Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation.

Published bySpencer Marn Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation."— Presentation transcript:

1

2 An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation

3 What is DevilRobber Trojan  1: Transmission: Bit Torrent Seed  2: Function: access user’s computer steel user’s private information generate Bitcoin virtual currency

4 The Principle of Trojan  Trojan Application consists of two parts 1: Server Part (Server) 2: Controller Part (Client)  Interaction Open clients’ ports to send data back to the specified server Hackers could take advantage of such ports to enter OS X

5 The Principle of Trojan  Operation Trojan horse programs cannot operate automatically Embedded in some documents or files users may be interested in  Trigger Must open infected files or implement infected application  Categories Universal VS Transitive

6 Analysis of DevilRobber Trojan  Operation System Platform Mac OS X ( Based on UNIX ) Mac OS X application such as Graphic Converter software  Function Steal user’s sensitive information and private data Control GPU to generate BitCoin virtual currency automatically Monitoring computers’ activities

7 Analysis of DevilRobber Trojan Copy TrueCrypt and its relevant data Copy Safari browsing history Copy users’ Bash_history to dump.txt

8 Analysis of DevilRobber Trojan  Unusual Features take advantage of GPU to automatically generate Bit-coins Bits-coins also can be used for exchange for real current currency. One Bit currency is equivalent to about $ 3.00

9 New Version of DevilRobber Trojan  Dispersal Old Version: Disguise as a popular image editing program such as PixelMator New Version: Disguise as download tools and contact with some FTP server

10 New Version of DevilRobber Trojan  Circumvention Not trying to capture a screenshot sent back to the remote server No longer check the Little Snitch firewall  Confuse User Little Snitch users can authorize the Trojans to communicate with an external server without their known.

11 How to Avoid DevilRobber infection  Check source of download files Trust of source of download  Various types of DevilRobber Trojan Disguise as a PDF file Disguise as Adobe Flash update installation

12 Vulnerability Fixed and Solution  Enhance Mac OS X Security Apple has released update package for users to download Virus Feature Definition XProtect.plist

13 Reference 1 : What Apple's sandboxing means for developers and users http://news.cnet.com/8301-1009_3-57318099-83/what-apples- sandboxing-means-for-developers-and-users/ 2 : Mac Trojan poses as PDF to open botnet backdoor http://arstechnica.com/apple/news/2011/09/mac-trojan-poses-as- pdf-to-open-botnet-backdoor.ars 3 : Apple kills code-signing bug that threatened iPhone users http://www.theregister.co.uk/2011/11/10/apple_iphone_security_bu g.html

14 Lecture End Thanks

Download ppt "An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation."

Similar presentations

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 6A Operating System Basics PART II.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 6A Operating System Basics PART II.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Chapter 8 Operating Systems and Utility Programs.

Chapter 8 Operating Systems and Utility Programs.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
CS 450 - Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
COS 420 DAY 25. Agenda Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.

COS 420 DAY 25. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.
Optinuity Confidential. All rights reserved. C2O Configuration Requirements.

Optinuity Confidential. All rights reserved. C2O Configuration Requirements.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Object Linking and Embedding A tool which allows different software application packages to share data.

Object Linking and Embedding A tool which allows different software application packages to share data.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 8 Operating Systems and Utility Programs By: James Granahan.

Chapter 8 Operating Systems and Utility Programs By: James Granahan.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
No.24 Prerawat Denvutivorkarn M.2/2. Definition: antivirus is protective software designed to defend your computer against malicious software. Malicious.

No.24 Prerawat Denvutivorkarn M.2/2. Definition: "antivirus" is protective software designed to defend your computer against malicious software. Malicious.
Exchange metering information of Elia through FTP or ECP? Why is Elia proposing 2 different protocols and what are the advantages of both protocols.

Exchange metering information of Elia through FTP or ECP? Why is Elia proposing 2 different protocols and what are the advantages of both protocols.

Similar presentations

Ads by Google