Presentation is loading. Please wait.

Presentation is loading. Please wait.

Viruses, Worms, Zombies, and other Beasties

Published byDóra Nemes Modified over 5 years ago

Similar presentations

Presentation on theme: "Viruses, Worms, Zombies, and other Beasties"— Presentation transcript:

1 Viruses, Worms, Zombies, and other Beasties

2 Encryption Encryption strongly protects data in route
You Amazon.com Encryption strongly protects data in route Today’s story: Attacker can compromise your computer without breaking encryption.

3 Encrypted ≠ Secure You Amazon.com Break into your computer and “sniff” keystrokes as you type

4 Breaking into a Computer
What does it mean? How is it done? Can we prevent it?

5 What’s at Stake? Kinds of damage caused by insecurity
Nuisance: spam, … Data erased, corrupted, or held hostage Valuable information stolen (credit card numbers, trade secrets, etc.) Services made unavailable ( and web site outages, lost business) Hostage (break into your computer and encrypt files) Information = $ Bring down a web site like Amazon or airline - cost them $ Other fears: cybercrime, terrorism, etc.

6 Main themes of this lecture
Self-reproducing programs: viruses, worms, zombies Other threats to computer security Internet = Today’s Wild West There is no silver bullet against cyber crime, but follow good security practices Wild west - very little policing of internet -> citizens have to look out for themselves Little police results from architecture of net that also leads to little censure (so there is an upside).

7 Breaking into a Computer
What? Run unauthorized software How? Trick the user into running bad software (“social engineering”) Exploit software bugs to run bad software without the user’s help Social engineering

8 Example of “social engineering”: Trojan Horse
CoolScreenSaver.exe

9 Viruses and Worms Automated ways of breaking in;
Use self-replicating programs (Recall self-replicating programs: Print the following line twice, the second time in quotes. “Print the following line twice, the second time in quotes.” )

10 Computer Viruses Self-replicating programs that spread by infecting other programs or data files Cool Screen Saver Notepad Solitaire Paint Explain that word files can contain programs (macros) and probably good idea not to run them. Word virus that Hooks into open and save dialog Check see if this computer is infected If not, add itself to MS master template When you save file it checks to see if file contains virus and if not add it So this spreads but doesn’t do anything bad Could check to see if date is after X and if so delete all files on disk (time bomb) Payload Payload Payload Payload Must fool users into opening the infected file

11 Viruses Infected program, screen saver, or Word document launches virus when opened Use social engineering to entice you to open the virus attachment Self-spreading: after you open it, automatically s copies to everyone in your address book Other forms of social engineering: downloadable software/games, P2P software, etc. Examples of social engineering -- urgent title, looks like it’s from your friend

12 David L. Smith Aberdeen, NJ
The Melissa Virus (1999) Social engineering: says attachment contains porn site passwords Self-spreading: Random 50 people from address book Traffic forced shutdown of many servers $80 million damage 20 months and $5000 fine Intel, lucent, microsoft -- all shut down corporate for a while while they cleaned up Deal with FBI to work with them reduced sentence David L. Smith Aberdeen, NJ

13 Computer Worms Self-replicating programs like viruses, except exploit security holes in OS (e.g., bugs in networking software) to spread on their own without human intervention Payload Payload Payload Payload Payload Payload Payload

14 “Can we just develop software to detect a virus/worm?”
[Adleman’88] This task is undecidable. (so no software can work with 100% guarantee) Current methods: (i) Look for snippets of known virus programs on harddrive (ii) maintain log of activities such as network requests, read/writes to hard-drive and look for “suspicious” trends (iii) look for changes to OS code. No real guarantee

15 A losing battle? Constant battle between attackers and defenders
Example: Anti-virus software finds “signature” of known virus Attacker response: Polymorphic virus – to thwart detection, change code when reproduced Anti-virus software adapts to find some kinds of polymorphism But an infinite number of ways to permute viruses available to attackers Halting problem

16 Example of how worms spread: Buffer Overflow bug
From: COS 116 Staff Subject: Welcome Students! Return address Space reserved for subject Memory W e l c o m e S t u d e n t s ! 1 2 6 memory address: Buffer overflow bug: Programmer forgot to insert check for whether subject is too big to fit in memory “buffer” From: Bad Guy Subject: <evil code >100000 < e v i l c o d e . . . . . . . . . . . . . > 1 1 2 6

17 The Morris Worm (1988) First Internet worm
Created by student at Cornell Exploited holes in servers, other programs Infected ~10% of the net Spawned multiple copies, crippling infected servers Sentenced to 3 years probation, $10,000 fine, 400 hours community service Wanted to measure the size of internet Robert Tappan Morris

18 The Slammer Worm (2003) Fastest spreading worm to date
Only 376 bytes—Exploited buffer overflow in Microsoft database server products Spread by sending infection packets to random servers as fast as possible, hundreds per second Infected 90% of vulnerable systems within 10 minutes! 200,000 servers No destructive payload, but packet volume shut down large portions of the Internet for hours 911 systems, airlines, ATMs — $1 billion damage! Patch already available months previously, but not widely installed Gridlock Author never caught

19 Why is it so hard to stop Worms?
Spread of the Slammer worm

20 Why do people write worms and viruses?
Once was glory Now increasingly for profit Possibly related to military goals Botnets… Sometimes because they are curious / misfits / anarchists / bored…

21 Main reason: Botnets Virus/worm payload: Install bot program on target computer Bot makes target a zombie, remotely controlled by attacker Many zombies harnessed into armies called botnets – often 100,000s of PCs

22 Zombies Attacker’s Program Bot Bot program runs silently in the background, awaiting instructions from the attacker

23 Why go to the trouble of creating a botnet?
Can rent these out for $ Can infect them with virus Can cover your tracks for other activity

24 Reason 1: DDOS Attacks “Distributed Denial of Service”
Objective: Overwhelm target site with traffic. Example: Wikileaks incidents 2010 Extortion -- if you don’t give me $ I’ll launch this attack “Attack

25 Reason 2: Sending Spam Messages are hard to filter because there are thousands of senders “Forward this message: Subject: Viagra! …”

26 Other reasons Click fraud.
Commit other cybercrime that is hard to trace

27 Storm Botnet Created via email scam in 2007
spread to a million computers Owners unknown (believed to be Russian) Used for DoS and spams, available for “rent” Fiendishly clever design distributed control, similar to Kazaa, Gnutella rapidly morphing code; morphs every hour or so seems to detect attempts to track/contain it and “punishes” its pursuers

28 And if you weren’t scared enough already…

29

30 Spyware/Adware Hidden but not self-replicating
Tracks web activity for marketing, shows popup ads, etc. Usually written by businesses: Legal gray area Download kazaa the installer puts some extra stuff on your computer

31 Spoofing Attacks Attacker impersonates the merchant (“spoofing”)
Amaz0n.com’s key Amaz0n.com s to update your account information (ebay, bank, …) You Attacker impersonates the merchant (“spoofing”) Your data is encrypted… …all the way to the bad guy!

32 International warfare by other means
Stuxnet: Computer worm allegedly created by US and Israeli intelligence to target Iranian nuclear processing faciltiies.

33 Attackers are Adaptive
Defenders must continually adapt to keep up

34 Can we stop computer crime?
Probably not! Wild West nature of the Internet Software will always have bugs Rapid exponential spread of attacks But we can take steps to reduce risks… Theory: halting problem Practice: 1 security bug / 20k lines of code (high quality) 40 million lines == 2k bugs (handful corrected / month)

35 Protecting Your Computer
Six easy things you can do… Keep your software up-to-date Use safe programs to surf the ‘net Run anti-virus and anti-spyware regularly Add an external firewall Back up your data Learn to be “street smart” online

36 Keep Software Up-to-Date

37 Use Safe Software to Go Online
Fewer people trying to attack these programs than corresponding MS progs. Firefox (web browser) Thunderbird ( )

38 Anti-virus / Anti-spyware Scans
Symantec Antivirus (Free from OIT) Spybot Search & Destroy (Free download)

39 Add an External Firewall
Provides layered security (think: castle walls, moat) (Recent operating systems have built-in firewall features)

40 Tivoli Storage Manager
Back Up Your Data Tivoli Storage Manager (Free from OIT)

41 Learn Online “Street Smarts”
Be aware of your surroundings Is the web site being spoofed? Don’t accept candy from strangers How do you know an attachment or download isn’t a virus, Trojan, or spyware? Don’t believe everything you read may contain viruses or phishing attack – remember, bad guys can forge from your friends

Download ppt "Viruses, Worms, Zombies, and other Beasties"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Viruses, Worms, Zombies, and other Beasties COS 116: 4/10/2008 Sanjeev Arora.

Viruses, Worms, Zombies, and other Beasties COS 116: 4/10/2008 Sanjeev Arora.
Computer Basics Rabie A. Ramadan, PhD 6. Viruses, Worms, Zombies, and others 2.

Computer Basics Rabie A. Ramadan, PhD 6. Viruses, Worms, Zombies, and others 2.
Viruses, Worms, Zombies, and other Beasties COS 116, Spring 2012 Adam Finkelstein.

Viruses, Worms, Zombies, and other Beasties COS 116, Spring 2012 Adam Finkelstein.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Computer Viruses.

Computer Viruses.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Viruses, Worms, Zombies, and other Beasties COS 116, Spring 2011 Sanjeev Arora (based on lecture by Alex Halderman)

Viruses, Worms, Zombies, and other Beasties COS 116, Spring 2011 Sanjeev Arora (based on lecture by Alex Halderman)
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Online Annoyances Spam – electronic junk mail

Online Annoyances Spam – electronic junk mail
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Similar presentations

Ads by Google