Fortinet

2005: MyTob, the turning point

MyTob appeared in 2005 and was one of first worms to combine the features of a Bot (the infamous “Zombies,” controlled by a remote Botmaster) and a mass-mailer.

Intriguing feature: MyTob marks the entry in the era of Botnets and of cybercrime. Business models designed to “monetize” the many botnets appeared (some of which will count more than 20 million machines): installation of spyware, diffusion of spam, illegal content hosting, interception of banking credentials, blackmail, etc. The revenue generated from these new botnets quickly reached several billion dollars per year; a figure that is growing today.

2007: Storm botnet

By 2007, cybercriminals already had lucrative business models in place. They’re thinking about protecting their money spinners (infected computers). Before 2007, botnets showed a cruel lack of robustness: in neutralizing its unique Control Center, a botnet could be completely neutralized, because Zombies didn’t have anyone to report to (and take commands from) anymore.

Intriguing feature: By implementing a peer-to-peer architecture, Storm became the first Botnet with decentralized command… It is much more robust. At the peak of the epidemic, Storm had infected between 1 and 50 million systems and accounted for 8% of all malware running in the world.

2008: Koobface

Koobface (an anagram for Facebook) spreads by pretending to be the infected user on social networks, prompting friends to download an update to their Flash player in order to view a video. The update is a copy of the virus.

Intriguing feature: Koobface is the first botnet to recruit its Zombie computers across multiple social networks (Facebook, MySpace, hi5, Bebo, Friendster, etc). Today, it is estimated that at any time, over 500,000 Koobface zombies are online at the same time.

2009 : Conficker

Conficker is a particularly sophisticated virus, as it’s both a worm, much like Sasser, and an ultra-resilient botnet, which implements bleeding-edge defensive techniques. Curiously, it seems that its propagation algorithm is poorly calibrated, causing it to be discovered more frequently. Some networks were so saturated by Conficker, that it caused planes to be grounded, including a number of French Fighter planes. In addition, hospitals and military bases were impacted. In total approximately 7 million systems were infected worldwide.

Intriguing feature: Conficker did not infect Ukrainian IPs, nor machines configured with a Ukrainian keyboard. This suggests the authors were playing by the cybercriminal  gold rule, which implicitly states, “Don’t target anything in your own country, and the arm of justice won’t be long enough to reach you.”

2010: Stuxnet, welcome to the Cyber War

According to most threat researchers today, only governments have the necessary resources to design and implement a virus of such complexity. To spread, Stuxnet exploited several critical vulnerabilities in Windows, which, until then, were unknown, including one guaranteeing its execution when inserting an infected USB key into the target system, even if a systems autorun capabilities were disabled. From the infected system, Stuxnet was then able to spread into an internal network, until it reached its target: a management system of an industrial process edited by Siemens. In this particular instance, Stuxnet knew the weak point with a specific controller – perhaps a cooling system – and most likely intended to destroy or neutralize the industrial system.

Intriguing feature: For the first time, the target of a virus is the destruction of an industrial system (very probably a nuclear power plant in Iran).

What’s Next? : According to the trends we’re seeing, the next target for cybercriminals could be smart phones. Their widespread use and the fact that they incorporate a payment system (premium rate phone numbers) make them easy money-generating targets. Furthermore, they have a localization system, a microphone, embedded GPS and one (or several) cameras, which potentially allow a particularly invasive spying of their owners.

Pages: 1 2 3