http://communities.intel.com/community/openportit/blog General Community Blog Fri, 10 Apr 2009 18:51:53 GMT Jive SBS 5.0.2.0 (http://jivesoftware.com/products/clearspace/) 2009-04-10T18:51:53Z http://communities.intel.com/community/openportit/blog/2009/04/10/bacteria-and-malware-evolution <!-- [DocumentBodyStart:cb967200-ad60-48fa-ab34-959146792ffc] --><div class="jive-rendered-content"><p>Research in how bacteria communicate and cooperate may be the future lessons of how computer malware evolves.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><h6>Bacteria and malware evolution</h6><p>I recently watched a fascinating <a class="jive-link-external-small" href="http://www.ted.com/index.php/talks/bonnie_bassler_on_how_bacteria_communicate.html" target="_blank">presentation by Bonnie Bassler on how bacteria communicate</a>.</p><p>My information security brain started thinking of the similarities between the evolution of computer malware and bacteria.&nbsp; Bacteria over the course of billions of years, devised the most efficient way to communicate, survive, and even destroy large and complex systems.&nbsp; This may be the most logical path for the successful evolution of computer malware and a peek in the future of information security challenges.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><p>Bonnie is a passionate and articulate speaker who outlined how these simple single cell critters work as a team to coordinate activities in a perfectly synchronized manner.&nbsp; Their actions are stealthy, methodical, and can accomplish incredible objectives through teamwork on the scale humans have never achieved.&nbsp; They infect, quietly multiply, and wait.&nbsp; Bacteria independently determine the size of their community and decide to act based upon rudimentary communication and awareness.&nbsp; When conditions are right, a level of potential virulence is attained, they team up in the billions and act in a choreographed manner.&nbsp; And they do it simultaneously to bring down their target.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><p>In many ways, computer malware act similarly to bacteria.&nbsp; Malware infects computers which are part of a large community.&nbsp; Malware and bacteria want to remain stealthy until ready to strike.&nbsp; Malware exists as basic lines of code with simple rules.&nbsp; Bacteria are organisms which behave in simple ways.</p><p>We are seeing the malware industry evolve with more ambitious goals.&nbsp; Infection of a single node in a network is no longer sufficient to achieve desired objectives.&nbsp; Malware must be developed to meet new challenges.&nbsp; Bacteria are the masters at infiltration, stealth and surprised coordinated attacks against behemoth adversaries.&nbsp; In the future, malware may take some lessons from it biological doppelganger.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><h6>So how may malware evolve?</h6><p>Malware design may shift to very small autonomous pieces.&nbsp; Modern malware is generally a single package of standalone code which may exist as a file or attach itself to other code.&nbsp; Deciphering of this complete nugget will typically reveal all its secrets.&nbsp; In the future such code may be broken up like pieces to a puzzle.&nbsp; Each piece means very little and appears harmless. Only when they come together does the malevolent picture come into view.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><p>Code will replicate itself and seek deeper penetration to all manner of systems.&nbsp; With little risk of the big-picture exposure, these pieces can be distributed and replicated much more.&nbsp; Computer environments are full of innoxious code such as temp files, random packets, application remnants, and unneeded data.&nbsp; Most code and data is ignored unless deemed dangerous.&nbsp; These pieces can quietly infiltrate many different operating systems, applications, data, and communication traffic of clients, servers, storage, and network devices without raising alarm.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><p>Malware will be very quiet, acting locally and not attempting to communicate outside of the environment.&nbsp; Much of today&#8217;s malware is detected as it attempts to communicate with command and control systems outside of the target network.&nbsp; Evolution of malware code will be harmless, quiet, and unnoticeable until the right success conditions are met.&nbsp; Local community awareness via &lsquo;quorum sensing&#8217; between the pieces within a target environment would likely not be detected.&nbsp; Only when the right elements are in place will the pathogenicity be realized as unified activation is initiated and virulence is rapidly achieved.&nbsp; This will offer little chance for security to offer a meaningful response.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&nbsp;</p><p>Malware has a lot to learn from its slimy cousin.&nbsp; Maybe someday malware writers will become as smart as these microbes.&nbsp; On the upside, security can learn from the same teachers.&nbsp; Just don&#8217;t blame our microscopic symbiants of malice, as we exist in their world.&nbsp; The battle continues.</p></div><!-- [DocumentBodyEnd:cb967200-ad60-48fa-ab34-959146792ffc] --> security information_security model malware risk software virus optimal_security matthew_rosenquist rosenquist future strategy malicious_software malicious Fri, 10 Apr 2009 18:51:53 GMT webadmin@intel.com http://communities.intel.com/community/openportit/blog/2009/04/10/bacteria-and-malware-evolution 2009-04-10T18:51:53Z 4 years, 1 month ago 2 0 http://communities.intel.com/community/openportit/blog/comment/bacteria-and-malware-evolution http://communities.intel.com/community/openportit/blog/feeds/comments?blogPost=12051