AVAR 2005 Conference

The 8th Association of Anti-Virus Asia Researchers annual conference was held in Tianjin, China on th 17th and 18th of November. The conference theme was “Wired to Wireless, Hacker to Cyber-criminal”. Speakers from around the world reported on the developments they are seeing, how we can understand and prevent new threats and the technologies involved. Chen Mingqi reported on CNCERT/CC’s response to botnets. Eugene Kaspersky addressed the challenges we face. Vesselin Bontchev and Kyu-beom Hwang reported on very different mobile threats. Richard Marko, Andrew Lee and Gabor Szappanos reported on their varied efforts to capture malware in the wild.

The End of the Virus Problem?

A trend highlighted by many speakers is that we are seeing a clear move away from self-replicating malware. Over 80% of the new malware is not self-replicating, we are seeing thousands of variants of Trojans, there are very few massive virus outbreaks (see Sober.Y Outbreak, above, for the exception) but a host of botnets. Large, blended threats have been replaced by modular malware that downloads new components as required.

This is related to the increased criminality of malware authors: a large outbreak attracts attention and arrest, as Jeffrey Lee Parson and Sven Jaschan discovered. But a large outbreak is unnecessary for a successful crime: it takes time to use stolen credit card details, so gathering them in small batches, and frequently changing the Trojans used to collect them, makes sense. Attacks like a DDoS also do not need massive numbers; a botnet of a few thousand machines can overwhelm almost any site.

A virus can easily spread out-of-control; a trojan is therefore a preferable for criminals. Viruses are therefore fading in importance because even the criminals have realised that self-replicating code is a bad idea.