Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 492/592: Malware. Motivation Q: How can I tell if the software I'm running is malicious?

Published byWillis York Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 492/592: Malware. Motivation Q: How can I tell if the software I'm running is malicious?"— Presentation transcript:

1 CS 492/592: Malware

2 Motivation Q: How can I tell if the software I'm running is malicious?

3 Syllabus http://thefengs.com/wuchang/work/courses/cs492 Accomplishment-based evaluation – Go at your own pace – Labs per chapter Done in-class – Per-student homework Finish them all to complete the course Submit answers via D2L quizzes – Final project Create your own CTF challenge

4 Ethics Explore only on your own systems or places you have permission to Do not break or break into other people's machines

5 What is malware? Set of instructions that run on your computer and make your system do something that an attacker wants it to do  Delete files to render your computer inoperable  Infect other systems (worms, viruses)‏  Monitor activity (webcams, keystroke loggers)‏  Gather information on you, your habits, web sites you visit  Provide unauthorized access (trojans, backdoors)‏  Steal files (credit card data)‏  Store illicit files (copyrighted material)‏  Send spam or attack other systems  Stepping stone to launder activity (frame you for a crime)‏  Hide activity (rootkits)‏

6 Why is it so prevalent? Unprecedented connectivity Vulnerable users Homogenous software and hardware Focus on time to market Data and instruction mixing Mature malicious software industry

7 Data vs. code Data is information that your CPU acts on Code tells your CPU to take action (danger!)‏ To a computer, what’s the difference between code and data? …. Not much * Data & code are intermixed these days  ELF,.exe,.html,.doc ….  Adds flexibility (.doc), features (.html), and efficiency (.js)

8 Types of malware Viruses and worms  Self-replicating code spread manually or automatically Web-based exploits  Code automatically downloaded via the web Botnets  Collections of computers under the control of an adversary Backdoors  Code that bypasses normal security controls to provide continued access to an adversary Trojans, launchers  Code that appears legitimate, but performs an unauthorized action

9 Types of malware Rootkits  Tools to hide the presence of an adversary Spyware, information stealing  Code that collects credentials and behavior of legitimate users Scareware, Adware, Ransomware  Code that tricks users out of their money or time

10 Entrance exam In order to analyze what code does, one must understand how software works Pre-requisites for the course – Mastery of topics in CS 201 and CS 333 – If you can not pass this exam, you will not be able to continue

11 Your environment Vanilla Windows 7 Professional VM image located on MCECS file server /stash/cs492/class/492_dist.ova All software from book installed Not registered Tasks Create a directory for yourself locally at /disk/trump/cs492 Goto File=>Preferences and set “Default Machine Folder” to /disk/trump/cs492/class/ Import VM into your own VirtualBox directory (virtualbox) Goto File=>Import Appliance and select path to 492_dist.ova Allocate 2GB to your machine’s memory Re-initialize MAC address so each of your VMs is unique Register your Windows 7 Pro installation (we will assign you a key) Change the name of your machine to your OdinID If you miss class, screenshots of lab work which show your machine name can be used Must be sent prior to next class Migration Create a directory for yourself at /stash/cs492/class/ Rsync your VM in /disk/trump over to /stash Run virtualbox Goto File=>Preferences and set “Default Machine Folder” to /stash/cs492/class/ Contact support@cat.pdx.edu if you are not in the “vagrant” group

12 Installed software on your VM Install Win7 32-bit instance with VirtualBox Guest Additions CD Install cygwin with sharutils, binutils, zip/unzip, and nc Install WinRAR or cygwin p7zip Install Sysinternals tools (Process Explorer, Process Monitor) (technet.microsoft.com) Install PEView (wjradburn.com) Install Resource Hacker (angusj.com) Install Dependency Walker (dependencywalker.com) Install IDA Pro 5.0 Freeware (hex-rays.com) Install Wireshark (wireshark.org) Install Apate DNS (mandiant.com) Install OllyDbg 1.10 (ollydbg.de) and its Phant0m plug-in (woodmann.com) Install WinHex (winhex.com) Install PEiD (softpedia.com) <= CAUTION, it is a zip file not an installer Install UPX (upx.sourceforge.net) Install Regshot (code.google.com/p/regshot/) Install labs from textbook (practicalmalwareanalysis.com) Encrypted zipfile (password: malware) Will set off Windows defender alarms Make two copies, a working one and a read-only one

Download ppt "CS 492/592: Malware. Motivation Q: How can I tell if the software I'm running is malicious?"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network

Threats To A Computer Network
CS 450 - Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Issues Raised by ICT.

Issues Raised by ICT.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
With Microsoft Windows 7© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Windows 7.

With Microsoft Windows 7© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Windows 7.
Computer damage. The dangers Computer programs can get onto your computer and cause damage Junk emails (called spam) and junk instant messages (called.

Computer damage. The dangers Computer programs can get onto your computer and cause damage Junk s (called spam) and junk instant messages (called.

Similar presentations

Ads by Google