Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malaware Monil Adhikari. Understanding Malaware slide 3 Viruses Virus propagates by infecting other programs Automatically creates copies of itself,

Published byElisabeth Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "Malaware Monil Adhikari. Understanding Malaware slide 3 Viruses Virus propagates by infecting other programs Automatically creates copies of itself,"— Presentation transcript:

1 Malaware Monil Adhikari

2 Understanding Malaware

3 slide 3 Viruses Virus propagates by infecting other programs Automatically creates copies of itself, but to propagate, a human has to run an infected program Self-propagating viruses are often called worms Many propagation methods Insert a copy into every executable (.COM,.EXE) Insert a copy into boot sectors of disks PC era: “Stoned” virus infected PCs booted from infected floppies, stayed in memory, infected every inserted floppy Infect common OS routines, stay in memory

4 slide 4 First Virus: Creeper Written in 1971 at BBN Infected DEC PDP-10 machines running TENEX OS Jumped from machine to machine over ARPANET Copied its state over, tried to delete old copy Payload: displayed a message “I’m the creeper, catch me if you can!” Later, Reaper was written to hunt down Creeper http://history-computer.com/Internet/Maturing/Thomas.html

5 slide 5 Polymorphic Viruses Encrypted viruses: constant decryptor followed by the encrypted virus body Polymorphic viruses: each copy creates a new random encryption of the same virus body Decryptor code constant and can be detected Historical note: “Crypto” virus decrypted its body by brute- force key search to avoid explicit decryptor code

6 A computer worm is malware that is able to distribute itself over a network, normally via e-mail, without a person having run an infected program. It is able to reproduce itself many times and so your computer could send out hundreds of these worms with devastating effect This can cause your computer to run very slowly and possibly even crash Computer Worms

7 Phishing Definition from http://www.onguardonline.gov/: http://www.onguardonline.gov/ Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims.

8 Pharming Norton Internet Security defines pharming as: Pharming (pronounced “farming”) is another form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same bogus Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they are not reliant upon the victim accepting a “bait” message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other online service into their Web browser.

9 Spam According to Norton: Email Spam is the electronic version of junk mail. It involves sending unwanted messages, often unsolicited advertising, to a large number of recipients. Spam is a serious security concern as it can be used to deliver Trojan horses, viruses, worms, spyware, and targeted phishing attacks.virusesspywarephishing

10 Protecting Yourself From Phishing On Guard Online suggests many different ways to protect your computer and information: Do not email private information Be careful when opening attachments, regardless of who sent them Update all antivirus and antispyware software regularly Do not reply to email popups If you think you have been scammed, report it on http://www.ftc.gov/bcp/edu/microsites/idtheft/ http://www.ftc.gov/bcp/edu/microsites/idtheft/

11 Protecting yourself from Pharming Norton suggests: Keeping your computer updated Review bank statements carefully and regularly Remember that online offers that seem too good to be true…usually are.

12 Controlling Spam Norton suggests: Install a spam blocker Try reading emails in plain-text If you think email is spam, do not reply, just delete. Reject all Instant Messages from those not on your buddy list.

13 Real-time Examples

14 Byzantine Hades 2006-09 cyber-espionage attacks against US companies and government agencies Attack websites located in China, use same precise postal code as People's Liberation Army Chengdu Province First Technical Reconnaissance Bureau Targeted email results in installing a Trojan Gh0stNet / Poison Ivy Remote Access Tool Stole 50 megabytes of email, documents, usernames and passwords from a US government agency Same tools used to penetrate Tibetan exile groups, foreign diplomatic missions, etc. slide 14

15 slide 15 Night Dragon Started in November 2009 Targets: oil, energy, petrochemical companies Propagation vectors SQL injection on external Web servers to harvest account credentials Targeted emails to company executives (spear-phishing) Password cracking and “pass the hash” attacks Install customized RAT tools, steal internal documents, deliver them to China

16 slide 16 zwShell RAT When launched, presents a fake crash error Type “zw.china” into the hidden password field Can create a custom trojan or start a C&C server Select listening port, password for encrypting C&C traffic, custom sound notifications when infected machines connect or disconnect

17 slide 17 RAT Capabilities “Dropper” program installs RAT DLL, launches it as persistent Windows service, deletes itself RAT notifies specified C&C server, waits for instructions Attacker at C&C server has full control of the infected machine, can view files, desktop, manipulate registry, launch command shell

18 slide 18 Who Was Behind Night Dragon? C&C servers hosted in Heze City, Shandong Province, China All data exfiltration to IP addresses in Beijing, on weekdays, between 9a and 5p Beijing time Uses generic tools from Chinese hacking sites Hookmsgina and WinlogonHack: password stealing ASPXSpy: Web-based RAT Make in China E-mail: master@rootkit.net.cn

19 slide 19 Sources say hackers using servers in China gained control of a number of Canadian government computers belonging to top federal officials. The hackers, then posing as the federal executives, sent emails to departmental technical staffers, conning them into providing key passwords unlocking access to government networks. At the same time, the hackers sent other staff seemingly innocuous memos as attachments. The moment an attachment was opened by a recipient, a viral program was unleashed on the network. The program hunts for specific kinds of classified government information, and sends it back to the hackers over the internet. One source involved in the investigation said spear-phishing is deadly in its simplicity: "There is nothing particularly innovative about it. It's just that it is dreadfully effective."

20 Restricting Malaware Step 1 – Plan Vulnerabilities in client-side software on workstations. Vulnerabilities in network-accessible software on servers. Social engineering techniques, which often are part of malware-propagation tactics. Removable media, such as USB keys. Weak passwords of network-accessible accounts.

21 Restricting Malaware Step 2 – Resist Install and maintain a modern anti-virus suite. Lock down the configuration of the operating system. Control what software is installed and allowed to run. Restrict outbound and inbound network access. Protect Web browsing activities. Limit user account access and minimize user privileges. Keep up with security patches. Enforce change management practices. Identify, investigate, and respond to anomalies.

22 Restricting Malaware Step 3 – Detect Use change detection tool to discover unauthorized modifications Educating end users Training the IT Staff Reviewing security event logs. Employing intrusion detection systems. Verifying DNS Logs.

23 Restricting Malaware Step 3 – Respond

Download ppt "Malaware Monil Adhikari. Understanding Malaware slide 3 Viruses Virus propagates by infecting other programs Automatically creates copies of itself,"

Similar presentations

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Primary Threats to Computer Security

Primary Threats to Computer Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Computer Viruses.

Computer Viruses.
Threats To A Computer Network

Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Quiz Review.

Quiz Review.
Issues Raised by ICT.

Issues Raised by ICT.
Security Issues: Phishing, Pharming, and Spam

Security Issues: Phishing, Pharming, and Spam
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Similar presentations

Ads by Google