VX vs Commerce
you can hardly see messages about massive epidemy of a worm, which was spread for self-affirmation of an author, for fun, for anything else but commerce. All viruses that are actively spread now, all malware that infect users' (and not only) PCs, aimed to make profit for their creators. In general, among the big amount of "kiddie malware" we can come across with very interesting (technically new) exemplars. We can just look at "TOP 10" of the most dangerous viruses on web-sites of the most famous Antivirus companies. About more interesting exemplars employees of AV companies prefer to write in the blogs of their company with slightly deep analysis of a sample. As a matter of fact among 100% of "kiddie-malware" you can find about 10% of interesting samples, which was coded by professional coders with using of interesting, hard technologies.
It means that not only script-kiddies, but professional coders and VXers also have changed their vector from "for-fun" to profit.The matter is that now besides self-affirmation they can monetise their knowledge and skills. More over some enterprising people who have quite good knowledge in IT, manage to gather some groups of talented programmers and hackers, creating sterling projects, aimed to infection of big amount of users' PCs. All these done for monetising, which begins from selling of confidential information and substitution of search queries till setting up proxy servers on infected machines and using them as zombie networks for DDoS attacks. All this vector of attack with proper approach and qualified creators can bring quite big money and this kind of business is not a rarity but a whole industry.
Also i want to point out such attacks as attacking on governmental organizations with industrial scale. These kind of attacks are usually sponsored by security organizations of developed countries, which pay serious attention to recruiting of high qualified programmers and thorough planning of such attacks. Anyone who deals with IT, heard at least once about such trojans like Stuxnet, Duqu, Flame Gaus, Red October. All listed above, and many others that have yet to be identified by AV vendors are not widespread. Usually it is a targeted attack with the amount of 1.5k of infected Pcs in "wittingly targeted sector". Such "cyber weapon" of XXi century proves that intergovernmental cyber-attacks are not myth, but a severe reality, actuality of which will rise year by year. Sometimes in media news we can see information about gaining teams of so-called cyber-forces. Such forces exist in the USA, Israel and now in Russia too. And all these done not in vain.
Let's try to get to know why all this happen. Imagine that you are an experienced programmer who possess knowledge in several areas of programming, system administration, system security, internal system knowledge, reverse and so on. So how can you monetize your knowledge? You can be hired in some IT company where your knowledge will not be assessed financially as you want. You can work as a freelancer doing some work. But firstly, there is a lack of really interesting projects, and secondly, just a few people can pay you properly. So what do you have to do? That's it! Professional knowledge will be spent on malware business. It must be point out that this kind of earning may become sterling and instant in proper approach. That's why malware industry is replenished with new adherents day by day. As a confirmation may serve new reports of anti-virus vendors, freshly found threats and posted in their companies' blogs, do not be lazy, look for them, there are a lot of interesting things :)
A lot has changed...
If in 90-th the payload of virus was a simple message box or some destructive actions at some day of some month, but now inconvenience to users of infected PC's is fixed to zero, now malware can survive on a PC with almost any software.
Polymorphism and metamorphism has changed to server-side level (all main works happen in server side), worms are now used only for spreading and dropping decrypted main malware trojan sample.
Antiviruses has also overgrown with modern technologies such as Virtual Machines (Sandboxies), HIPS, Cloud reputation systems and so on. Bases are updated not as before one time in two days, but two times in one hour. For most popular malware trackers are created for the fast reacting and detecting them. Now you will not surprise a user with a text file or mp3 with *.exe extension. The dominant source of infections is the drive-by attacks.
What will happen next...
In nearest future both antivirus and malware industries will go to a new level. Malware coders will change their vector from mass infecting to a target infecting. Such target aims will be PCs and networks with the most interest for the attackers. Such kind of aims will be governmental organizations, departments, major technology companies, banks, etc, in short, all the PCs, the information on which can be monetized or somehow can be used. Antivirus companies will start implement algorithms based on natural DNA (for example, Avast's Evo-gen detection), thus causing a massive amount of false positives (just look for evo-gen false positive detections in google), and malware coders always will be in one step ahead, as antivirus programs, with all their code-analysers, heuristics, virtual machines have to be satisfied with samples of already successful committed attacks (just try look for in google Duqu, Red October etc).
Besides that for a long time proven rootkit and bootkit technologies (and their modifications, representing a big problems to AV industry) are actively used. They are able to create self encrypted volumes and containers inside the system and in this way AVs have no chance to detect them.
What is coming up? Let's philosophize, what will be next.
Variant 1. We are all going to die. Joke ;) Globalization and commerce will bring the scene to a state where everyone will be a coder and a reverser and a seller at the same time. It means that there will be a few specialists who create not so high quality software due to acute shortage of time and knowledge. It is impossible to cover all directions at once. I know only a few people who are capable to do it at once. It seems the fingers of one hand will suffice to count them...
Variant 2. Due to information hunger single coders will unite and work together to create malware for monetization. It seems better than the first variant, but there is one "BUT". How can one contact and join them? It seems like one needs to upgrade his/her skills and demonstrate them at any possible way to be noticed and recruited.
Variant 3. With the joint efforts the scene will move to levels significantly higher than available. Let's say, a lot of professionals will work on government and they will code only targeted malware. In such circumstances, the competition will come down to sharing out the minor share of the market such as carding and ddos. The concept of a hacker would go finally to ass. And it will be used as tag (something like kiddie or just moron). At the moment it becomes harder and harder for loners and small groups to monetize their knowledge. Trackers, AVs, sploits. All go down in quality. For instance, the traffic was not considered as a product before, but now it is being looked for by many people. If earlier successful loads on sploit-packs was about 35% and now even 10% is the matter of talk. And what next? We will send fakes? We will infect mobile devices? Oh.. I flew something. And I go to Variant 4.
Variant 4. I can't see it for now. I can't say that we can rapidly become smarter and begin to work together to upgrade our skills. Monetization is too deeply embedded and in any scenario, someone will try to get the profit with collective intelligence. We need a fundamentally new stage of evolution that would give birth to a new scene. The old one has died, a new scene is ugly.... I look forward to the third generation ... I'm afraid ..
Everything has already been done for us ? NO! :)
Many people have "pattern" mind that everything is created, written, realized! But it is not far so. XXI century is time of technologies and everyday something is created and these can help us to improve old ideas or create something new at all. Any technology can be used in vx aimes. Viruses are written in scripts (viruses for CFF Explorer), virus-scripts for MatLab and Wolfram Mathematica.
Why old-school vx-coders don't like modern malware coders?
Most of old-school vx-coders are contemptuous towards today's malware-coders, because they believes that they spoil their art with "pathetic crafts" and try to earn money, thereby changing the attitude from respect to aversion to them. Unfortunately the dominant part of malware is "dull primitive" and anyway some people manage to earn money selling them. To be honest, the vx-scene has died! But there is a hidden meaning. The very concept of the old vx has died, vx for the art's sake (an idea of 90-th and 2000-th). If we look at modern malware-scene, in fact it is the same vx-scene, where exist "pathetic crafts", and outstanding works of art. Only vector of orientation has changed from self-affirmation to receiving profit (vx with commerce). The basic idea is not that the monetization has blighted ideological VX. The idea is that the ideology of the 21st century is monetization!
Our brothers... Ms. hackers
Let's talk about vx theme, about hack-theme. What's going on there now? There is an interesting situation there. Imagine a tiny green sprout, which is again and again making its way through the thickness of the asphalt to the sun. It vividly describes what is happening on hack scene now. Let's assume green sprout is intellectuals, who devoted their lives to IT. They are not just system administrators, who don't want to develop further staying at the same level year by year, they are people who develop their skills, possess new technologies, learn new programming languages, create new concepts in IT sphere - true hackers. In turn asphalt is commerce, rippers, resellers, government bans and so on.
Many peoples have "online work" in commerce, for many of them work in the real life has changed to online mode, and this is the evolution, it should be so!
And what is concerning to those who productively support the development of new followers, and also allow them to communicate with "old men" and vx-coders of the past? Talking about russian hack-scene, we can count on fingers the number of boards, where life exists. I would like to pay tribute honor and respect to the people who donate and still support such boards, sometimes paying for hosting and anti-Ddos protection from their own pocket, at the same time arranging quests for the "most interesting article", attracting "fresh minds" to writing interesting articles and new ideas, as well as creating a pleasant environment for collective code writing, developing collective projects for Members of such boards.
The spirit and purposes of VX. Philosophy of reasoning.
Here I would like to quote the words of one man, who lived during those times when the
hack scene was born and grew up:
Thoughts about the combination of skills of guarded and the future of old-new vx-scene
Perhaps it makes sense to develop a full-fledged framework for help to spread malware (some attempts have been made in Framework Metasploit, but it was orientated to an exploit modification). A sterling worm, which uses the latest vulnerabilities, social engineering, created with techniques of detectability complications such as meta\polymorphic, permutation and so on taking into account the latest AV technologies. Thereby having set the challenge to itself and AV industry and even provoke a revival of the former old-school in vx-scene.
Another way of revival of vx-scene, in the previous trends, can be writing of all existing, and the new
material in the ordered structure, starting from "primitives for MS-DOS viruses"
(admittedly at that time, some of these viruses were not considered primitive and were a big
headache for AV industry), finishing by relevant today's technologies. As the material can be used some excellent articles about virus conceptualization, as well as
methods of code generation, polymorphism, metamorphism, permutations and many other technologies.
Nevertheless, I support the opinion that the barrier of entry for VX coder should be high, thereby returning respect to qualified VX coders, set of knowledge of whose is far superior than the knowledge of many employees of antivirus firms and employees of the Internet Security companies, thus filtering out those who should be a bus driver and a school teacher.
After all, only the most talented vx coders will be able to present to the world a radically new model of the modern concept of the virus, based on some mathematical model, which is absolutely impossible to detect by standard, existing tools in the AV industry. In fact there are viruses that do not have a body and as a payload they gather the code from system libraries. It radically changes the idea both about heuristics and about emulation as a whole, without providing even possibility to classify this kind of virus. I would call such virus as "hostless virus", which means the virus does not have body at all.
Although today's exemplars are not militant but only a Poc (proof of concept), full implementation of such a concept is not far. Next, the hardware virtualization technology I would say for VX ;), since it makes too complicated the task of detection for anti-virus. Antiviruses are inherently not ready for something radically new, and the reaction to some conceptual virus of next 2014-2020 years will be a cap, which the authors of the virus can solve in a few minutes, if this cap can be arranged at all.
Also we need to think about creating such a portal where any VX-coder will be able to express his opinion,
share sources and ideas, without fear of being accused of something, as well as having a portal with
Democratic administration, where a person will not be banned without obvious and clear reasons.
This kind of portal should be located where it will not be closed or locked. The slogan i would say should be:
Only in this way we can expected the development of the number of talented VX-coders, no matter what is their motivation let it be profit, self-assertion, conceptual written, the exposure (think of Edward Snowden, we respect him), or all together, because only together we are strong!