Proof-Of-Concept: Signature Based Malware Detection for Websites and Domain Administrators - Anant Kochhar.

Slides:



Advertisements
Similar presentations
Implementing Tableau Server in an Enterprise Environment
Advertisements

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
The Threat Landscape Jan Threat Report 2.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
1 Anti Virus System i-Specific Anti-Virus Product.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Cyber X-Force-SMS alert system for threats.
By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Web Based Attacks SymantecDefense Fantastic Four Casey Ford Mike Lombardo Ragnar Olson Maninder Singh.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
SiteLock Internet Security: Big Threats for Small Business.
Static VS Dynamic websites. 1-What are the advantages and disadvantages? 2- Which one should you choose and why?
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Norman SecureSurf Protect your users when surfing the Internet.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Data Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
DBS Form 6 As Computer Applications Project Spy ware By L6D Wong Chiu Hung.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.
Troubleshooting Windows Vista Security Chapter 4.
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Security at NCAR David Mitchell February 20th, 2007.
Return to the PC Security web page Lesson 5: Dealing with Malware.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer Skills and Applications Computer Security.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Myrtle Entertainment System Scanner How to work your way to installing a program via Myrtle Entertainment System Scanner.
Cybersecurity Test Review Introduction to Digital Technology.
Foundation year Lec.4: Lec.4: Communication Software Internet & Security Lecturer: Dalia Mirghani Year : 2014/2015.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Internet Safety Topic 2 Malware Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other dangerous software exists, such.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Final Project: Advanced Security Blade IPS and DLP blades.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
How To Remove Flooders?-Get Help Website:
Anti Virus System i-Specific Anti-Virus Product
Chapter 7: Identifying Advanced Attacks
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Risk of the Internet At Home
Information Security Session October 24, 2005
Chap 10 Malicious Software.
Viruses and Virus Protection
Watchdog Anti malware is reliable application and a multi engine scanner, which can detect various malicious files, worms, malware and other online threats.
Computer Security.
Chap 10 Malicious Software.
IASP 470 PROJECT PROPOSAL MALWARE DETECTION
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
Presentation transcript:

Proof-Of-Concept: Signature Based Malware Detection for Websites and Domain Administrators - Anant Kochhar

2 Malware /`mæl.weə( ɹ )/ SoftwareSoftware developed for the purpose of causing harm to a computer system and its users. Back Door, Key Logger, Botnet Zombie

3

4 Know them, “Trust” them

5 Drive-By Downloads AKA IFRAME and Script Injections

6

7

8

9 First Wave: Mass SQL Injection First noticed in late Tool based. Identified vulnerable pages across the internet using search engines. Sprayed them with SQL injection payloads- Inserted script injections indiscriminately in all database columns Infected data was reflected in dynamic pages

10 Payload Source:

11 Affected Page With Rubbish Data

12 Source: compromises websites/article/100497/ Source: sites/article/159445/

13 Bulk of the spread: Self Propagation Inserts IFrame/ Script injections in all web pages in the victim’s machine If victim = website admin, all his websites will be updated with infected pages. Or steals FTP passwords from victims’ computer and updates the pages directly on the web server.

14.abc.xyz SportsFashionCollegeMovies

15

16 PC Based Security for Malwares Source:

17.abc.xyz SportsFashionCollegeMovies

18

19

20 Prevention… “Process”. Use linux-based dedicated machines for website administration. But even the best process cannot be 100% effective because…

21 Indirect Risks: The Legitimate can also becomes Dangerous All internal and external users of the “clean” site A are also at risk now.

22 Accept the risk… the Alternative: Fast Detection and Quick Remedy 1.Contain the spread of infection. 2.Protect reputation of the website.

23 Detection Part 1: Detect ALL External Sites Linking from your websites

24 2 Methods Internal Scans- Scanners that reside in the web server and scan all web pages for external links. External Scans- Crawlers, not residing in the web server, that will scan all pages from the internet.

25 Internal Scans Pros Will be exhaustive and will scan pages behind authentication. Cons Will affect web server performance and can even crash the server.

26 External Scans Pros Can be run as often as possible. Has virtually no affect on the web server. Cons Will depend on network conditions. Breadth and the Depth of the scan may not be exhaustive.

27 The Scanner Must: Detect and list all external sites in a website. Ideally NOT visit any external websites Because it may put the system at risk.

28 Detection Part 2: Detecting malware spreading sites in the list of external sites.

29 Behavior Analysis Detection Model Visit the external site Download suspected malware Analyze it And determine if it is malware or not.

30 fashion. abc.xyz efg.xyz Iframe redirection Malware Legitimate Dynamic Scan

31 Behavior Analysis Expensive- requires a dedicated setup. Slow- takes time to analyze all codes downloaded from external websites. Newer malwares are designed to fool it- delayed activation etc. Will not detect infected ‘site B’

32 Signature Based Detection Model Downloads signatures of malware infected sites. Compares the list of external sites to the signatures.

33 Multi Sourced Signatures List of external sites. Positive Matches

34 Signature Based Cheap- can be done on any machine. Several “freely” available sources of signatures. Fast- comparison takes a fraction of the time. Safe- malware is not downloaded on the machine. Will detect infected ‘site B’.

35 Final Model External Scanner/ crawler that will continuously scan the entire domain for external sites. At least 2 sources of signatures. Update as frequently as possible.

36 Ideally… Crawl time > Signature update time. On every signature update, the list of external site from (n- 1)th crawl should be used for full comparison.

37 On A Positive Match Immediately remove the malware site link from the infected page. Run AV and malware detection scans on the affected server. Or quarantine suspected computers… Change FTP password.

38 Multi Sourced Signatures List of external sites. Positive Matches Continuous Crawl Compare

39 Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.