By Hiranmayi Pai Neeraj Jain

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

7 Effective Habits when using the Internet Philip O’Kane 1.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

LittleOrange Internet Security an Endpoint Security Appliance.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Norman SecureSurf Protect your users when surfing the Internet.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Unit 2 - Hardware Computer Security.

Hacker Zombie Computer Reflectors Target.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)

 a crime committed on a computer network, esp. the Internet.

Honeypot and Intrusion Detection System

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.

Return to the PC Security web page Lesson 5: Dealing with Malware.

Recent Internet Viruses & Worms By Doppalapudi Raghu.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev,

Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.

BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.

Antivirus software.

 Keeps data and equipment functioning  Lack of security can expose confidential information and reduce network resources  Can degrade.

Malicious Software.

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

Sky Advanced Threat Prevention

Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.

Business Technology Applications What is Malware.

Understand Malware LESSON Security Fundamentals.

Security Threats Caela Harris. What is a Virus A computer virus or a computer worm is a malicious software program that can self replicate on computer.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.

Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.

Managing Windows Security

Backdoor Attacks.

Secure Software Confidentiality Integrity Data Security Authentication

Forensics Week 12.

Viruses and Virus Protection

Using Software Restriction Policies

Presentation transcript:

By Hiranmayi Pai Neeraj Jain Zero-day Attacks By Hiranmayi Pai Neeraj Jain

Table of Contents Introduction Evolution of Vulnerabilities and Threats Propagation of Zero-Day Threats Characteristics of Zero-day attack Detecting a Zero-Day Compromise Prevention of Zero Day Infections Conclusion

Introduction What is a Zero-day attack? A zero-day or zero-hour attack or threat is an attack that exploits a previously unknown vulnerability in a computer application The developer creates software containing an unknown vulnerability. The attacker finds the vulnerability before the developer does. The attacker writes and distributes an exploit while the vulnerability is not known to the developer The developer becomes aware of the vulnerability and starts developing a fix.

Evolution of Vulnerabilities and Threats In the past, IT security professionals, researchers and developers would publicly announce they found a vulnerability, primarily to motivate the vendor to release a patch. The average time to identify a vulnerability using reverse engineering techniques is only nine days from the time the patch is released. But, attackers are becoming more efficient, creative and faster at creating exploits these days.

Propagation of Zero-Day Threats Example 1(Windows 2000 dll) The earliest known zero-day exploit was discovered in March 2003 when the military realized one of their web servers had been compromised. The exploit involved an unchecked buffer overflow in the Windows 2000 dynamic link library, Ntdll.dll

Propagation of Zero-Day Threats Example 2 (Internet Explorer) In October 2003, a zero-day exploit known as the Qhosts Trojan surfaced. The exploit attacked the Internet Explorer Object Data Remote Execution vulnerability. The Trojan horse would automatically be downloaded and executed on an unsuspecting victim’s system only when specific code embedded in a banner ad was accessed with Internet Explorer.

Propagation of Zero-Day Threats Example 3(Adobe Reader) Cybercriminals are using a new PDF exploit that bypasses the sandbox security features in Adobe Reader X and XI, in order to install banking malware on computers. The attack fails in Google Chrome because Chrome provides additional protection for the Adobe Reader component, while the attack is successful using IE or Firefox

Propagation of Zero-Day Threats Example 4(Java Zero day ) When a compromised page is accessed, it forces the system to download an arbitrary payload, for example, a keylogger or calc.exe, without requesting any prior confirmation.

Propagation of Zero-Day Threats Example 5 (Internet Explorer) The attacks install the Poison Ivy backdoor Trojan when unsuspecting people browse a compromised website using a fully patched version of Windows XP running the latest versions of IE 7 or IE 8 and the Trojan hijacks the system.

Propagation of Zero-Day Threats Example 6 (RSA) In March RSA revealed that their data related to their SecurID™ product was stolen. This stolen data was then used in further attacks against a number of military contractors. The attachment contained an embedded Flash file which exploited CVE-2011-0609 in order to install a Backdoor program. Once the attackers had backdoor access they were able to install the PoisonIvy remote access tool in order to iterate through the network gathering credentials and eventually getting to the target machine which contained the sought-after data.

Characteristics of zero-day attack The most dangerous and likely vector of propagation for zero-day threats is a blended threat. Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack.

Characteristics of zero-day attack Causes harm Propagates by multiple methods Attacks from multiple points Spreads without human intervention Exploits vulnerabilities

Detecting a Zero-Day Compromise Behavior-based systems (IDS and IPS) alerts Antivirus software alerts as a result of heuristic scanning Unusual events in the system log files (i.e. failed logons) Poor system performance Unexplained system reboots Network traffic on unexpected ports, especially on ports known to be backdoor ports for known blended threats (i.e. MyDoom: TCP ports 3127 through 3198) Increased network traffic on a legitimate port Increased scanning activity Unusual SMTP traffic, especially originating from systems that should not be using SMTP

Prevention of Zero Day Infections

Prevention of Zero Day Infections Border Protection System Hardening Antivirus Software Patch Management Vulnerability Management Application Hardening Blocking Attachments Honeypots

Conclusion Zero-day threats are only in the beginning stages. If the history of vulnerabilities and exploits is any indicator, zero-day threats will progressively get worse and present the biggest challenge to guard against. New technologies that actively protect against Zero-day threats need to be developed by vendors.

THANK YOU 