Changing how people see the malware threat: images can make a difference

Malware IncorporatedThis is a just a short post to make available the security awareness slides that I was using at the RSA Conference in San Francisco last week. Several people asked me for copies to use in their own awareness efforts and I am more than happy to oblige. I believe these slides can be effective in changing the way people perceive the threat of malicious software.

My operating hypothesis is that the sooner everyone–from CEOs to employees, kids to grandparents–understands that malicious software–viruses, Trojans, worms, or whatever–are the work of a rogue industry, not a roguish teenager, the sooner we can convince individuals and organizations to effectively implement the necessary counter-measures.

The slides go by the name of Malware Incorporated, the fictitious-but-all-too-real criminal enterprise that embodies this new trend. The mission statement of Malware, Inc. is strikingly simple and honest: Turning your data into our dreams.

A copy of the slides can be downloaded in Acrobat .pdf format. Please note that I have broken out the screenshots of crimeware into separate slides so they are all visible (this adds a few pages to the .pdf but seems like the best way to handle build slides). Also note that I am indebted to Brian Krebs for some of the shots as well as Dr. Mark Vriesenga of BAE Systems. If you would prefer the actual PowerPoint file, I have placed the .ppt inside a 5.6 MB zipped folder.

If you find the slides useful, please let me know. In the meantime I plan to record them as a video with narration, but I promise not to use my Peter Falk accent.

Author Stephen Cobb, ESET

  • Carolyn

    Please let me know when you hace the video with narration.

  • Don Nendell, Review Editor Blue Chips Magazine

    Stephen, please let me know when you update the slides (Malware Incorparated) with narration. I am presently including a reference to your slides in my monthly Security-Related Report (#26), to be published in the online March issue of Blue Chips Magazine (it will be up online approximately March 14th; unfortunately, I have no control over that function of the magazine).
    FYI I put this disclaimer at the beginning of each of these articles:
    1. “If you are reading this Report/Review from directly off of an Internet search, you could very well be seeing it in HTML (or text) format. Yuk! There’s No Graphics there! To see all the beautiful Graphics in this Report/Review, the ones that we’ve worked so very hard to entertain you with – you will need to follow the procedures outlined in 2 below. Enjoy! Again, our web page is: (”
    2. “See the actual Reports/Reviews in the Blue Chips Magazine (BCM) Archives (i.e., begin search on left-hand side of web page) at: ( Note. Always choose the top option, i.e., PDF format for its beauty.”
    Stephen, speaking for all of us out here in "never-never land," thank you for your dedicated service to the security of anyone who plies the Internet, and most especially for making the slides (and narration) freely available to us all. Keep up the great work!
    Donald Nendell, Review Editor Blue Chips Magazine

  • O.61803398874

    Question, has Eset tested their firewall in EESS or ESSBE using the Comodo Firewall Test Suite, because they claim Eset Smart Security v4 got a score of 150 out of 340 leaks! Meaning, 50% of the time the firewall wasn't preventing leaks. ; <— Screen shot showing the results of their test.

    So why isn't Eset Firewall blocking those exploits? Am I going to be safe to use Eset Firewall?

  • O.61803398874

    i43.tinypic(dot)com/2dkyf6x.png <— Screen shot
    The above link was censored, so I try again to provide the picture to show the Comodo Firewall Test Result.

    • David Harley

      The link wasn’t “censored”: links are automatically removed in comments as an anti-comment-spam measure. As for the Comodo test suite, I don’t speak for ESET’s developers, but I don’t regard leak tests as a useful metric: they’re rather like simulated malware, in that they try to extrapolate effectiveness at countering a real threat using an artificial, non-threatening quasi-attack. They tell you nothing about a firewall’s effectiveness at its primary job, which is keeping threats outside the perimeter in the first place.

  • Jim Bartel

    Your Malware Incorporated presentation was most helpful as part of our local awareness campaign. Thank you very much for your efforts.

Follow us

Copyright © 2017 ESET, All Rights Reserved.