Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mikko Hypponen Chief Research Officer F-Secure Corporation www.f-secure.com www.hypponen.com Virus Bulletin 2006 Montreal KEYNOTE.

Similar presentations


Presentation on theme: "Mikko Hypponen Chief Research Officer F-Secure Corporation www.f-secure.com www.hypponen.com Virus Bulletin 2006 Montreal KEYNOTE."— Presentation transcript:

1 Mikko Hypponen Chief Research Officer F-Secure Corporation www.f-secure.com www.hypponen.com Virus Bulletin 2006 Montreal KEYNOTE

2 Simplified example (a) Computer virus consists of an excitatory (x) and an inhibitory (y) binary neuron. Each neuron represents the average activity of a cluster of biological cells. (b) Synchronizing connections (solid) holds between oscillators within one layer and desynchronizing connections (dotted) between different layers. R and G denote the red and green channel. (c) Oscillators are arranged in a 3D-topology. The shaded circles visualize the range of synchronizing (light gray) and desynchronizing (dark gray) connections of a neuron in the top layer (black pixel).

3 Hello

4 name:

5 Mikko Hypponen

6 CRO

7

8 Helsinki

9

10

11 1990

12 300 PC viruses

13 200,000

14 Good

15 Evil

16

17 Canada! eh

18

19 Keynote

20 Criminal investigation

21 For-profit botnet gang

22 Attacked us

23 Investigation

24 Several months

25 Busted

26 3 arrests

27 Excellent case study

28 Keynote

29

30 www.f-secure.com/weblog

31

32

33 2006

34 1986

35

36 Brain 1986

37 Stoned 1987

38 Cascade 1987

39 Yankee Doodle 1989

40 Dark Avenger 1989

41 Form 1990

42 Omega 13th of September 1991

43 Ω

44

45 Michelangelo 1992

46 V-Sign C:\horror\vdemo\Q-V-SIGN.COM C:\horror\vdemo\WALKER.COM 1992 C:\horror\vdemo\ELVIRA-G.COM

47

48 C:\horror\vdemo\MARS-G.COM C:\horror\vdemo\Q-CASINO.COM C:\horror\vdemo\ELVIRA-G.COM

49 MtE 1992

50 VCL 1992

51

52 WinVir 1992

53 Monkey 1993

54 One_half 1994

55 Concept 1995

56 Bail: If Err <> 102 Then FileSaveAs dlg End If Done: End Sub Payload: Sub MAIN REM That's enough to prove my point End Sub

57 Laroux 1996

58 Good

59 Evil

60 Boza 1996

61

62 Marburg 1998

63

64 RemoteExplorer 1998

65 Happy99 1998

66 Funlove 1999

67 ZippedFiles 1999

68 Melissa 1999

69 Bubbleboy 1999

70

71 Loveletter C:\horror\virus_spread.exe 2000

72 Date: Thu, 4 May 2000 10:23:38 +0100 From: "Alex at MessageLabs" To: "F-Secure Samples" Subject: URGENT HEADS UP - LoveBug virus sample This is a big one guys. 600 copies in the last hour. Call me for details Alex

73

74 2001 Annakournikova [ aka VBSWG.ASDF ]

75 Badtrans 2001

76 Sircam 2001

77 d amiN

78 Klez 2002

79 Bugbear 2002

80 Mimail 2003

81 Swen 2003

82 Code Red 2001

83 Slapper 2002

84 Slammer 2003

85 Blaster 2003

86 Sasser 2004

87

88

89 89 00:00:55 00:00:50 00:00:45 00:00:40 00:00:35 00:00:30 00:00:25 00:00:20 00:00:15 00:00:10 00:00:05 00:00:00

90

91

92 OOPSNameTransportationPowerInfrastructureBanks Slammer Air traffic control problems in USA Infected a nuclear power plant in Ohio 911 phone services down in Seattle Bank of America's ATM network down Blaster Air Canada flights grounded, CSX trains stopped NY ISO power operator's network infected Numerous RPC-based SCADA networks down Several Windows- based ATM networks infected Sasser Railcorp trains stopped in Australia, Delta flight problems, delays with British Airways flights Hong Kong government's department of energy networks infected Infected: Two hospitals in Sweden, EU commission, Heathrow airport, Coastguard UK Several banks shutting down offices because of internal infections

93 Fizzer 2003

94

95 95 Spam through Proxy Enlarge-Your-Penis Enterprises Inc. (Spammer) Ed Bob Lisa Jack Mary Peter (infected computer) ?#%$!? ?#%$!? ?#%$!? ?#%$!? ?#%$!?

96 96 Old enemy Chen-Ing Hau Joseph McElroy Jeffrey Lee Parson

97 97 New enemy Jeremy Jaynes Jay Echouafni Andrew Schwarmkoff

98 Good

99 Evil

100 Sobig 2003

101 Mydoom 2004

102 Bagle 2004

103 Netsky 2004

104 Mon 8.3.2004:Netsky.J Mon 8.3.2004:Netsky.K Tue 9.3.2004: Bagle.L Wed 10.3.2004: Netsky.L Thu 11.3.2004: Netsky.M Tue 11.3.2004: Bagle.M Thu 13.3.2004: Bagle.N Thu 13.3.2004: Bagle.O Sat 15.3.2004: Bagle.P Mon 17.3.2004: Netsky.O Tue 18.3.2004: Bagle.Q Thu 18.3.2004: Bagle.R Thu 18.3.2004: Bagle.S Thu 18.3.2004: Bagle.T Sun 21.3.2004: Netsky.P Fri 26.3.2004: Bagle.U Mon 29.3.2004: Bagle.V Mon 29.3.2004: Netsky.Q Wed 31.3.2004: Netsky.R Mon 5.4.2004: Netsky.S Mon 5.4.2004: Bagle.W Tue 6.4.2004: Netsky.T Thu 8.4.2004: Netsky.U Tue 13.4.2004:Mydoom.I Wed 14.4.2004: Netsky.V Thu 15.4.2004: Netsky.W Fri 16.4.2004:Mydoom.J Mon 19.4.2004: Netsky.X Fri 23.1.2004: Bagle.A Tue 27.1.2004: Mydoom.A Mon 16.2.2004: Netsky.A Mon 16.2.2004: Mydoom.E Tue 17.2.2004: Bagle.B Wed 18.2.2004: Netsky.B Tue 24.2.2004: Mydoom.F Wed 25.2.2004: Netsky.C Fri 27.2.2004: Bagle.C Sat 28.2.2004: Bagle.D Sat 28.2.2004: Bagle.E Sun 29.2.2004: Netsky.D Mon 1.3.2004: Bagle.F Mon 1.3.2004: Bagle.G Mon 1.3.2004: Netsky.E Tue 2.3.2004: Bagle.H Tue 2.3.2004: Bagle.I Tue 2.3.2004: Netsky.F Tue 2.3.2004: Bagle.J Wed 3.3.2004: Mydoom.G Wed 3.3.2004: Bagle.K Wed 3.3.2004: Mydoom.H Thu 4.3.2004: Netsky.G Fri 5.3.2004: Netsky.H Sun 7.3.2004:Netsky.I

105 SDBot 2003

106 Mytob 2005

107 Zotob 2005

108 Sony BMG 2005

109 quote

110

111 Nyxem 2005

112

113 Haxdoor 2005

114

115 Warezov sadujadesion.com yuhadefunjinsa.com jaxedunnjsatunheri.com gadesunheranwui.com vertionkdaseliplim.com ertinmdesachlion.com 2006

116 Spysheriff 2005

117

118 Bancos

119 Brazilian Busts Operation2001 "Cash net" 2003 "Cavalo de troija I" 2004 "Cavalo de troija II" 2005 "Pegasus" 2006 "Scan" Arrests1727648563 Money stolen $46,000,000$14,000,000$110,000,000$33,000,000$4,700,000

120

121 #darkmarket what accounts you have and the value i have chase accts with wire enabled whats the value balances 21k, 44k, 30k how much for all three $500 ok

122

123 123

124 Good

125 Evil

126 How on earth can we handle all these?

127

128 128

129

130 Future?

131 VB2011

132 VB2016

133 Wi-Fi viruses

134 Hitting Windows laptops

135 Sniffing WLAN traffic

136 Inserting itself into TCP/IP frames

137 Uses web exploits

138

139 Good

140 Evil

141 Good will prevail Good will prevail

142 Mikko Hypponen Chief Research Officer F-Secure Corporation www.f-secure.com www.hypponen.com Thanks to Lawrence Lessig


Download ppt "Mikko Hypponen Chief Research Officer F-Secure Corporation www.f-secure.com www.hypponen.com Virus Bulletin 2006 Montreal KEYNOTE."

Similar presentations


Ads by Google