Why you should never use the internet. Overview  The Situation  Infiltration  Characteristics  Techniques  Detection  Prevention.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
By Hiranmayi Pai Neeraj Jain
Operating System Security : David Phillips A Study of Windows Rootkits.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
How an attacker can maintain control over their victim’s system without being discovered.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Windows Security and Rootkits Mike Willard January 2007.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Security for Seniors SeniorNet Help Desk
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
Malware Fighting Spyware, Viruses, and Malware Ch 4.
Spyware Sue Scott Technology Librarian. What is Spyware Malware – (Malicious Software) A general term to encompass unwanted software on a personal computer.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
IT security By Tilly Gerlack.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Rootkits in Windows XP  What they are and how they work.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
CAP6135: Malware and Software Vulnerability Analysis Rootkits Cliff Zou Spring 2012.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Rootkits What are they? What do they do? Where do they come from?
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Internet safety By Suman Nazir
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
W elcome to our Presentation. Presentation Topic Virus.
Lecture 7 Rootkits Hoglund/Butler (Chapter 5-6). Avoiding detection Two ways rootkits can avoid detection –Modify execution path of operating system to.
Spyware, Adware & Malware JEEP HOBSON JEEP HOBSON ITE-130 ITE-130 SPRING 2007 SPRING 2007.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.
COMPUTER VIRUSES By James Robins. THE IMPACT OF VIRUSES By James 2.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Computer Security Keeping you and your computer safe in the digital world.
7 Tips To Improve Your Website Security. Introduction Use of Content management systems like WordPress, Joomla & Drupal, utilization of various tools,
Get rid of SaveNShop ads infections
Joseph J. Malone Security for Seniors Joseph J. Malone
Malware Reverse Engineering Process
3.6 Fundamentals of cyber security
A+ Guide to Managing and Maintaining Your PC, 7e
Malware Reverse Engineering Process
Network security threats
Protect Your Computer Against Harmful Attacks!
Malware CJ
Computer Security.
Presentation transcript:

Why you should never use the internet

Overview  The Situation  Infiltration  Characteristics  Techniques  Detection  Prevention

The Situation: Shit Just Got Real  The players and the game has changed Criminal organizations* Governments**  Profit/Politically driven Cyber weapons FBI vs Coreflood  Professionally developed User manuals MaaS *may or may not be organized ** may or may not be criminals

Infiltration  Legitimate (compromised) hosts Direct: Wordpress hacked Indirect: Advertisements  Exploit Packs  Search Engine Optimization hacks Breaking news Celebrities (Snookie causes infections)  Social Facebook, Twitter, etc

Characteristics (the lines have blurred)  Virus  Trojan/Backdoor  Rootkit  Scam/Scareware/Randsomware  Password stealers  Worms

Techniques  API Hooking  Run-time Patching  Boot sector modification  Browser Content replacement

API Hooking  Allows malware to intercept Windows API calls  Can be done in user or kernel space, but in kernel space it’s much more powerful

API Hooking Program KERNEL MODE USER MODE DeleteFile[A|W] NtDeleteFile ZwDeleteFile System Service Descriptor Table SSDT

API Hooking: Example Program KERNEL MODE USER MODE DeleteFile[A|W] NtDeleteFile ZwDeleteFile System Service Descriptor Table SSDT fakeDelete

API Hooking  Allows rootkits to do a lot of nasty things Hide processes/files Hide networking (to a degree) Basically take over your system  Fairly straightforward to implement  However, it is easy to detect

Run-time Patching  Replaces API calls with your own by patching the API routine itself  Can achieve the same goals as API hooking, but harder to detect

Run-time Patching: Example Target Code

Run-time Patching: Example Detour JumpMalicious Code Target Code Jump Back

Run-time Patching  Very tricky to implement  Harder to detect You have to scan the memory space If it’s not permanent, an offline analysis isn’t very helpful

Boot Sector Modification  Changes boot sector code to load an alternative boot loader  This boot loader can change the way Windows boots, including disabling checks and protections  Can be difficult to remove (and detect)

Browser Content Replacement  Allows the malware to modify what you see and send in your web browser  Can replace forms, POST data, POST locations, hide data…  “View Source” does nothing: modifications are done in memory  HTTPS is not relevant

Browser Content Replacement: Zeus botnet  From the user manual: “Intercepting HTTP/HTTPS-requests from wininet.dll (Internet Explorer, Maxton, etc.), nspr4.dll (Mozilla Firefox) libraries: 1. Modification of the loaded pages content (HTTP-inject). 2. Transparent pages redirect (HTTP-fake). 3. Getting out of the page content the right pieces of data (for example the bank account balance). 4. Temporary blocking HTTP-injects and HTTP-fakes. 5. Temporary blocking access to a certain URL. 6. Blocking logging requests for specific URL. 7. Forcing logging of all GET requests for specific URL. 8. Creating a snapshot of the screen around the mouse cursor during the click of buttons. 9. Getting session cookies and blocking user access to specific URL.”

Detection  AV (loosing race)  Monitor outbound communications TCPView Netstat Border monitoring Outbound watching IDS (snort)  System Internals TCPView Procmon RootKitRevealer

Detection: GMER  Rootkit detector  Detects: Hidden processes, hidden files, hidden DLLs, hidden registry keys, hidden* SSDT, IAT, EAT hooks MBR modification Suspicious drivers …lots more

Detection: GMER

Prevention  Update software (not just Windows)  Windows 7 (x64)  EMET  Uninstall Adobe Reader  Chrome/Firefox  VMs/Linux/OSX

Further Information  Blogs F-secure: Sophos: Inreverse:  Online tools Virus Total: Anubis:  Samples: Malware domain list: Offensive Security:

LayerOne  Hacker con at the Anaheim Marriott  May  Hardware Hacking, Lockpicking, Contests  $100 online, $140 at the door

References  2010 Websense Threat Report: report-2010-introduction.aspx?cmpid=prbloghttp:// report-2010-introduction.aspx?cmpid=prblog  Verizon 2011 Data Breach Investigations Report: investigations-report- 2011_en_xg.pdf?&src=/worldwide/resources/index.xml&id= investigations-report- 2011_en_xg.pdf?&src=/worldwide/resources/index.xml&id  Microsoft Security Intelligence Report v10:  Book: “The Rootkit Arsenal”, by Reverend Bill Blunden  Book: “Malware Analyst’s Cookbook”, by M. Ligh, S. Adair, B. Hartstein, M. Richard  Book: “Reversing: Secrets of Reverse Engineering”, by Eldad Eilam  MSDN Documentation:

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.