Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dealing with Malware By: Brandon Payne Image source: TechTips.com.

Published byBarrie Bell Modified over 8 years ago

Similar presentations

Presentation on theme: "Dealing with Malware By: Brandon Payne Image source: TechTips.com."— Presentation transcript:

1 Dealing with Malware By: Brandon Payne Image source: TechTips.com

2 What is Malware? Malicious Software Viruses Worms Trojans Spyware/Adware Over 1 million known unique malware

3 Antivirus Software Widespread Purpose to make us safe Two main parts – Detection – Removal

4 Detection Use of honeypots Signature based Family signature Heuristics Human involvement

5 Honeypots Numerous networked together virtual systems Limited protection – no firewall Can run any OS Allowed to talk freely on virtual network Protocols: – HTTP – FTP – IRC – DNS – Drive sharing – Email and packet routing

6 Honeypots, cont. Virtual machine runs custom monitoring and control software Snapshot at creation Physical machine runs DHCP server, collects data from monitoring software

7 Signatures Based on string – Machine Code Bytes Sometimes behavior based Stored in database – Stored in order of area affected (e.g. boot sector or.EXE) Sent to users as updates

8 Family Signatures “Families” of malware – Malware tweaked slightly and sent on its way Similar or the same signature Often add padding for confusion

9 Heuristics Looks for instructions and commands within programs that are not usually found in applications Two methods: – Weight-based – Rule-based

10 Weight-Based Antiquated, not used much anymore Assigns a weight to processes depending on potential security threat If a certain weight is reached, sounds an alarm

11 Rule-Based Extracts certain ‘rules’ from programs Compares these to rules in database known to cause issues If a match is found, alarm triggered Capable of detecting encrypted viruses by looking for specific behavior – Initializing a counter – Memory reads which depend on a pointer

12 Human Involvement Users Researchers – Software can’t solve on its own – Requires intimate knowledge of programming languages and OS

13 Removal Puts detection to use Updates sent out daily, weekly, etc. Requires scanning

14 Scanning Needs to check EVERYWHERE Several techniques to optimize – Location specific i.e. boot sector or macros – File location Signature only consists of a part of code which has a usual location

15 Questions?

Download ppt "Dealing with Malware By: Brandon Payne Image source: TechTips.com."

Similar presentations

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.

Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.

Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
No.24 Prerawat Denvutivorkarn M.2/2. Definition: antivirus is protective software designed to defend your computer against malicious software. Malicious.

No.24 Prerawat Denvutivorkarn M.2/2. Definition: "antivirus" is protective software designed to defend your computer against malicious software. Malicious.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.
Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

Similar presentations

Ads by Google