The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (www.symantec.com)www.symantec.com

Slides:



Advertisements
Similar presentations
Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Advertisements

Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY.
Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.
By Hiranmayi Pai Neeraj Jain
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
7 Effective Habits when using the Internet Philip O’Kane 1.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
April 18, Updates Reminders Other Services.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Server-Side vs. Client-Side Scripting Languages
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
SUPPLIER REGISTRATION USER GUIDE
Chapter Nine Maintaining a Computer Part III: Malware.
Drivers & Installation. In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Cyber Patriot Training
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
Cyber Crime Tanmay S Dikshit.
Functions of V-ing. V-ing functions are …  Progressive sentences  Subject  Object of Verb  After Preposition  Adjective  Deletion of Repetition.
Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Introduction of Internet security Sui Wang IS300.
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.
Here you are at your computer, but you don’t have internet connections. Your ISP becomes your link to the internet. In order to get access you need to.
Created by Bonnie Smith SimNet Registration and Overview Created for Fresno City College CIT 12 – Computer Literacy Students.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Advertising 1 *The red circles show the position of the keyframes on the timeline. What are banner and pop-up advertisements? 1 Answer Banner and pop-up.
Chapter 1 Getting Started With Dreamweaver. Exploring the Dreamweaver Workspace The Dreamweaver workspace is where you can find all the tools to create.
Welcome to the Logging into the NCIR lesson for the North Carolina Immunization Branch.
Social Engineering © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Viruses. Learning Objectives: At the end of this lesson you should be able to:
Stuxnet.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
MyHealthClass Student Registration. Getting Started with MyHealthClass With MyHealthClass you will have access to: Flashcards, StudentBody101 self-assessment.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.
Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.
By: Chuqing He. Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide.
Social Engineering Brock’s Cyber Security Awareness Committee
Assess Survey Invitations
Some Common Terms The Internet is a network of computers spanning the globe. It is also called the World Wide Web. World Wide Web It is a collection of.
Cross-Site Request Forgeries: Exploitation and Prevention
Cybersecurity Awareness
European Championships 2017
Chap 10 Malicious Software.
Chap 10 Malicious Software.
HOW TO REVIEW A SINGLE CREDIT CARD TRANSACTION IN PAYMENTNET
Phishing 101.
Presentation transcript:

The Elderwood Project Brian Bowlby CompNet

Review of material on Symantec website ( prise/media/security_response/whitepapers/th e-elderwood-project.pdf elderwood-platform-fueling-2014-s-zero-day- attacks

What is the Elderwood Project (also called the Elderwood Platform)? A set of zero-day exploits that have been engineered and packaged in a “consumer-friendly” way to allow non-technical people to easily attack their targets. Name Elderwood comes from source code variable used by the attackers

What are zero-day exploits? Exploits that exist in the initial release of a software package Often unknown to the programmer(s) May be known, but too expensive or time consuming to correct Generally, serious vulnerabilities are rare (8 identified in 2011)

Which zero-day exploits are included? Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE ) Adobe Flash Player Remote Code Execution Vulnerability(CVE ) Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE ) Microsoft XML Core Services Remote Code Execution Vulnerability(CVE )

Newer packages include exploits of these vulnerabilities Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability (CVE ) Microsoft Internet Explorer Memory Corruption Vulnerability (CVE ) Adobe Flash Player and AIR Remote Code Execution Vulnerability (CVE )

How are these vulnerabilities exploited? Two methods for propagating their payload – Spear-phishing Attach an infected document in an message – Watering hole attack Visitors of a web site are infected

A third possibility – a combination of the above Send target user an with a link to an infected website Link can be unique for that user

Who is Behind Elderwood? High degree of technical sophistication – able to exploit many different vulnerabilities Once packaged, less technical groups can mount actual attacks – perhaps different group for each target Attacks are targeted – no mass campaigns Attackers are patient – may lie in wait for several months before adding malicious code

Components of Elderwood

Targets Defense – Companies that manufacture components for top-tier defense contractors NGOs and human rights groups (Amnesty International) Finance, Energy, Education and Government

Recent Timeline of Elderwood Attacks

Groups using the Elderwood Platform

Takeaway Lessons Apply the latest patches/updates to your software Don’t open attachments unless you’re sure of the source Be careful when clicking on links in messages Check that URL matches “printed” one

Thanks / Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.