Infected Art: Viruses And Malware Made Beautiful At RSA

They're frightening, yet strangely beautiful. They spread and infect and replicate and continually wreak havoc. While viruses and malware steal copious amounts of information and compromise an untold number of machines every day, these treacherous security threats are unseen to the naked eye. Until now.

For the first time ever, images have been developed that visualize a wide range of these pernicious, but hidden, threats. Researchers at MessageLabs, the vendor behind the project, disassembled malicious code from a variety of well-known threats to render it inoperative. The researchers then passed the code along to computational artist Alex Dragulescu, who applied specially built application to analyze the code and used its values to create a 3D entity. That entity was then transferred to modeling software, where it was positioned and lit to capture the aesthetics of the model. Dragulescu then used his artistic touch to prepare the final image for its presentation April 7 at the Varnish Fine Art Gallery in San Francisco.

MyDoom E-mail Worm

You might remember this virus from 2004. MyDoom became the largest mass-mailer outbreak to infect a large user base following the Sobig.F worm in September 2003. Although MyDoom.A was not the first worm to demonstrate how effectively virus and spamming attack methods could be combined, it arguably became the most successful when it reached a peak infection rate of 1 in every 12 e-mails.

Netsky E-mail Worm

Like its predecessor MyDoom, the Netsky worm was discovered March 2004, and continues today as one of the most consistently present threats in e-mail traffic.

Parite Dropper/File-Infection Virus

This virus has some history behind it. Parite exemplifies a virus that infects its host file, Netsky, and drops executable malware. First seen in October 2001, Parite is still a prolific security threat today.

Virut: Self-Infector Virus

Discovered in mid 2006, Virut is a polymorphic file infector that downloads and runs other malicious programs. In order to replicate, it will infect all the executable files. Occasionally this means it infects other pieces of malware.

Sexdating1: Text/HTML Spam

As anyone with an inbox can attest, spam is one of the most prolific problems on the Internet today. In order to avoid detection and pass successfully through filters, spam has become increasingly sophisticated. But with its increased presence on the Internet, comes an increase in the use of malicious links, pdf, xls and mp3 spam. Starting in late 2007, this spam ran messages that advertised "adult dating" or "extreme dating" Web sites. Both the content of the message and the Web site that it links to contained extremely graphic and explicit images.

Desgreesdiploma5: Text Spam

Subject: Interested to Obtain Bachelors' Degrees

Most users have seen this before. This spam promotes degrees from "degree farms" or "prestigious non-accredited universities." The spam often includes phone numbers instead of URLs, which are typically just unstaffed voicemail boxes. Once they call the listed number, users will be treated to a longwinded message that explains the offer, and then requests the users to provide information.

Russian3: Text and Image-based Spam

Subject: Ever Heard That You're Getting Fat

These cleverly crafted e-mails are not in Russian, but rather very professional looking newsletter spam sent by Russian spam gangs. The spam messages contain very blunt subjects, advertising solutions for hair replacement, weight loss and others offers that prey on users' insecurities.

Phishing1

Subject: Confirm Your Online Account Details

Phishing, a spamming technique aimed at conning users into revealing personal or financial information, continues to be a serious problem. And as phishing techniques grow in sophistication many users find it challenging to distinguish phishing messages from legitimate e-mails. This message, for example, require the recipients to confirm their details, in which the attackers assert is needed in order to enhance security.

Phishing9:

Subject: For Your Security We Deactivated Your Card Account

Often attackers emulate e-mails from legitimate organizations in order to lure victims to spoofed Web sites that convince users to enter personal details. Some phishing e-mails claim that the recipient's bank account or credit card has been suspended due to fraudulent activity. Unsuspecting users are then requested to enter this sensitive financial information in order to unlock or reactivate their account. However, instead of their bank, this information is funneled directly to attackers who will then use it for financial gain or sell it on the black market.

Phishing5

Subject: Account Notification

Meanwhile, other phishing attacks prey on people's sense of urgency. This phishing attack demands that the user provides credit card information. Recipients of the phishes are then galvanized to action when the attackers says that bank account access will be restricted unless they act quickly to provide sensitive information.

Rogueware Spysheriff Fake Anti-Spyware Program

Users who become infected with the Rogueware Spysherriff will receive a piece of software that deliberately slows down their computer and then be treated to obnoxious pop-up advertising. The program also frequently solicits users to pay for upgrade to a full or premium version. The irony with this piece of malware is that it masquerades as an anti-spyware program.

Ghost Keylogger

Beware of keyloggers. As some of the stealthiest malware in cyber space, they save all keystrokes on the affected computer to a file, which is then accessed for later use. As if that wasn't enough, Ghost also saves screenshots and addresses of the Web sites visited, which can be used to easily identify sites that require passwords. Once saved, this handy bit of information is used by attackers to access the accounts for fraudulent activity.