Open Malicious Source Symantec Security Response Kaoru Hayashi.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

By Hiranmayi Pai Neeraj Jain
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Computer Viruses.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Enterprise Network Security Accessing the WAN Lecture week 4.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Unit 2 - Hardware Computer Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Spyware, Viruses and Malware What the fuss is all about.
How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.
A N I NSIDE L OOK AT B OTNETS ARO-DHS S PECIAL W ORKSHOP ON M ALWARE D ETECTION, 2005 Written By: Paul Barford and Vinod Yegneswaran University of Wisconsin,
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.
Automated Classification and Analysis of Internet Malware M. Bailey J. Oberheide J. Andersen Z. M. Mao F. Jahanian J. Nazario RAID 2007 Presented by Mike.
An accurate understanding of on-going malware prevalence Jason Garms Architect & Group PM Anti-Malware Technology Team Microsoft Corporation
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.
Small Business Security Keith Slagle April 24, 2007.
Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.
BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Malicious Software.
Computer Skills and Applications Computer Security.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
MyDoom ☉ Ian Axelrod ☉ Chris Mungol ☉ Antonio Silva ☉ Joshua Sole ☉ Somnath Banerjee Group 5 CS4235/8803.
Big Bad Botnet Day! Xeno Kovah In association with the Corporation for Public Botcasting, and Viewers Like You! Xeno Kovah In association with the Corporation.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Understand Malware LESSON Security Fundamentals.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems Design and Development Security Risks Computing Science.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Internet Quarantine: Requirements for Containing Self-Propagating Code
Protection Against Rootkits “Defense In Depth”
Secure Software Confidentiality Integrity Data Security Authentication
Various Types of Malware
Viruses and Other Malicious Content
Test 3 review FTP & Cybersecurity
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
Presentation transcript:

Open Malicious Source Symantec Security Response Kaoru Hayashi

Agenda  What is Open Malicious Source  Characteristics  Protection  Conclusion

What is Open Malicious Source  Open Source qualities –Free redistribution –Ready access to source code –Modifiable by anyone –Designed for evolution  For malicious purposes

For example…  Beagle, Mydoom, Netsky and Sasser –Not open malicious source –Created by an author, closed group, or individuals who can obtain source code  Gaobot, Randex and Spybot –Open malicious source –Source codes are distributed widely –Updated / released by many

Is this topic new?  NO, but …  Programs developed from open malicious source are on the rise  Impact is intensifying

Number of Submissions: Worms

Number of Submissions: Worms from open malicious source

Number of new variants: Worms

Number of new variants: Worms from open malicious source

Characteristics  Easy to create  Purpose-oriented  Difficult to recognize

Characteristics: Easy to create  Easy to obtain from the Internet –Whole project files –New codes, samples,or tools –Free compiler  No special knowledge, tool, or code required  A wide range of people are creating their own bot

Characteristics: Easy to create Easy to obtain

Characteristics: Easy to create Sample: Spybot

Case: Spybot W32.Spybot.A  Discovered on 2003/04/16  Backdoor –Based on backdoor “Sdbot” –Supports 22 commands including:  Key logging  Killing processes  Stealing cached password  DoS attacks  Worm –Copies itself to C$, ADMIN$, and IPC$ shares –Dictionary attack (17 keywords)  , admin, root, server…. –Schedules a job to run Worm Backdoor

Case: Spybot W32.Spybot.DNC  Discovered on 2004/09/13 as the 3071 st variant  Backdoor –Supports over 90 commands including:  Upload / Download / Execute files  Run as HTTP server / SOCKS4 proxy  Steal 42 Game CD-KEYs  Access CMD.exe  Sniff packets  Access Web Camera Worm Backdoor Additional Code

Case: Spybot W32.Spybot.DNC  Worm –Dictionary attack  139 keywords per password –Uses other worms or Trojans  Beagle, Mydoom, Optix, Sub7, NetDevil Worm Additional Code Backdoor Additional Code

Case: Spybot W32.Spybot.DNC  Vulnerability Attack –MS (UPnP) –MS (SQL) –MS (WebDAV) –MS (DCOM RPC) –MS (Workstation) –MS (LSASS)  Packed with Runtime Packer Worm Additional Code Backdoor Additional Code Vulnerability Attack Polymorphic / Packer

Case: Randex and Gaobot Worm W32.Randex (discovered on 2003/06/04) Worm Backdoor W32.Gaobot (discovered on 2002/10/22) Worm Backdoor Vulnerability Attack Polymorphic / Packer Over 1600 variants Worm Backdoor Vulnerability Attack Polymorphic / Packer Over 1600 variants

Case: Randex, Gaobot and Spybot  Now they look very similar –Backdoor layer usually based on “Sdbot” –Same codes / concepts implemented in each layer –Further similar worms / backdoors exist: i.e., Kwbot, IRCBot Worm Backdoor Vulnerability Attack Polymorphic / Packer Worm Backdoor Vulnerability Attack Polymorphic / Packer Worm Backdoor Vulnerability Attack Polymorphic / Packer

Characteristics: Easy to create By a lot of people May: Gaobot author arrested in Germany May: Randex author arrested in Canada June, July, August: New variants created

Characteristics: Purpose  Not only for fun –Propagation –Proof of concept  For profit –Information theft –System control –DDoS zombies –Financial gain

Characteristics: Purpose  –Propagation  Mass mailing  P2P or share networks –Payload  Removes Beagle, Mydoom, Deadhat, and Welchia worms  W32.Gaobot.BIA –Propagation  Dictionary attack  Vulnerability attack –Payload  Logs keystrokes  Sniffs packets  Steals CD-KEYs  Steals cached password  Obtains system / network information  Gains full system control  SOCKS proxy  DDoS attack  and more….

Characteristics: Difficult to recognize  Slow and limited propagation –Differs from mass mailers, Blaster, and Code Red –Little public interest  Automatic copy / execution on remote computers - By using a scheduler or by exploiting vulnerabilities  Many new variants released over a short time period –Over 600 variants a month  New variants are target-specific –You may be the only infected one, worldwide.

How to stop  Stopping the development of new threats is almost impossible –Source codes are distributed widely –Authors are located around the globe –New codes, samples, and tools are released every day

How to protect  Anti-virus tools –Definitions, Heuristics, Behavior blocking ….  Firewall  IDS  Patch management  Password management  Security policy  Learning, Studying, Educating … Nothing new, nothing special. But we know maintaining all is not easy.

Conclusion  Malicious source is distributed widely  A lot of people are creating their own bot  Sharing source code results in more powerful threats  Main purpose is profit  No magic trick to secure protection

Thank You! Kaoru Hayashi