For the past three years, the Symantec Hosted Services (formerly MessageLabs) Cyber Threat Gallery has traveled far and wide displaying at events from London to San Francisco. This week, the collection is on display at Symantec’s Vision 2010 Conference. Attendees can see many pieces from the collection, comprised of 25 images in its entirety and created by digital artists Alex Dragulescu and Julian Hodgson, at the Vision Welcome Reception on Tuesday, April 13 in the main expo hall of the MGM Grand. The artwork will remain displayed on the first and second floors of the hotel conference center for the duration of Vision 2010.
This week at Vision 2010, Conficker will debut along with Lovebug and Rustock, two of the newest additions to the collection. A dropper discovered by Symantec in November 2008, Conficker infected more than six million computers worldwide becoming one of the most dangerous threats of the year. Having remained relatively quiet since, it is now a generic dropper for other malicious software.
This May, Lovebug –also known as ILOVEYOU and LOVELETTER, celebrates its ten year anniversary. Lovebug infected tens of millions of computers worldwide and Symantec Hosted Services, then MessageLabs, gained recognition for stopping and naming the virus before any other vendor. A Trojan horse botnet component with backdoor capabilities, Rustock allows a comprised computer to be used as a covert proxy in the distribution of spam email. By the end of 2009, Rustock was sending 20 billion spam messages daily and was responsible for 19 percent of spam worldwide.
Since 2008, the unique images that comprise the cyber threat collection have served as the backbone of the award-winning MessageLabs service advertising and marketing campaign and were created using actual disabled source code of a variety of spam and malware provided by the MessageLabs research and response team. The project marks the first time computer threats have been depicted in this way. The aim was to visualize the range of existing computer threats in a more compelling way than computer security has been depicted in the past. The collection covers seven categories: viruses, spam, phishing, Trojans, spyware, malicious links and targeted Trojans.
Each image is created by taking the code from each online threat and feeding it into the artist’s proprietary software program which is designed to identify patterns and characteristics in each sample of code. A 3-D image then results.
In addition, there are three pieces that comprise the Visual Synopsis collection which depicts general customer use of MessageLabs Hosted Email Archiving, MessageLabs Hosted Boundary Encryption and MessageLabs Hosted Email Continuity services showing the unique ecosystem of data each client stores and secures and many connection points of this data. The Visual Synopsis collection was created by Julian Hodgson in 2009 in a similar way. A sample of anonymous customer data was selected to represent a selection of data elements. Algorithms were then developed and implemented that would position each component of the image based on attachment size, geographical location of email and email volume. The algorithms are then rendered as 3-D images.
In addition to being beautiful to look at, the images serve to provide an interesting vie on how malware has evolved over the last couple of years. AS the rhythms in the code are mapped to drive the configuration of the images, for instance, how they are grouped, how many tentacles they have, how curly they get and what colors they are, the malware team can examine these images and their characteristics to gain some insight into how threats are changing and how they might morph in the future.