Talk:Evolution of Cybercrime and current situation

Avichal 01:17, 6 December 2005 (PST) In the Defense Evolution section, I think the only part I have little trouble with is

 Trends in worm and virus delivery mechanisms and infection speed have also changed. Not long ago, a
 virus warning and the patch to vaccinate computers against it would appear days before the virus 
 began spreading. Today, too often the first sign of a virus is that a part of the network goes down.

I think the trend is that the time to develop the exploit has been reduced tremendously. So the typical "vicious" cycle is:-

1. Vulnerability is discovered
2. Patch is developed
3. Patch is released
4. Exploit is created
5. Vulnerable systems are attacked
6. Systems gets patched, and the no. of vulnerable system slowly decays
7. ..repeat from 1 with a new vulnerability

As was mentioned in the lectures, time between 3 & 4 has been tremendously compressed due to tools whom you can feed in a 'Patch', which then reverse-engineer to figure out the vulnerability and then devise an exploit for that vulnerability. The actual patches (e.g released monthly by microsoft) are inputs for this diabolical scheme.

BTW patching times have also been reduced, but due to corporations needing to test patches and slowly roll them out they can never close the opportunity window between exploit creation and patching of the system. [1]

I formed my impressions mainly from Dave Aucsmith (Slides 9-12) & Eric Rescorla's lectures (Slide 4).