Presentation is loading. Please wait.

Presentation is loading. Please wait.

Justin Brady Malware Forensics.

Published byLeonard Brodbeck Modified over 5 years ago

Similar presentations

Presentation on theme: "Justin Brady Malware Forensics."— Presentation transcript:

1 Justin Brady Malware Forensics

2 Intro Malware Forensics
I chose this because I always have loved finding out how Malware works MotherBoard We do a lot of elemination of Malware but no reasearch on the types This job is always very rewarding but eaves me with a lot of different questions still! So what does this different malware do? Where is it hiding at exactly?

3 Setup for the Release The malware was set up and released on a VM.
I used VirtualBox to run the VM on a non personal computer. This was to ensure that none of my personal data would be at risk or that any info would be stolen I made sure that it was non networked. Also there was no file sharing between the VM and host system. The VM was a windows 10 image. This is what people everywhere will be and are using. Note taking and screenshots like for court

4 First look I decided to start with the filesystem and see what was to be found. There were a couple of things already on the desktop Bombermania, things that look harmless Downloads There was a lot in downloads This is where Malware would usually start its journey. Most of the files were .exe’s or zipped files One I notices was called win32.peals Later found this to be a common name for some trojans

5 Windows Defender Next I decided to use the built in system tool to do some more analysis. I tried some different scans and it looked like they didn’t find anything I tried a couple of different scans and techniques Opened some of the files Upon further inspection we can see it did find a good amount of things.

6 The history Tab There is a record kept of all detected items and a description panel Six different items They had been quarantined I made sure I allowed them all so that I could keep on doing analysis.

7 PWS:Win32/Zbot!GO I looked into them all and decided to focus on this one particularly. PWS:Win32/Zbot!Go Is a password stealer. it comes from a family program called Win32/Zbot Zeus Wsnpoem or Citadel Win32- The name makes it seem safe. Win is a common denotation for windows liscenced system files that is on all windows operating systems Also 32 or the system 32 folder is a name for one of the folders that is on windows as a core program.

8 PWS:Win32/Zbot!GO I found out that Win32/Zbot is actually a trojan
this specific trojan focuses on is stealing financial information from the user Passwords Logins It can start by lowering your firewall and internet browser security then this malware can give a malicious hacker access to your computer directly. It does it all!

9 -The filesystem where the password stealer is located.
Note that it is located in AppData/Roaming. This file location is actually hidden to the normal user .

10 PWS:Win32/Zbot!GO How it works tecnically Sits and monitors
when a user goes to an online banking address It finds an API and latches onto it Once attached the virus then injects code into the webpages Information is then stolen Passwords, User ID’s ect

11 Test Files I was very curious as to what these were.
It turns out these are indeed not malware at all. It is a file that would be downloaded to check if your security is up to par. EICAR-STANDARD-ANTIVIRUS- TEST-FILE!$H+H*

12

13

14 Prevention have a high quality security program running at all times
have your firewall always up never opened any unknown attachment do not download or run anything suspicious from websites that you do not frequent In other words, there are no special ways to defend against a password stealer versus a PUP. You can get both just as easily You need all of these comprehensive security measures in place if you want to have a secure and safe computing experience.

Download ppt "Justin Brady Malware Forensics."

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
The Blue “W” is placed on your Desktop or in your system tray area.

The Blue “W” is placed on your Desktop or in your system tray area.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term virus is also commonly, but erroneously.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

Similar presentations

Ads by Google