CS 492/592: Malware. Motivation Q: How can I tell if the software I'm running is malicious?

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Thank you to IT Training at Indiana University Computer Malware.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network
CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Issues Raised by ICT.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
With Microsoft Windows 7© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Windows 7.
Computer damage. The dangers Computer programs can get onto your computer and cause damage Junk s (called spam) and junk instant messages (called.
Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Data Security.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.
Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Types of Electronic Infection
Return to the PC Security web page Lesson 5: Dealing with Malware.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
CS 510 : Malicious Code and Forensics. About the course Syllabus at
Topic 5: Basic Security.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
Malicious Software.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Computer Skills and Applications Computer Security.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Understand Malware LESSON Security Fundamentals.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
Malware Fighting Spyware, Viruses, and Malware Ch 1 -3.
Any criminal action perpetrated primarily through the use of a computer.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Internet Safety Topic 2 Malware Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other dangerous software exists, such.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Botnets A collection of compromised machines
CS 492/592: Malware
What they are and how to protect against them
3.6 Fundamentals of cyber security
IT Security  .
Level 2 Diploma Unit 11 IT Security
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
Botnets A collection of compromised machines
Level 2 Diploma Unit 11 IT Security
Computer Applications Unit B
CS 492/592: Malware (Reverse Engineering)
Chapter 2. Malware Analysis in VMs
Presentation transcript:

CS 492/592: Malware

Motivation Q: How can I tell if the software I'm running is malicious?

Syllabus Accomplishment-based evaluation – Go at your own pace – Labs per chapter Done in-class – Per-student homework Finish them all to complete the course Submit answers via D2L quizzes – Final project Create your own CTF challenge

Ethics Explore only on your own systems or places you have permission to Do not break or break into other people's machines

What is malware? Set of instructions that run on your computer and make your system do something that an attacker wants it to do  Delete files to render your computer inoperable  Infect other systems (worms, viruses)‏  Monitor activity (webcams, keystroke loggers)‏  Gather information on you, your habits, web sites you visit  Provide unauthorized access (trojans, backdoors)‏  Steal files (credit card data)‏  Store illicit files (copyrighted material)‏  Send spam or attack other systems  Stepping stone to launder activity (frame you for a crime)‏  Hide activity (rootkits)‏

Why is it so prevalent? Unprecedented connectivity Vulnerable users Homogenous software and hardware Focus on time to market Data and instruction mixing Mature malicious software industry

Data vs. code Data is information that your CPU acts on Code tells your CPU to take action (danger!)‏ To a computer, what’s the difference between code and data? …. Not much * Data & code are intermixed these days  ELF,.exe,.html,.doc ….  Adds flexibility (.doc), features (.html), and efficiency (.js)

Types of malware Viruses and worms  Self-replicating code spread manually or automatically Web-based exploits  Code automatically downloaded via the web Botnets  Collections of computers under the control of an adversary Backdoors  Code that bypasses normal security controls to provide continued access to an adversary Trojans, launchers  Code that appears legitimate, but performs an unauthorized action

Types of malware Rootkits  Tools to hide the presence of an adversary Spyware, information stealing  Code that collects credentials and behavior of legitimate users Scareware, Adware, Ransomware  Code that tricks users out of their money or time

Entrance exam In order to analyze what code does, one must understand how software works Pre-requisites for the course – Mastery of topics in CS 201 and CS 333 – If you can not pass this exam, you will not be able to continue

Your environment Vanilla Windows 7 Professional VM image located on MCECS file server /stash/cs492/class/492_dist.ova All software from book installed Not registered Tasks Create a directory for yourself locally at /disk/trump/cs492 Goto File=>Preferences and set “Default Machine Folder” to /disk/trump/cs492/class/ Import VM into your own VirtualBox directory (virtualbox) Goto File=>Import Appliance and select path to 492_dist.ova Allocate 2GB to your machine’s memory Re-initialize MAC address so each of your VMs is unique Register your Windows 7 Pro installation (we will assign you a key) Change the name of your machine to your OdinID If you miss class, screenshots of lab work which show your machine name can be used Must be sent prior to next class Migration Create a directory for yourself at /stash/cs492/class/ Rsync your VM in /disk/trump over to /stash Run virtualbox Goto File=>Preferences and set “Default Machine Folder” to /stash/cs492/class/ Contact if you are not in the “vagrant” group

Installed software on your VM Install Win7 32-bit instance with VirtualBox Guest Additions CD Install cygwin with sharutils, binutils, zip/unzip, and nc Install WinRAR or cygwin p7zip Install Sysinternals tools (Process Explorer, Process Monitor) (technet.microsoft.com) Install PEView (wjradburn.com) Install Resource Hacker (angusj.com) Install Dependency Walker (dependencywalker.com) Install IDA Pro 5.0 Freeware (hex-rays.com) Install Wireshark (wireshark.org) Install Apate DNS (mandiant.com) Install OllyDbg 1.10 (ollydbg.de) and its Phant0m plug-in (woodmann.com) Install WinHex (winhex.com) Install PEiD (softpedia.com) <= CAUTION, it is a zip file not an installer Install UPX (upx.sourceforge.net) Install Regshot (code.google.com/p/regshot/) Install labs from textbook (practicalmalwareanalysis.com) Encrypted zipfile (password: malware) Will set off Windows defender alarms Make two copies, a working one and a read-only one

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.