Life is like Code, you never know what you will create next

Malicious Code in 2007

13. April 2008 23:50 by scott in   //  Tags: , , , ,   //   Comments (54)

Whenever I surf the web, I try to look for things to learn from. I try my best not to go to anything that can’t be learned from. I read news articles, I listen to audio books and some of my favorite movies are things that can be used in the real world. I specifically like the movie The Boondock Saints. But this blog isn’t about the Saints. Its about what I learn about the world and wish to share with others.

Today I found a white paper published by Symantec, the virus ware company. They listed off one of the most detailed papers about the overall Internet security threats that we were exposed to in 2007. I for one wasn’t going to read over the entire 105 page document. I just don’t have enough time in the day with all the other projects I am currently working on along with the countless hours of community service I try to do.

I did skim over it and pulled out the graphs (I love Graphs, Visual representations are amazing) which are represented below.

Below shows the amount of malicious activity by country which is extremely interesting. Not because United States is up on top, but because China which has the Great Firewall is second. It surprises me that a country that regulates an extremely large amount of Internet for its people isn’t able to hold back the amount of activity it produces. You would think that a web site that has malicious code on it would be blocked by the firewall, but from what these records show, is that hackers and phishers are thriving in this environment


Below shows the malicious activity per subscriber to broadband. This shows that the countries shown above on the top echelon that are on the bottom echelon of the image below have allot of open connections and are privy to wireless attacks. The countries above have a limited amount of Internet and the ones below have it spread throughout the country i.e. United States.


Below shows how much each person is worth on the black market, which if you think about it, its not much money when someone sells an email list. It is almost disgustingly low. Am I only worth $15.00 to capture my social security number and other information (row three)?


Patch Development

Below shows a breakdown of operating systems and how fast they can push a patch out. I am not going to argue for a particular operating system, but I am very happy to see with the amount of money Microsoft has, they do push out patches extremely fast compared to Apple, Red Hat and HP. I always knew that Apple had a large amount of vulnerabilities, but this graph shows that Apple can be vulnerable for an average of 79 days, which gives hackers a huge window to develop farms or computers from a large amount of user base. If they get control of these computers, they can then distrbute on going updates to their code which would allow them never to be detected.


Below shows browser vulnerabilities which is an awesome display of how fast companies work. Even though Internet explorer is so high on the list of days, 11 days is still a pretty quick turn around. But of course I do surf with Mozilla Firefox, so I am better off than most.


How many vulnerabilities were there in the past 6 months or a year? Looks like Firefox is high on the list, but I imagine they are getting a larger user base over the past 6 months and therefore are being exported allot more.


Plugins are not the best thing to run on your site unless required by a customer who shows a specific user community. Active X is definitely the worst in this case and that is enough said.


Below shows the amount of vulnerabilities in general for the passed year, which I am happy to say that they look like there overall decreasing.


Below is the graph showing that the code being written for malicious purposes is growing and not on a small scale. It looks like it is growing by 100% every 6 months. That is huge, and it also shows that more and more countries are coming online and creating more user communities that destroy and manipulate.


Below shows what kind of code is being written for malicious attacks.

Trojan - is a piece of software which appears to perform a certain action but in fact performs another such as a Computer Virus. Wikipedia.
Back Door - is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. Wikipedia
Worm - is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Wikipedia
Virus - is a computer program that can copy itself and infect a computer without permission or knowledge of the user. Wikipedia.


How do things propagate and spread to other systems? Well the answer is file sharing with executables or .EXE files. Most likely done through P2P systems that download and upload software along with other highly wanted software. A user could accidentally open a piece of software and never know it was a virus until it was too late.


For those P2P people out there who like sharing files, well I sure hope that you keep the directories closed and only share files through torrents. I know WinMX is still alive and kicking, but it has a hopefully robust detection system.


Who deals with advertising on P2C systems like Google or Yahoo? I know I am a publisher as seen on the side of the page, but there are Trojans out there that automate it for people allowing them to rake in allot of money. I know I used to be a part of a group that practiced in this activity when I was around 14 or 15 years old. I surfed the net while having banners displayed on my desktop, but during that time I was able to get around it because of a group of Angels I was associated with. I have left all that behind now after taking in a large amount of money and putting those companies into bankruptcy. I look back on it now and wish that I hadn’t.


On the last graph, I am also curious to see that China is one of the highest Phishing domains out there, but how is this possible with the Great Firewall?


I hope you now have a better understanding as I do of the problems with the net these days and the top contributors to malicious technology.