Malware Engineering

Starting from simple hand-crafted viruses, today’s malware has evolved to constitute highly infectious computer diseases. The technical development of malware was mainly driven by the wish to improve and accelerate both attacks and proliferation. Although these programs have incurred significant hazard and financial losses, their mechanisms are relatively simple and are amenable to effective countermeasures— once, the first attack has been launched. From a software technology point of view, malicious software in fact is often very similar to network services with the main difference that security holes are exploited to enforce participation in the protocol. In this position paper we outline the wide range of possible malware-specific engineering techniques which are not used in known viruses and worms, but are technically feasible and will therefore be realized in the foreseeable future—less likely by hackers than by organized illegal entities. The techniques we describe enable the malware to obfuscate its functionality, monitor and analyze its environment, and modify or extend itself in non-trivial ways. Consequently, future security policies and risk assessments have to account for these new classes of malware. WE ARE THEIR FOOD. THOSE GERMS OF THE PAST THAT BEST CONVERTED OUR BODIES INTO THEIR OWN PROPAGATION ARE THE GERMS OF THE PRESENT. THOSE GERMS OF THE PRESENT THAT BEST CONVERT OUR BODIES INTO THEIR OWN PROPAGATION ARE THE GERMS OF THE FUTURE. Paul W. Ewald [Ewa00]