MoMusings

When I guest lecture at a University, give a presentation to customers, or at conferences I often mention the need to understand what has already happened in the field of malware and anti-malware to understand what has or has not worked in the past.

I often state “why is it that many people never use history as a tool to stop them, or others [their organisation, society, nation, and so on] from repeating the same mistakes that have already been made at least once, and sometimes, many times over?“.

At this point, I often get quizzical looks from between 10 and 50 percent of the audience, it seems that they don’t get it.

When I get to ‘Trojan Horses’ I quickly cover the pertinent facts of how the Greeks finally took the city of Troy, and then you can see the same people, who possibly thought I was mad or slightly deranged, suddenly get it……

Modern ‘Trojan Horses’ are not large wooden sculptures, or lawn ornaments, but computer programs that claim to do one thing [something useful or wanted], but when run they do something the user is not expecting, such as lowering or removing your digital defences [Anti-Virus, Personal firewall, anti-spyware], stealing data, deleting files, installing other malware, and so on…Effectively raping and pillaging your computer or network.

Just like the people of Troy, users of computers are inviting in, something that will lead to their defences being breached [or at least their computers]. Hence the saying, “Beware Greeks Bearing Gifts“, or in the case of the digital world “Beware ‘Geeks’ Bearing Gifts“.

So, what would happen if someone made a replica wooden ‘Trojan Horse‘, complete with a cargo of Greek soldiers inside it, and tried to get it into secure sites, or even somewhere that should know better, because of history?

Well, someone did just this, and the hilarious results can be seen in the video that can be found here: http://dotfuturemanifesto.blogspot.com/2006/10/move-showing-dangers-of-trojan-horse.html

What does this have to do with what we are seeing now in the malware scene? Well, we have seen a massive move from viruses and worms [back] to Trojan Horses as the preferred way to package malware. Why? Because most malware authors know that the easiest way to bypass the defences is to get the person using the keyboard and mouse to invite their malware in using social engineering techniques, just like the Greeks did to the people of Troy!

Also, my recent paper or ‘rootkits’ covers the situation where lots of Windows malware is now using so-called ‘rootkit’ techniques*, but in most cases these malware are actually using ’stealth’ techniques to hide their presence from the operating system, and ALL applications that run on it, including anti-virus, personal firewalls and anti-spyware tools. Stealth techniques have been in malware since the Brain virus first showed up in 1986, yes two decades ago! Talk about re-inventing the wheel!

So, next time remember that history is useful, it can stop people from repeating the same mistakes over and over again……Well, I can hope, can’t I?

[*] For the pedantic readers out there, you know who you are! Yes, I know there are real rootkits, this is also covered in my paper.