Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate.

Published byKimberly Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: " Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate."— Presentation transcript:

1

2  Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate IA pillars  Different approach to attacking a system  Not remote access network-based attacks  Can be used to enable such attacks  Victim generally installs the malware, or takes some action that results in installation  Often associated with online crime  Categorized by delivery and propagation techniques  Virus  Worm  Trojan Malware2

3  Computer program that can replicate itself  “Infects” a computer without permission or knowledge of user  Attaches itself to another program or file  Usually executables  Cannot replicate unless the file is executed  Cannot spread beyond the system without human intervention Malware3

4  Program  Most traditional virus type  Malicious program attached to another program file  Macro  Set of instructions embedded in documents (i.e., Word)  Analogous to a script embedded in a webpage  Executes whenever the document is opened/edited Malware4

5  Cross-site Scripting  Malicious code injected into a website  Commonly seen on social media sites  Facebook, MySpace, Twitter, etc.  User views a page containing the malicious script  Script attempts to replicate itself to the user’s profile  Anyone viewing the user’s profile is also infected  Boot sector  Boot sector instructs the computer how to boot the operating system  Virus attaches itself to the boot sector code  Runs every time the computer is started Malware5

6  Self-replicating, self-propagating program  Often uses networking mechanisms to propagate  Typically utilizes an exploit to gain access to a system and copy itself  Scans surrounding network looking for additional victims  Attempts to exploit them and copy itself  Other replication methods exist  Ex: autorun of removable media devices Malware6

7  Derived from the Trojan Horse story in Greek mythology  Program appears to have a useful function  Also has a hidden (potentially malicious) function  Scareware example  User visits a website  Window pops up indicating they have X types of spyware/viruses on their computer  User downloads and install the advertised anti-virus program  Program indicates viruses have been removed  Also installs malware without victim’s knowledge  Often botnet software  Check your SI110 webpage Malware7

8  Malware can be used to do several things  Delete files  Send files back to the attacker  Allow your computer to be used as part of a botnet  Send spam emails or perform DDoS attacks  Allow your computer to be used as a springboard for another network attack  Mask the true source of the attack  Install programs  Keyloggers  Spyware  Adware  Perform screen captures  Turn on webcam/microphone Malware8

9  User/administrator observes abnormal behavior of the system  Actions not initiated by user  New toolbar  Program they did not install  Browser homepage changes  Processing/network slowdown  Anti-virus scans can detect many types of malware  Signatures  Heuristics  IDS/IPS detects abnormal network traffic  Worm propagation  Firewall or email gateway can incorporate malware scanners  Prevent malware from reaching the victim’s machine Malware9

10  Best practices  Principle of Least Privilege  Execute all tasks with lowest permissions possible  Not all tasks require admin privileges  Separate user and administrator accounts  Keep anti-virus signatures up-to-date  Run full scan periodically  Install operating systems updates when available  Keep 3 rd party software up-to-date as well  Turn off the system when not in use  Enable auditing  Keep system physically secure  Follow/enforce usage policies  Report abnormal behavior  User training/education Malware10

11  Email  Open email only from trusted sources  Verify attachments  Scan before opening/running  Beware of online scams  No one wants to give you money!!!  Emails asking you to verify account information  Visit website rather than following email link  Online  Only visit trusted websites  Be aware of HTTP cookies - block or disable as necessary  Removable media  Disable autorun for removable media devices  Do not share removable media between networks  Follow established policies if required Malware11

12 Malware12

13  Duqu was initiated with a spearphishing attack:  An e-mail to a company employee requesting more information with, in particular, the line "In the attached file, please see a list of requests."  The "attached file" was an innocuous- looking MS Word doc. Opening up that document is what started all the trouble. The user actually opened the door and let the attacker in when he opened that e-mail. Malware13

14  The Word doc sent contained an "embedded font", meaning that the file contained within in it a block of bytes that defined what the characters used in the document should look like when displayed.  The bytes that comprise the font definition are read in and processed by OS that runs with administrator privileges; in such a way as to trick this OS code into executing shell code which ran with the highest possible privileges.  This shell code installed the Duqu malware, which then was up and running long-term on the host, regardless of whether the Word document or Word itself remained open.  Called Duqu because it created files with prefix “~DQ” Malware14

15  Duqu contacted a command-and-control (C&C) server to receive instructions  In fact, the communication between C&C and the infected machine was done over HTTP and HTTPS. At least one Duqu C&C server was traced to a machine in Belgium at IP address 77.241.93.160.  The C&C server loaded an extra module (piece of code) on the infected host that allowed it to attack another machine on the same network, making use of that local network access. Yet another module loaded onto the infected host by the C&C server was a key logger, which logged keystrokes and grabbed screen captures.  Once inside a privileged hosts, we have demonstrated how much ease we have to manipulate data. Malware15

16 Malware16

17 Malware17

18  Contact your IT department or network administrator  Disconnect from the network  Prevent exfiltration of personal information  Limit propagation  Backup important files  Scan for malware  Treat all files and programs as infected until verified Malware18

19  Recovery options  Attempt to clean the malware from the system  Some malware designed to hide from repair tools  Restore to “known good” state  Prior to malware infection  Forensics can help determine last “known good” state  Reinstall from original media  Ensure all OS and application updates are installed  Fix vulnerabilities and configure security settings before returning system to service Malware19

Download ppt " Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Computer Viruses.

Computer Viruses.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Quiz Review.

Quiz Review.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Similar presentations

Ads by Google