Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.

Published byCamron Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2."— Presentation transcript:

1 1

2 Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2

3 Malicious Activities Include :  Destroy data.  Run destructive or intrusive programs.  Compromise the security or the confidentiality, integrity, and availability of the victim’s data, applications, or operating system. 3

4 Types Of Threats : 1)Viruses  Compiled Viruses  Interpreted viruses2)Worms  Network Service Worms  Mass mailing Worms 3)Trojan Horses 4

5 Types Of Threats : 4)Malicious Mobile Codes  Mostly Java, ActiveX, JavaScript, and VBScript codes. 5)Blended Attacks  Combination of 1 to 4 6) Attack Tools  Backdoors  Rootkits  Key Loggers  … 5

6 Types Of Threats : 7) Tracking Cookies 8) Non-malware threats  Hoax  Phishing 6

7 Step 1 :Preparation 1) Preparation I. Awareness II. Deployment III. Resources 7 2) Prevention I. Education II. Configuration III. Control

8 Step2: Detection and Analysis  Fast spread of incident so: Rapid Detection is Necessary  Precursors often appear immediately before an incident So: Group must not wait for indications  Most of indications could have causes other than malware 8

9 Step2: Detection and Analysis Precursors and Reactions:  An alert warns of new malicious code.  Research and Block Ways of Entrance  Antivirus software detects and successfully disinfects or quarantines a newly received infected file  Find Reason And Mitigate Vulnerability 9

10 Step2: Detection and Analysis Special Indications of Each Malicious Code  Virus  Changes to templates for word processing documents, spreadsheets, etc.  Deleted, corrupted, or inaccessible files  Unusual items on the screen, such as odd messages and graphics 10

11 Step2: Detection and Analysis Special Indications For Each malicious Code  Worm:  Port scans and failed connection attempts targeted at the vulnerable service  Increased network usage  Trojan:  Network connections between the host and unknown remote systems  Unusual and unexpected ports open 11

12 Step2: Detection and Analysis Special Indications For Each malicious Code  Malicious Mobile Code  To spread Virus, worm,…  Unexpected dialog boxes, requesting permission to do s.th  Unusual graphics, such as overlapping message boxes  To exploit vulnerabilities  Network connections between the host and unknown remote systems  Receiving Hoax Reports  No links to outside sources 12

13 Step3: 1)Containment Strategies  All incident Prevention Activities must be done in order to stop spread of virus  Other Activities :  Notification  Isolation  Change Access rules  Identification of infected hosts is not easy 13

14 Step3: 2)Eradication And Recovery  Some Infected files can not be cleaned  System Restore may be needed  Securing system is the last step 14

15 15

16 Definition : Multiple Component A Multiple Component incident is a single incident that encompasses two or more incidents. 16

17 17 Example:

18 Step 1&2 : Preparation, Detection, Analysis  Conduct exercises reviews scenarios involving multiple component incidents.  Efficient incident analysis:  centralized logging  correlation software. 18

19 Step3: Containment, Eradication, Recovery Approach :  Contain the initial incident and then search for signs of other components  Gauss if incident have other components  Unauthorized access incidents are more likely to have multiple components 19

20 Step3: Containment, Eradication, Recovery Prioritization:  Components must be separately prioritize  Response the most urgent one  Another factor: How current each component is  It may be possible to contain the whole incident by containing just one component 20

21  Computer Security Incident Handling Guide National Institute of Standard and Technology (NIST) U.S  A Step-By-Step Approach on How To Set Up a CSIRT European Network and Information Security Agency (ENISA)  Expectations for Computer Security Incident Response RFC3250  Handbook for Computer Security Incident Response Teams Carnegie Mellon University, 2nd Edition: April 2003  Defining Incident Management Processes for CSIRTs: A Work in Progress Chris Alberts, Audrey Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek, October 2004 21

22 22

Download ppt "1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2."

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Presented by: Melissa Dark CERIAS, Purdue University.

Presented by: Melissa Dark CERIAS, Purdue University.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.

Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.

Similar presentations

Ads by Google