Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware 101 “Basics” Berman Enconado. Malware 101 Malware is malicious software How to identify? Stealing information Unauthorized access Exploits Fooling.

Published byJemima Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "Malware 101 “Basics” Berman Enconado. Malware 101 Malware is malicious software How to identify? Stealing information Unauthorized access Exploits Fooling."— Presentation transcript:

1 Malware 101 “Basics” Berman Enconado

2 Malware 101 Malware is malicious software How to identify? Stealing information Unauthorized access Exploits Fooling the unsuspecting user

3 Malware 101 en.wikipedia.org/wiki/Malware

4 Malware 101 Classification of Malware

5 Malware 101 Viruses

6 Malware 101 Exploited WinAmp Playlist (m3u file) Exploits

7 Malware 101 Trojan / Backdoor

8 Malware 101 Dropped files –Usually in %windows% or %system% directories Autostart –HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run –HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Once –HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon –%USERPROFILE%\Start Menu\Programs\Startup Trojan / Backdoor

9 Malware 101 Rootkit

10 Malware 101 The famous “Love Bug” aka ”I love you” worm. Not a virus but a worm. (Filipino-made) Worms

11 Malware 101 Theories for self- replicating programs are created First Apple virus found “in the wild” - Spreads through pirated games Macro Virus Java infectors Chernobyl Polymorphic Virus -Annoying and destructive viruses starts to became rampant ILoveYou “virus” Sends via email Melissa -Email spammer - uses MS Word documents Conficker Worm - Most number of computers infected since Slammer in 2003 Slammer Worm - fastest spreading worm to date; infecting 75,000 computers in approximately ten minutes TDL Stuxnet Rustock Rootkits Mobile Brief History of Malware

12 Malware 101 A malware installs itself in the system without any notification or dialogs A legit application gets installed by a setup with a sequence of notifications or dialogs Malware Researcher Notes

13 Malware 101 Tools anyone can use to determine system infection.

14 Malware 101 Process Explorer

15 Malware 101 Installrite

16 Malware 101 Wireshark 4sysops.com

17 Malware 101 Autoruns

18 Malware 101 GMER Lavasoft.com

19 Malware 101 “Clean-up” Reginald Wong

20 Malware 101 Installation Setup Legit AppMalware Installs using a dialogNo dialog. May show fake error or image such as porn Usually installs its components in Program Files folder Usually installs itself in the Windows folder(s) Can be manually run from Start Programs Menu It is already running and triggered at a system event such as startup. versus

21 Malware 101 Comparison: Process BeforeAfter

22 Malware 101 Comparison: File BeforeAfter

23 Malware 101 Comparison: Registry Before After

24 Malware 101 Comparison: Registry Before After

25 Malware 101 Comparison: Registry Before After

26 Malware 101

27 Assuming we do not have any third-party tools, and we only have our plain old Windows NT-based OS….

28 Malware 101 Common Malware File Locations Located in –Windows folder or subfolders like System32. i.e. C:\Windows\System32 –Recycle(r) folders –Desktop And can be found set to run at startup

29 Malware 101 Looking for Suspicious Files Click on Start->Run Then type, MSCONFIG And hit ENTER

30 Malware 101 Looking for Suspicious Files Click on Start->Run Then type, TASKMGR And hit ENTER Or Press CTRL- SHIFT-ESC

31 Malware 101 Suspicious Files: File Properties Version Information –Google is your very best friend File version Company Name Copyright Icon –Trying to mimic a folder, explorer, or any legit application. Check out the path. –No icon

32 Malware 101 Suspicious Files: File Properties

33 Malware 101 Suspicious Files: File Properties

34 Malware 101 Looking for Suspicious Files

35 Malware 101 Looking for Suspicious Files

36 Malware 101 Looking for Suspicious Files Still not showing up?!?

37 Malware 101 Looking for Suspicious Files Unhide using ATTRIB (command line app)

38 Malware 101 Looking for Suspicious Files

39 Malware 101 Looking for Suspicious Files

40 Malware 101 Removal: Attempt to Delete File

41 Malware 101 Removal: Attempt to Terminate Process Unfortunately Fails to Terminate

42 Malware 101 Removal: Attempt to Delete File HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager Click on Start->Run Type REGEDIT Hit ENTER

43 Malware 101 Removal: Attempt to Delete File

44 Malware 101 Removal: Attempt to Delete File

45 Malware 101 Removal: Attempt to Delete File Pad 2 0x00 bytes which means Renaming the file to nothing. In other words, delete.

46 Malware 101 Removal: Attempt to Delete File

47 Malware 101 Removal: Attempt to Delete File

48 Malware 101 Removal: Attempt to Delete File Verify that the file was deleted. Do the same process when looking for the malware file.

49 Malware 101 Removal: Attempt to Delete File Also check that the malware file is not in the process list.

50 Malware 101 Removal

51 Malware 101 Removal: Clean up Remnants

52 Malware 101 Removal: Clean up Remnants Click on Start->Run Type REGEDIT Then hit ENTER Click on “My Computer” Click on Edit->Find/Search In the search box, type the name of the malware file then click on Find

53 Malware 101 Removal: Clean up Remnants

54 Malware 101 Warning! Do NOT delete registry entries that contains the malware file name. Do NOT delete file names similar to that of the malware file name. It could have mimicked a system file name. Research about it first. If you think handling the malware is still difficult, send the file to your favorite Antivirus vendor.

55 https://www.facebook.com/gfisoftware https://www.facebook.com/GFILabsPH https://twitter.com/gfisoftware https://twitter.com/gfilabsph

Download ppt "Malware 101 “Basics” Berman Enconado. Malware 101 Malware is malicious software How to identify? Stealing information Unauthorized access Exploits Fooling."

Similar presentations

Shutdown the Computer Note : Dont Use Ctrl + Alt + Del.

Shutdown the Computer Note : Dont Use Ctrl + Alt + Del.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Presented by: Melissa Dark CERIAS, Purdue University.

Presented by: Melissa Dark CERIAS, Purdue University.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer Maintenance & Safety Spring 2014. Internet Safety Keeping your computer safe What is a computer virus? A computer program that can copy itself.

Computer Maintenance & Safety Spring Internet Safety Keeping your computer safe What is a computer virus? A computer program that can copy itself.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Viruses, Malicious Code, & Other Nasty Stuff Presented by: Melissa Dark K-12 Outreach Coordinator CERIAS, Purdue University 765.496.6762.

Viruses, Malicious Code, & Other Nasty Stuff Presented by: Melissa Dark K-12 Outreach Coordinator CERIAS, Purdue University
Format Scandisk Defragmentation Antivirus Compression Software

Format Scandisk Defragmentation Antivirus Compression Software
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Operating Systems Day 3. Changing Date & Time 1.Double click on digital clock on the notification area of a task bar (Click start button, Click control.

Operating Systems Day 3. Changing Date & Time 1.Double click on digital clock on the notification area of a task bar (Click start button, Click control.
MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.

MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.
© 2009 Autodesk Troubleshooting common installation problems TS14868637 AutoCAD (LT) Product Support By Tom Stoeckel.

© 2009 Autodesk Troubleshooting common installation problems TS AutoCAD (LT) Product Support By Tom Stoeckel.
Physical Cleaning Disconnect Power Open the Case.

Physical Cleaning Disconnect Power Open the Case.
Basic Computer Maintenance Basic Computer Maintenance Clean and Cool Deleting Temporary Files Scandisk Backup Your Data How to.

Basic Computer Maintenance Basic Computer Maintenance Clean and Cool Deleting Temporary Files Scandisk Backup Your Data How to.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk

Similar presentations

Ads by Google