbar or strange poker software now doesn’t it lol !

Its about this time most people are thinking, ‘hey iv got Anti-virus software, isnt that on my machine to stop this sort of crap happening’… well yes, your right is it, but lets put it this way, what happens first thunder or lightening… most of us will agree its the lightening then you’ll have to wait around for the thunder for a few seconds. Well the AV industry works the same way, new Viruses get released every day, and although we can see them, and their effects (the same as lightening) its not really instant to get the response to these new viruses. Though not quite as fast as Thunder, new updates and ‘cures’ for malware & virus infections take time to be developed, and in this in-between time YOU ARE VULNERABLE… afraid its as simple as that, so it still comes down to you, the end user not to be the weak link, to look at the Internet and its content with a suspicious eye.

The Future has new things in store for us all, but for the Kaspersky experts their betting their bottom dollar on the targeting of social networking as the next big threat, with the absolute horde of information freely given by users to these sites such as Bebo and Facebook its no surprise that hackers look at them with wanting eyes… it was once said that ‘Knowledge is Power’ and if this claim is ever more true, then its now in our Internet driven money inspired culture of on-demand service…

Happy Surfing, watch out for the sharks !