On the Evolution of Malware Species

Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 99)


Computer viruses have evolved from funny artifacts which were crafted mostly to annoy inexperienced users to sophisticated tools for industrial espionage, unsolicited bulk email (ube), piracy and other illicit acts. Despite the steadily increasing number of new malware species, we observe the formation of monophyletic clusters. In this paper, using public available data, we demonstrate the departure of the democratic virus writing model in which even moderate programmers managed to create successful virus strains to an entirely aristocratic ecosystem of highly evolved malcode.


malware computer virus phylogeny cybercrime malware writers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ferbrache, D.: A Pathology of Computer Viruses. Springer, NY (1992)CrossRefzbMATHGoogle Scholar
  2. 2.
    Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Upper Saddle River (2005)Google Scholar
  3. 3.
    Skoudis, E.: Malware: Fighting Malicious Code, 6th edn. Computer Networking and Distributed Systems. Prentice Hall, NJ (2004)Google Scholar
  4. 4.
    Cohen, F.: Computer Viruses: Theory and Experiments. In: Proceedings of the 7th National Security Conference, pp. 240–263 (1984)Google Scholar
  5. 5.
    Anderson, R., Böhme, R., Clayton, R., Moore, T.: Security Economics and the Internal Market. Technical report, European Network and information Security Agency (ENISA) (2008)Google Scholar
  6. 6.
    Turner, D., Blackbird, J., Low, M.K., Adams, T., McKinney, D., Entwisle, S., Wueest, M.L.C., Wood, P., Bleaken, D., Ahmad, G., Kemp, D., Samnani, A.: Symantec Global Internet Security Threat Report. Trends for 2008. Technical report, Symantec (2009)Google Scholar
  7. 7.
    Forrest, S., Hofmeyr, S., Somayaji, A.: Computer Immunology. Communications of the ACM 40(10), 88–96 (1997)CrossRefGoogle Scholar
  8. 8.
    Vlachos, V., Spinellis, D., Androutsellis-Theotokis, S.: Biological Aspects of Computer Virology. LNICST, vol. 26, pp. 209–219 (2010)Google Scholar
  9. 9.
    Li, J., Knickerbocker, P.: Functional Similarities Between Computer Worms and Bilogical Pathogens. Computers & Security 26, 338–347 (2007)CrossRefGoogle Scholar
  10. 10.
    Geer, D.: Monoculture on the Back of the Envelope. Login 30(6), 6–8 (2005)Google Scholar
  11. 11.
    Goth, G.: Addressing the Monoculture. IEEE Security & Privacy 1(6), 8–10 (2003)Google Scholar
  12. 12.
    Geer, D., Bace, R., Gutmann, P., Metzger, P., Pfleeger, C.P., Quarterman, J.S., Schneier, B.: Cyber Insecurity: The Cost of Monopoly. Technical report, Computer & Communications Industry Association (2003)Google Scholar
  13. 13.
    Geer, D.: The Evolution of Security. ACM Queue, 31–35 (2007)Google Scholar
  14. 14.
    Somayaji, A., Hofmeyr, S., Forrest, S.: Principles of a Computer Immune System. In: Meeting on New Security Paradigms, September 23-26, pp. 75–82. ACM, Langdale (1997)Google Scholar
  15. 15.
    Anagnostakis, K., Greenwald, M., Ioannidis, S., Keromytis, A., Li, D.: A Cooperative Immunization System for an Untrusting Internet. In: Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 403–408 (2003)Google Scholar
  16. 16.
    Sidiroglou, S., Keromytis, A.: A Network Worm Vaccine Architecture. In: IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Linz, Austria (2003)Google Scholar
  17. 17.
    de la Cuadra, F.: The Geneology of Malware. Network Security, 17–20 (2007)Google Scholar
  18. 18.
    Hayes, M., Walenstein, A., Lakhotia, A.: Evaluation of Malware Phylogeny Modelling Systems Using Automated Variant Generation. Journal in Computer Virology 5(4), 335–343 (2009)CrossRefGoogle Scholar
  19. 19.
    Karim, M., Walenstein, A., Lakhotia, A., Parida, L.: Malware Phylogeny Using Permutations of Code. Journal in Computer Virology 1(1), 13–23 (2005)CrossRefGoogle Scholar
  20. 20.
    Seewald, A.K.: Towards Automating Malware Classification and Characterization. In: Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik (German-Language Proceedings), Saarbrücken, pp. 291–302 (2008)Google Scholar
  21. 21.
    Gordon, S.: What is Wild? In: Proceedings of the 20th National Information Systems Security Conference (1997)Google Scholar
  22. 22.
    Bustamante, P.: The Disconnect Between the WildList and Reality. Technical report, PandaLabs (2007)Google Scholar
  23. 23.
    Marx, A., Dessman, F.: The WildList is Dead, Long Live the WildList! In: Virus Bulletin Conference, pp. 136–146 (2007)Google Scholar
  24. 24.
    The WildList Organization International: Wildlist,
  25. 25.
    Gordon, S.: Inside the Mind of Dark Avenger. In: Virus News International (1993)Google Scholar
  26. 26.
    Gordon, S.: Generic Virus Writer. In: 4th International Virus Bulletin Conference, Jersey, UK (1994)Google Scholar
  27. 27.
    Gordon, S.: Generic Virus Writer II. In: 6th International Virus Bulletin Conference, Brighton, UK (1996)Google Scholar
  28. 28.
    Gordon, S.: Understanding the adversary. IEEE Security & Privacy 4(5), 67–70 (2006)CrossRefGoogle Scholar
  29. 29.
    Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: an empirical analysis of spam marketing conversion. Commun. ACM 52(9), 99–107 (2009)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  1. 1.Department of Computer Science and TelecommunicationsTechnological Educational Institute of LarissaLarissaGreece
  2. 2.Department of Information TechnologyAlexander Technological Educational Institute of ThessalonikiThessalonikiGreece

Personalised recommendations