Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 492/592: Malware http://thefengs.com/wuchang/courses/cs492.

Published by泱 吉 Modified over 6 years ago

Similar presentations

Presentation on theme: "CS 492/592: Malware http://thefengs.com/wuchang/courses/cs492."— Presentation transcript:

1 CS 492/592: Malware

2 Syllabus

3 Motivation How can I tell what the software I'm running is doing?
A useful skill to have

4 Example #1: FBI Playpen 8/2014

5 Example #2: Stuxnet

6 Example #3: Shellshock

7 What is malware? Set of instructions that run on your computer and make your system do something that an attacker wants it to do

8 Why is it so prevalent? Unprecedented connectivity Vulnerable users
Homogenous software and hardware Focus on time to market Mature malicious software industry Data and instruction mixing (see next)

9 Data vs. code Data is information that your CPU acts on
Code tells your CPU to take action (danger!)‏ To a computer, what’s the difference between code and data? …. Not much * Data & code are intermixed these days ELF, .exe, .html, .doc …. Adds flexibility (.doc), features (.html), and efficiency (.js)

10 Types of malware Viruses and worms Botnets Backdoors
Self-replicating code that infects other systems manually or automatically Botnets Software that puts your computer under the remote control of an adversary to send spam or attack other systems Backdoors Code that bypasses normal security controls to provide continued, unauthorized access to an adversary Trojans, launchers Code that appears legitimate, but performs an unauthorized action

11 Types of malware Rootkits Information theft Ransomware
Tools to hide the presence of an adversary Information theft Collects credentials (e.g. keystroke loggers) Steal files (credit card data exfiltration) Gather information on you, your habits, web sites you visit (e.g. spyware) Monitor activity (webcams) Ransomware Code that renders your computer or data inaccessable until payment received

12 Types of malware Resource or identity theft Scareware Adware
Store illicit files (copyrighted material) Stepping stone to launder activity (frame you for a crime)‏ Scareware Code that tricks users into buying products they do not need Adware Code that tricks users into clicking illegitimate advertisements Drive-by downloads Code automatically downloaded via the web

13 This course Learn tools and techniques to analyze what malicious software does

14 Ethics Explore only on your own systems or places you have permission to Do not break or break into other people's machines

15 But first… Course assumes an understanding of how software executes on a system Pre-requisites for the course Mastery of topics in CS 201 and CS 333 If you can not pass this exam, you will not be able to continue

16 Entrance exam Short test to ensure you have what you need to succeed in the course If you can not pass this exam, I will contact you with a recommendation that you find an alternate course Open slots in course will be offered to those on the waitlist who are best prepared for the course (based on exam results) 20 minutes

17 VM for course See handout Vanilla Windows XP VM image located on MCECS file server /stash/cs492/492_WinXP_x86.ova All software from book installed Contact if you are not in the “vagrant” group

18 Installed software on your VM
Install WinXP 32-bit instance with VirtualBox Guest Additions CD Install cygwin with sharutils, binutils, zip/unzip, and nc Install WinRAR or cygwin p7zip Install Sysinternals tools (Process Explorer, Process Monitor) (technet.microsoft.com) Install PEView (wjradburn.com) Install Resource Hacker (angusj.com) Install Dependency Walker (dependencywalker.com) Install IDA Pro 5.0 Freeware (hex-rays.com) Install Wireshark (wireshark.org) Install Apate DNS (mandiant.com) Install OllyDbg 1.10 (ollydbg.de) and its Phant0m plug-in (woodmann.com) Install WinHex (winhex.com) Install PEiD (softpedia.com) <= CAUTION, it is a zip file not an installer Install UPX (upx.sourceforge.net) Install Regshot (code.google.com/p/regshot/) Install labs from textbook (practicalmalwareanalysis.com) Encrypted zipfile (password: malware) Will set off Windows defender alarms Make two copies, a working one and a read-only one

Download ppt "CS 492/592: Malware http://thefengs.com/wuchang/courses/cs492."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
Computer Viruses.

Computer Viruses.
Threats To A Computer Network

Threats To A Computer Network
CS 450 - Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Issues Raised by ICT.

Issues Raised by ICT.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk
Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.

Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.

COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.

Similar presentations

Ads by Google