1、1The next virusesWhat we could wait for?Fernando de la CuadraPanda Software International2Index Big attacks Summary of advantages and disadvantages What could we wait for? And then.3Big attacks Jerusalem Melissa Lovelettter Klez Sobig SQLSlammer Blaster4Jerusalem First big infection Payload: Deletes

2、 executables files Low damage according with nowadays figures Factors for success: Users misinformation Piracy Factors for being unsuccessful: Low number of computers in 1989 Date for payload: Friday, 13th Spreads without conditions: all EXE files5Melissa First mass-mailer worm for end users Payload

3、: Modifies Word 9.0 macro security Inserts some texts Forward itself to 50 addresses Factors for success: First mass mailer worm for Outlook Users misinformation Factors for being unsuccessful: Too many symptoms of being infected Excessive use of mail servers6Loveletter Another mass-mailer worm for

4、end users, with high media impact Payload: Overwrites certain files Steals personal information Factors for success: Forwards itself to all addresses Users misinformation Fast spreading Factors for being unsuccessful: Too many symptoms of being infected Excessive use of mail servers Big media impact

5、7Klez First big security hole exploit PayloadStops antivirusDeletes filesSpreads massively changing shape Factors for success:Users lack of upgradingVulnerability Factors for being unsuccessful:?8Sobig Combined threat PayloadSpreads massivelyDownloads a worm form Geocities Factors for success:Social

6、 engineeringUsers misinformation Factors for being unsuccessful:Use of mail serversMedia impact9SQLSlammer Non- PayloadDenial of Services in MS SQL Servers Factors for success:Fast spreadingLack of updating in servers Factors for being unsuccessful:Upgrading of serversCorrect firewall configuration1

7、0Blaster Using RPC vulnerability Payload Denial of Services to Installs Trivial Protocol server Factors for success: Fast spreading Lack of updating in computers Factors for being unsuccessful: Upgrading of computers Media impact11Summary SuccessSocial engineeringUsers misinformationFast spreadingLa

8、ck of updating in serversFast spreadingLack of updating in computers12Summary Factors for being unsuccessful:Excessive use of mail serversMedia impactUpgrading of serversCorrect firewall configurationUpgrading of computersMedia impact13What could we wait for? E-mail virus:Spreading through a non sus

9、picious e-mail address and sender “Postmaster” may be a good sender “Undeliverable” may be a good subjectIt cannot look like spamAbsolutely “aseptic” body and subject14What could we wait for? Slow actionNot more than 10 messages per dayNo administrator will detect this low traffic increasing15What c

10、ould we wait for? Propagation:Direct SMTP commandsE-mailing to addresses in different domains than the computerInside domains, direct spreading through open standard ports16What could we wait for? Avoid address book to read addressesLook for addresses in hard driveInternet temporal filesWord textsHT

11、ML files17What could we wait for? Very light PC damageComputers are its life support,Distributed attack to big Internet serversIf it cracks PC, it will become well knownFor non ADSL or networked PC, it should dial-up its own connection when screen saver pops up18What could we wait for? Avoiding antivirus detectionEncrypted attachmentRandom password inside the textWinZip may be a good tool!Better a new encryption system19And th