Malware. In my almost 15 years in information security, malware has become the most powerful tool in a cyber attacker’s arsenal. From sniffing financial records and stealing keystrokes to peer-to-peer networks and auto updating functionality, malware has become the key component in almost all successful attacks. This has not always been true. I remember when I first started in information security in 1998, deploying my first honeypots. These allowed me to watch attackers break into and take over real computers. I learned firsthand their tools and techniques. Back in those days, attackers began their attack by manually scanning entire network blocks. Their goal was to build a list of IP addresses that they could access on the Internet. After spending days building this database, they would return, probing common ports on each computer they found, looking for known vulnerabilities such as vulnerable FTP servers or open Window file shares. Once these vulnerabilities were found, the attackers would return to exploit the system. This whole process of probing and exploiting could take anywhere from several hours to several weeks and required different tools for each stage in the process. Once exploited, the attacker would upload additional tools, each of which had a unique purpose and usually ran manually. For example, one tool would clear out the logs; another tool would secure the system; another tool would retrieve passwords or scan for other vulnerable systems. You could often judge just how advanced the attacker was by the number of mistakes he or she made in running different tools or executing system commands. It was a fun and interesting time, as you could watch and learn from attackers and identify them and their motivations. It almost felt as if you could make a personal connection with the very people breaking into your computers.