2010-10-01
Abstract
‘Ten years ago the idea of malware writing becoming a profit-making industry simply wasn’t on the radar.' Helen Martin, Virus Bulletin
Copyright © 2010 Virus Bulletin
By the time this issue of VB is published Virus Bulletin will have celebrated the 20th anniversary of the VB conference.
The inaugural VB conference took place in September 1991 – before the term ‘malware’ had been dreamt up and when ‘spam’ was still just a form of tinned luncheon meat. The conference programme spanned two days in a single-stream format, and amongst the material presented, delegates heard that IBM had over 400 different computer viruses in its collection.
Since then, of course, times have moved on – the conference now takes place over three days, in a double-stream format, and the number of speakers and delegates has more than doubled. Times have moved on in the industry too, and for anyone who wasn’t involved in it 20 years ago, the idea that a security company would be proud to have 400 different pieces of malware in its collection seems hard to believe.
But even ten years ago the situation was dramatically different from the world we live in today.
In September 2000 the VB conference celebrated its 10th birthday in Orlando. The keynote address was a paper by IBM’s Steve White entitled ‘Virus Bulletin 2010 – a retrospective’. In it, Steve wrote as if he was an AV researcher living in 2010 looking back on the last ten years of the industry.
While mostly very tongue-in-cheek, a substantial amount of what he wrote was accurate.
He predicted that by 2010 the PC would no longer be the most prevalent computing platform in the world, having been overtaken in number by pervasive computing devices – in other words, PDAs and web phones.
He predicted that dramatically falling prices for commercial computing systems would result in their commoditization and widespread use throughout the world, and he predicted that broadband Internet access from most of the developed world would put much of the earth’s population online 24/7.
However, not all of his predictions were as accurate: he predicted that in 2010 there would be nearly 500,000 viruses in existence – not 500,000 new viruses per month or per week, but 500,000 in total. Today we see in the region of 50,000 new malware files every day. Indeed, in another paper from VB2000 Paul Ducklin described how anti-virus vendors were in the habit of exchanging entire malware collections once a month – with a typical collection ranging in size from 5MB to 10MB. Today, typical malware collections occupy terabytes of disk space, and sharing new samples even on a daily basis takes gigabytes of network bandwidth.
Steve’s paper also failed to pick up on possibly the greatest change we have seen in the malware scene – the change in motivation of malware authors.
Even in some of his seemingly more far-fetched descriptions of virus outbreaks – such as the one he wrote of that brought down the 25th largest bank in the world, or the one that altered victims’ electronic tax returns, there was no mention of malware authors issuing ransom demands, syphoning money out of accounts or stealing data, and so on. Once again, this is a reflection of how much the malware scene has changed – ten years ago the idea of malware writing becoming a profit-making industry simply wasn’t on the radar, while today, the profits generated by cybercrime worldwide are rumoured to match the revenues yielded by the illegal drugs trade.
With such dramatic changes over the last ten years, one has to wonder what the next ten years will have in store for the industry – to quote Eugene Kaspersky (see VB, October 2000, p.19), ‘I can’t predict precisely what will happen in the future, but I’m pretty sure that computer crime and cyber hooligans will not disappear.’
Steve White’s VB2000 paper can be downloaded from http://www.virusbtn.com/conference/vb2000/vb2000White.pdf – although I regret to say that despite our best efforts Virus Bulletin’s technical people are still unable to get the ‘touch references’ to work…
