MyDoom ☉ Ian Axelrod ☉ Chris Mungol ☉ Antonio Silva ☉ Joshua Sole ☉ Somnath Banerjee ---------------------------------------------- Group 5 CS4235/8803.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Thank you to IT Training at Indiana University Computer Malware.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Computer Viruses and Worms Dragan Lojpur Zhu Fang.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Video Following is a video of what can happen if you don’t update your security settings! security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Unit 2 - Hardware Computer Security.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware Fighting Spyware, Viruses, and Malware Ch 4.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

 a crime committed on a computer network, esp. the Internet.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

MyDoom By: Philippe Bissohong. Background ► MyDoom  Novarg, Mimail.R and Shimgapi ► Computer worm, unlike a virus it attacks a network.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

Information Technology Software. SYSTEM SOFTWARE.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.

By Michael Carlisle CpSc 420 December 6, Worms – A Definition!  Worm – a program that copies itself from one computer to another.

Computer Security! Emma Campbell, 8K VirusesHackingBackups.

Presented by: Maha, Marina and Aleks Viruses,Wormsand Trojans.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Viruses According to Microsoft.com, viruses are “small software programs...that interfere with computer operation” Harm data, spread to others through.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

CONTENTS What is Virus ? Types of computer viruses.

Malicious Software.

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

NetTech Solutions Protecting the Computer Lesson 10.

Open Malicious Source Symantec Security Response Kaoru Hayashi.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

W elcome to our Presentation. Presentation Topic Virus.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Computer virus Done: Aaesha Mohammed ID: H

Software - Utilities Objectives Understand what is meant by utility software and application software Look at common utilities – Security – Disk organisation.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.

By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,

Week-2 (Lecture-1) An electronic message sent from one computer to another. contains account i.e. How does.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.

WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware

Managing Windows Security

What they are and how to protect against them

Computer Virus’s.

Instructor Materials Chapter 7 Network Security

Backdoor Attacks.

Chapter 12: Social Implications of IT

Viruses and Virus Protection

Presentation transcript:

MyDoom ☉ Ian Axelrod ☉ Chris Mungol ☉ Antonio Silva ☉ Joshua Sole ☉ Somnath Banerjee Group 5 CS4235/8803 Spring 2010

What happened? Self propagating based virus (worm) Claimed to be the fasted spreading virus Speculated to have originated in Russia Aliases: Novarg, Mimail.R, Shimgapi First sighted: 26 January 2004 MyDoom.A & MyDoom.B spread to over 1 Million computers in preparation for a DDOS attack on SCO and Microsoft MyDoom.A & MyDoom.B stop spreading Doomjuice appears in backdoors left by MyDoom.A &.B variants of Mydoom attack Google, AltaVista and Lycos

Highlights The MyDoom computer virus knocked out SCO Group's Web site with a massive DOS attack Microsoft was able to thwart an attack on its Windows Update site by eliminating the specific Web address the MSBlast worm targeted. The software maker killed off the site's previous address. The White House stymied a denial-of-service attack aimed at its Web site by diverting a deluge of data, sent by systems infected with the worm, to a different address.

Technical Information (Analysis) When Win32/Mydoom worm is executed, it copies itself to the %system% or %temp% directory. The worm also creates a registry value in one of the following keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ru n HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run This value causes the worm to start when Windows is started. Win32/Mydoom creates a backdoor Trojan in %system% or %windows% directory. The backdoor Trojan allows unauthorized access to the infected system. The worm may load and execute the backdoor Trojan. The worm may modify the default values of the some registry keys to reference the backdoor Trojan; this causes Explorer.exe to load and execute the Trojan when the system restarts.

Technical Information (Analysis) Win32/Mydoom may copy itself to the share folder of the Kazaa P2P application, in order to spread through P2P networks. Win32/Mydoom may copy itself to random directories on an infected system. Win32/Mydoom collects addresses from files on an infected system and sends with an attached copy of the worm to the addresses. This function is the primary propagation method the worm uses.

Symptoms Some variants overwrite the hosts file, which may block access to some Microsoft and antivirus vendor Web sites. The overwritten hosts file may look similar to the screenshot:

Symptoms Some variants create a text file containing random data that looks similar to the screenshot

Impact? At a point the worm was accounting for 20 percent to 30 percent of worldwide traffic Slowed Internet performance by 10% Web-page load time down by 50%

How did it Succeed? Used misleading text Brute force approach by intruding your address book Text icon used Was released in the middle of the North American workday

Aftermath? Sparked new versions Version U, V, W, X, and AO Expensive repurcussions MyDoom 2009 ?

Keeping systems safe from the MyDoom virus System Administrators Users

Filter network traffic- blocking specific inbound and outbound traffic to ports 1080,3128, 80, 8080, If filtering ports are not feasible, try to block all network traffic that is not required for normal operation Symptoms of viruses or specifically the myDoom virus may be found by detecting increased CPU load and/or higher than normal SMTP traffic. Scan s internally for viruses. Use of Mail Transfer Agents (MTAs) to block with W32/MyDoom.B signatures Disable automatic response messages:. Important that responses do not return the infected attachment System Administrator

Users Always trust the end user of any attachment or program received. users should be circumspect of unwarranted attachments and Peer-to-Peer (P2P) users should be wary of.exe files Always run and maintain an antivirus tool or application. Updating antivirus app will guarantee extra security with new strains of viruses. Almost all antivirus vendors offer a MyDoom removal tool. Bottom line: Do not open attachments from users you do not know or trust!

More Info. In Textbook Chapter 3 Section 3.3 Viruses and Other Malicious Code Why worry about malicious code? Difference between virus, worm, and other malevolent programs. The technical aspects of viruses. The first malicious code and it’s implications.

Sources Wikipedia CNET HowStuffWorks.com US-CERT Google images Microsoft.com

Thank You