Using Viruses as Weapons

Viruses have evolved rapidly, and have distanced themselves far from their origins of opening a computer’s CD tray to use as a cup holder. In the past years, viruses have evolved from a medium to tell jokes, to a monetary venture, and are moving dangerously close to the arena of war. The best example of using a virus as a weapon is still Stuxnet.

For those who are not familiar, I would strongly recommend you watch the short clip at the top of this post. It was a revolutionary virus because of its legitimacy. It had 2 proper security clearances from both Realtek and JMicron. The code was very targeted, and the virus would only install itself on machines that met its requirements. It was found on both Windows based machines, and Siemens based controllers in multiple countries. The code spread using many zero-days as well as commonly known vulnerabilities that are structurally similar to conflicker’s distribution method. Yet this behemoth only attacked Iranian nuclear facilities.

Stuxnet invites a new era of virus complexity, as well as a powerful weapon. The virus’s source is freely available, to dissect and modify. Surely megaviruses like Stuxnet will provide a new challenge to current and upcoming security professionals.

hackers are going to get smarter and faster

We are going to miss the days of fame-seeking mass mailers and network worms. The days of love letter, SQL Slammer, and Melissa all crashing millions of systems within hours of being released into the wild. Mass mailers have been replaced by malware that steals credit card information and sells fake antivirus products. Malware has become a successful criminal business worth billions of dollars in play. And Trojans and toolkits like Zeus are tools of the trade. Business is just too good for the cybercriminals. With all these new phones like the droid and smart phones it doesn’t get much better. As devices grow more sophisticated it is inevitable that attackers will key in on mobile devices. We will have to address the challenges by adopting new models, such as security in the cloud, for suitable solutions that will work across multiple platforms and devices. So if network security is your intended program you have to always think two steps ahead and be up for the challenge.