Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Slides:



Advertisements
Similar presentations
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
Advertisements

Chapter 14 Computer Security Threats
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Lecture 14 Malicious Software (cont) modified from slides of Lawrie Brown.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 14 Computer Security Threats
Threats To A Computer Network
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Windows Malware: Detection And Removal TechBytes Tim Ramsey.
LittleOrange Internet Security an Endpoint Security Appliance.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Quiz Review.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Introduction to Honeypot, Botnet, and Security Measurement
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.
Hacker Zombie Computer Reflectors Target.
Lecture 10 Malicious Software modified from slides of Lawrie Brown.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.
1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.
Host and Application Security Lesson 17: Botnets.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Malicious Software.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Computer Security Keeping you and your computer safe in the digital world.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Botnets A collection of compromised machines
Lecture 8. Cyber Security, Ethics and Trust
Information Security 101 Richard Davis, Rob Laltrello.
Botnets A collection of compromised machines
NET 311 Information Security
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Malicious Software Slide Set #5 Textbook Chapter 6 Clicker Questions
Cybersecurity Simplified: Phishing
Presentation transcript:

Week 10-11c Attacks and Malware III

Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and activates itself worm propagates itself and activates itself bot is initially controlled from some central facility bot is initially controlled from some central facility typical means of implementing the remote control facility is on an IRC server typical means of implementing the remote control facility is on an IRC server bots join a specific channel on this server and treat incoming messages as commands bots join a specific channel on this server and treat incoming messages as commands more recent botnets use covert communication channels via protocols such as HTTP more recent botnets use covert communication channels via protocols such as HTTP distributed control mechanisms use peer-to-peer protocols to avoid a single point of failure distributed control mechanisms use peer-to-peer protocols to avoid a single point of failure

Payload – Information Theft Keyloggers and Spyware keylogger captures keystrokes to allow attacker to monitor sensitive information typically uses some form of filtering mechanism that only returns information close to keywords (“login”, “password”) spyware subverts the compromised machine to allow monitoring of a wide range of activity on the system monitoring history and content of browsing activity redirecting certain Web page requests to fake sites dynamically modifying data exchanged between the browser and certain Web sites of interest

Payload – Information Theft Phishing exploits social engineering to leverage the user’s trust by masquerading as communication from a trusted source exploits social engineering to leverage the user’s trust by masquerading as communication from a trusted source include a URL in a spam e- mail that links to a fake Web site that mimics the login page of a banking, gaming, or similar site include a URL in a spam e- mail that links to a fake Web site that mimics the login page of a banking, gaming, or similar site suggests that urgent action is required by the user to authenticate their account suggests that urgent action is required by the user to authenticate their account attacker exploits the account using the captured credentials attacker exploits the account using the captured credentials spear-phishing spear-phishing recipients are carefully researched by the attacker recipients are carefully researched by the attacker is crafted to specifically suit its recipient, often quoting a range of information to convince them of its authenticity is crafted to specifically suit its recipient, often quoting a range of information to convince them of its authenticity

Payload – Stealthing Backdoor also known as a trapdoor also known as a trapdoor secret entry point into a program allowing the attacker to gain access and bypass the security access procedures secret entry point into a program allowing the attacker to gain access and bypass the security access procedures maintenance hook is a backdoor used by programmers to debug and test programs maintenance hook is a backdoor used by programmers to debug and test programs difficult to implement operating system controls for backdoors in applications difficult to implement operating system controls for backdoors in applications

Payload - Stealthing Rootkit set of hidden programs installed on a system to maintain covert access to that system set of hidden programs installed on a system to maintain covert access to that system hides by subverting the mechanisms that monitor and report on the processes, files, and registries on a computer hides by subverting the mechanisms that monitor and report on the processes, files, and registries on a computer gives administrator (or root) privileges to attacker gives administrator (or root) privileges to attacker – can add or change programs and files, monitor processes, send and receive network traffic, and get backdoor access on demand

Rootkit Classification Characteristics persistent memory based user mode kernel mode virtual machine based external mode

System Call Table Modification

Malware Countermeasure Approaches ideal solution to the threat of malware is prevention ideal solution to the threat of malware is prevention if prevention fails, technical mechanisms can be used to support the following threat mitigation options: if prevention fails, technical mechanisms can be used to support the following threat mitigation options: detection detection identification identification removal removal policy awareness vulnerability mitigation threat mitigation four main elements of prevention:

Generations of Anti-Virus Software first generation: simple scanners requires a malware signature to identify the malware limited to the detection of known malware second generation: heuristic scanners uses heuristic rules to search for probable malware instances another approach is integrity checking third generation: activity traps memory-resident programs that identify malware by its actions rather than its structure in an infected program fourth generation: full-featured protection packages consisting of a variety of anti-virus techniques used in conjunction include scanning and activity trap components and access control capability