Jiri’s Notepad

… by someone from Kaspersky labs … (23rd April).

Most attack in 90s were website defacement, today it’s financially oriented cyber crime. We are seeing a massive increase in the number of attacks – slides showed something like 30 percent year on year increase in virus signatures Kaspersky develop. Biggest part of this are Trojans. Top sources of malware are China, Latin America, Russia and Eastern Europe

Cybercrime groups are not centrally organised, but they co-operate. One group is for instance specialised in email address harvesting selling to other group that is involved in spamming. The groups are specialised on geographical basis: online gaming in China, credit card number harvesting Trojans in Latin America and botnets in Russia.

Time of the big outbreaks affecting millions of machines is gone. Most malware attacks are intentionally low-key and localised to escape the attention and the response. The malware writers are also getting more sophisticated – their products are increasingly developed to disable security protection, but also uninstall competitive malware.

Most widespread attacks today are:

• Trojans
• Botnets: Industrialised. Currently mostly based on centralised command and control with centralised server and management consoles. Evolving into P2P that prevents shutting down. Used for spamming, DoS etc
• Web based attacks. Criminals affecting legitimate websites through HTML injection. Targets end user, not the server

Future trends in malware

• Auto-generated malware;
• Malware bundles
• P2P botnets
• Anti-anti-virus
• Social networking attacks – userid theft and web attacks

Future protection will combine variety of methods – including behavioural analysis, whitelist, host intrusion prevention and others.

Overall rating: 4/5 (Rather informative and engaging … for a technical presentation)