Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Fundamentals

Published byJune Collins Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Security Fundamentals"— Presentation transcript:

1 Computer Security Fundamentals
by Chuck Easttom Chapter 5 Malware part 2

2 Trojan Horses A program that looks benign, but is not
A cute screen saver or apparently useful login box can Download harmful software. Install a key logger . Open a back door for hackers. Example: It is simple for a script kiddy to download a VB script that canmimic a bank’s logon screen. © 2016 Pearson, Inc Chapter 5 Malware

3 Trojan Horses (cont.) Competent programmers can craft a Trojan horse:
To appeal to a certain person or To appeal to a certain demographic Company policy should prohibit unauthorized downloads. Competent programmers can craft a personally appealing Trojan horse or one that would appeal to a certain demographic. Company security policy should prohibit any unauthorized downloads. Odds are that in a freely downloading environment, someone will eventually download a Trojan. This could spread to other hosts on the network. In the form of a logic bomb, deployed by the Trojan, the effect could be devastating. © 2016 Pearson, Inc Chapter 5 Malware

4 Trojan Horses (cont.) Still-valid CERT advisory on Trojan horses
The CERT advisory is old, but the only thing that has changed with Trojans is the creative use of them. No one has come up with a better way of doing it, just different ways of using it. Still-valid CERT advisory on Trojan horses © 2016 Pearson, Inc Chapter 5 Malware

5 Trojan Horses (cont.) Competent programmers can craft a Trojan horse:
To appeal to a certain person or To appeal to a certain demographic Company policy should prohibit unauthorized downloads. Competent programmers can craft a personally appealing Trojan horse or one that would appeal to a certain demographic. Company security policy should prohibit any unauthorized downloads. Odds are that in a freely downloading environment, someone will eventually download a Trojan. This could spread to other hosts on the network. In the form of a logic bomb, deployed by the Trojan, the effect could be devastating. © 2016 Pearson, Inc Chapter 5 Malware

6 The Buffer Overflow Attack
EliteWrap. There are a number of tools, some free for download, that will help a person create a Trojan horse. One that I use in my penetration testing classes is eLiTeWrap. It is easy to use. Essentially, it can bind any two programs together. Using a tool such as this one, anyone can bind a virus or spyware to an innocuous program such as a shareware poker game. This would lead to a large number of people downloading what they believe is a free game and unknowingly installing malware on their own system © 2016 Pearson, Inc Chapter 5 Malware

7 The Buffer Overflow Attack (cont.)
Vulnerability Details LSASS Vulnerability - CAN : A buffer overrun vulnerability exists in LSASS that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of the affected system. A Microsoft Security Bulletin on a buffer overflow attack © 2016 Pearson, Inc Chapter 5 Malware

8 The Buffer Overflow Attack (cont.)
A source on the web for learning how to write buffer overflows! Web tutorial for writing buffer overflows © 2016 Pearson, Inc Chapter 5 Malware

9 Spyware Requires more technical knowledge
Usually used for targets of choice Must be tailored to specific circumstances Must then be deployed Spyware requires a more sophisticated perpetrator. It is not usually used for targets of opportunity, but for targets of choice. It must be created or tailored to a specific set of circumstances, and then deployed. © 2016 Pearson, Inc Chapter 5 Malware

10 Spyware (cont.) Forms of spyware Web cookies Key loggers
Web cookies – Recording a few facts to return to a Web site Key loggers – Recording everything you type, including all your usernames and passwords plus all of your files and documents This information is logged to a log file and uploaded or even ed to the perpetrator at his convenience. There are many more types of spyware. What about the one that looks for a particular type of web cam and then turns it on when it wants, such as when you are in the room? © 2016 Pearson, Inc Chapter 5 Malware

11 Spyware (cont.) Legal Uses Illegal Uses
Monitoring children’s computer use Monitoring employees Illegal Uses Deployment will be covert When monitoring employees, make sure you have an acceptable use policy that everyone has signed informing them that there will be employee monitoring. When monitoring your kids, you are on your own! © 2016 Pearson, Inc Chapter 5 Malware

12 Spyware (cont.) Example of free spyware removal software
This is just one example of a free spyware remover. Many more Web sites with free antispyware exist, in addition to the ones mentioned in the text. Example of free spyware removal software © 2016 Pearson, Inc Chapter 5 Malware

13 Other Forms of Malware Rootkit A collection of hacking tools that can
Monitor traffic and keystrokes Create a backdoor Alter log files and existing tools to avoid detection Attack other machines on the network Rootkit is a collection of hacking tools. After getting root (administrative-level access), the rootkit is installed. It has various tools that may do the following: Monitor traffic and keystrokes Create a backdoor Alter log files and existing tools to avoid detection Attack other machines on the network © 2016 Pearson, Inc Chapter 5 Malware

14 Malicious Web-Based Code
Web-Based mobile code Code that is portable on all operating systems Multimedia rushed to market results in poorly scripted code Spreads quickly on the web Web-based mobile code is code that is portable on all operating systems, such as HTTP or JAVA, and also has a malicious payload. As the market calls for more and more interactive multimedia experiences, a rush to market results in poorly scripted code. The web increases the mobility of these untrustworthy programs. Consumers love all the fun things. Security techs are nervous about ActiveX, VBScript, and so forth. © 2016 Pearson, Inc Chapter 5 Malware

15 Logic Bombs Go off on a specific condition Often date
Can be other criteria On October 29, 2008, a logic bomb was discovered in the company’s systems. This logic bomb had been planted by a former contractor, Rajendrasinh Makwana, who had been terminated. The bomb was set to activate on January 31, 2009 and completely wipe all of the company’s servers © 2016 Pearson, Inc Chapter 5 Malware

16 APT Advanced Persistent Threat Advanced techniques, not script kiddy’s
Ongoing over a significant period of time The security firm Mandiant tracked several APTs over a period of 7 years, all originating in China[md]specifically, Shanghai and the Pudong region. These APTs were simply named APT1, APT2, and so on. The attacks were linked to the UNIT of China’s Military. The Chinese government regards this unit’s activities as classified, but it appears that offensive cyber warfare is one of its tasks. Just one of the APTs from this group compromised 141 companies in 20 different industries. APT1 was able to maintain access to victim networks for an average of 365 days, and in one case for 1,764 days. APT1 is responsible for stealing 6.5 terabytes of information from a single organization over a 10-month time frame. We will discuss the Chinese attack in more detail in Chapter 12 as part of our discussion of cyber terrorism and information warfare. © 2016 Pearson, Inc Chapter 5 Malware

17 Detecting and Eliminating Viruses and Spyware
Antivirus software operates in two ways: Scans for virus signatures Keeps the signature file updated Watches the behavior of executables Attempts to access address book Attempts to change Registry settings Get antivirus software and use it! © 2016 Pearson, Inc Chapter 5 Malware

18 Detecting and Eliminating Viruses and Spyware (cont.)
Anti-spyware software Click on any of these links to show a trial version. © 2016 Pearson, Inc Chapter 5 Malware

19 Summary There are a wide variety of attacks.
Computer security is essential to the protection of personal information and your company’s intellectual property. Most attacks are preventable. Defend against attacks with sound practices plus antivirus and antispyware software. © 2016 Pearson, Inc Chapter 5 Malware

Download ppt "Computer Security Fundamentals"

Similar presentations

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Computer Security Fundamentals

Computer Security Fundamentals
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.

Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.
Cyber Crimes.

Cyber Crimes.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Return to the PC Security web page Lesson 5: Dealing with Malware.

Return to the PC Security web page Lesson 5: Dealing with Malware.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Similar presentations

Ads by Google