Recent Trends in Malicious Code
Malicious code in all its various forms (virus, worm, Trojan, or “bot”) has changed dramatically over the years. As computing power increased and the world became more interconnected, the attacks launched against these systems have become ever more sophisticated. First, viruses and worms were created and deployed mainly for bragging rights. Many times the creators would include their pseudonyms in the code, and even taunt other developers even as they launched these attacks worldwide. This trend has led both to the unusual names given to some of these codes (Code Red was named after the Mountain Dew soft drink, Nimda is “admin” spelled backwards), and in some cases to the arrests of the instigators.
The past couple of years, the trends have changed. Attacks are less about bragging rights or gaining attention and more about commercial gain. The “hackers” of the world have gone into business, much like the mafia started channeling their energies into business ventures. Some of these “business ventures” have included:
- Launching Distributed Denial of Service (DDoS) attacks against commercial entities, and then demanding a ransom to stop the attack
- Viruses that encrypt commercial databases, while the attacker again demands a ransom to release the information
- Stealing personal information from large corporate and government databases, then selling the information for the purpose of enabling identity theft
- Creating large bot-nets comprised of thousands—even hundreds of thousands—of compromised systems, and then selling those resources for spamming, DDoS attacks, and other illegal activities
One of the most ironic recent incidents involves malware authors using an End-User License Agreement (EULA) to protect their work. And now, most recently, the process for developing new exploits has been streamlined. The “bad guys” have now automated the process of reverse-engineering patches in order to create new exploits. Previously, attacks have lagged several weeks behind the publication of new vulnerabilities. This has led to a general trend of patch management to protect vulnerable systems. There was generally sufficient time to patch these systems before malicious code was widely circulating. We can no longer count on a buffer period in which to patch our systems.