Monday, February 7, 2011

Virus Report Card: Stuxnet and Zeus/SpyEye

[NOTE: This article was updated on February  13, 2014 — yegads, nearly three years later — and can be seen by clicking here. There is still valuable stuff below, but I've added the Mask/Careto virus in the new matrix.]

Computerworld's report on next-generation banking malware has links to Zeus and SpyEye screen shots of the command and control dashboards used by criminals to hit banks. These links, combined with information reported on the Stuxnet virus, give me enough information to extrapolate these virus tools against the template of The Perfect Virus. There are still attributes for which I don't yet have answers, but I throw my current assessment out there in hopes "someone who knows" might help me flesh out The Virus Report Card. Here's my understanding of these virus delivery systems as of today:

As more viruses are publicly identified and quantified, I'll expand the above chart to include them. And I simply can't wait to see how the Russians (?) broke into the NASDAQ Director's Desk to spy on confidential information shared between leaders of publicly held companies. I advise NASDAQ not to wait for the Feds to do too little, too late. My comment on the WSJ site:
Access to confidential information shared between corporate executives would give a phenomenal advantage to traders in upcoming M&A transactions between public companies. Even if this wasn't the trading system itself, the damage to the integrity of the system cannot be underestimated. Again, I urge NASDAQ to put a bounty on the heads of the attackers and get serious about kneecapping them. Don't wait for the Feds to do too little too late. You guys own this one. Make it happen. The Morgan Doctrine
In the meantime, if any of my readers have information to update the above chart, or if you have links to other virus technology, please drop me a line.

Update: Principle #21, Institutional Memory, was updated to a "partial" for Stuxnet in my Valentine's Day post.

Update: Principle #22, Defense, was update to a "partial" for Zeus/SpyEye on Wednesday, March 9, 2011.

Major update on Wednesday, May 11th, with the release of the Zeus source code. Zeus/SpyEye is looking pretty formidable, since it could just as easily be provisioned to do many other nefarious jobs than just cracking bank accounts. I also used this occasion to update the Stuxnet part of the matrix, based upon now-publicly available information. Net net: While Stuxnet and Zeus/SpyEye don't rise anywhere close to The Perfect Virus in capability or lethality, they're certainly emerging as a clear and present danger.

Duqu was added to the report card on Friday, October 28, 2011.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?