Presentation is loading. Please wait.

Presentation is loading. Please wait.

0101 0011 0110 0101 0110 0011 0111 0101 0111 0010 0110 1001 0111 0100 0111 1001 0010 0000 0100 0001 0111 0100 0010 0000 0100 1000 0110 1111 0110 1101 0110.

Similar presentations


Presentation on theme: "0101 0011 0110 0101 0110 0011 0111 0101 0111 0010 0110 1001 0111 0100 0111 1001 0010 0000 0100 0001 0111 0100 0010 0000 0100 1000 0110 1111 0110 1101 0110."— Presentation transcript:

1 R Kevin ChapmanStudent Computing Coordinator Dave FlynnUNIX Systems Administrator Rich GravesSenior UNIX and Security Administrator

2 So you want to get infected…  What are your options?  What are they?  How do you go about it?  Really  What are the benefits?  Reactive tools and measures  But seriously folks…

3 Malware for beginners  Virus  Trojan  Worm  Adware  Spyware  Rootkit  BotNet  Phishing What are your options?

4 Virus  What is it?  Malicious program that attaches itself to a legitimate file or program (the Host).  Infects machine when host file is run or opened.  Typically cannot run itself, needs human intervention.  What does it do?  Harmless as presenting “I’m here!”  Dangerous as deleting files.  Trigger immediately or wait for instructions or wait for a specific date.  How does it spread?  Via any files that move between computers (e.g. ).  Once on machine, looks for files to infect.  Relies on user transmission of those files.

5 Trojan  What is it?  Disguises itself as useful software or legitimate files.  Typically cannot run itself, needs human intervention.  What does it do?  Harmless as changing icons on your desktop.  Dangerous as opening “back doors” to the machine.  How does it spread?  Purely human intervention; “invited” onto system.  Cannot replicate itself.  Opening files or images…

6 Example: Vundo / Virtumonde  What is it?  A Trojan with many variants  How it spreads?  From a website linked from .  Advertises itself as an anti-malware tool.  What does it do?  Pop-up advertising for bogus antivirus tools.  Redirect Google searches.  Disable security programs.  And a lot more...

7 Worm  What is it?  Malicious program that spreads itself without a Host.  Designed to duplicate and spread via network.  What does it do?  Can cause network problems (heavy traffic).  Acts of vandalism are rare but possible.  Will often open “back doors” to the machine.  How does it spread?  Replicates itself on the same machine.  Capable of spreading itself often via .  Via network, often through their own back doors.

8 Example: Conficker  What is it?  A worm with five or more variants.  How does it spread?  Windows security flaw.  USB devices (via autorun).  Via network connections.  What does it do?  Currently checks hundreds of websites for updates.  Open back doors for new versions or other infections.  Antivirus or Windows Update sites unavailable.  User accounts may be locked out.  Spambot & Scareware.

9 Adware  What is it?  Normally legitimately installed software.  Free software paid for by the advertisements (to recoup development costs).  What does it do?  Downloads and/or displays ads on your machine.  Provides a free version of software.  How does it spread?  Downloaded and installed deliberately by user.  May note sites you visit and display corresponding advertisements (SpyWare).

10 Spyware  What is it?  Any program that monitors your behavior: e.g. surfing habits, sites visited.  How it spreads?  Piggy-backs on other software; not as a virus as it’s often intentional.  Can operate like a Trojan e.g. fake security software.  Tricks users into bypassing security.  What it does?  Record and deliver info you enter online.  Can install software, redirect browser.

11 Rootkit  What is it?  Program(s) which hide deep on your system.  Replaces system files which then hide processes.  How it spreads?  Spread as Viruses or Trojans (not Worms).  Rarely spreads itself any further once infected.  What does it do?  Allows unauthorized access to your machine.  Sniffers, keyloggers, zombie computer.

12 BotNet  What is it?  Spyware that records personal data.  Refers to a collection of machines.  How it spreads?  Spread via Trojans or like Worms  Scan local environment to find vulnerable machines  What does it do?  Very low-key – it wants to remain hidden.  Gathers information and relays it (e.g. banking).  Used for identity theft, compromise online accts.

13 Phishing  What is it?  Attempt to gain personal information such as passwords or account information fraudulently e.g. masquerading as bank representative.  How?  Majority of attempts happen via .  Also Instant Messaging, Social Networking.  Refer to websites that look like the original.  What does it do?  Gain access to account, or identity theft

14 Vectors Software vulnerabilities USB keys, network drives, other mechanisms for transferring files Malicious or compromised websites How to get infected

15 Bad or suspicious links Especially in HTML , what a link says might not be where it’s actually going. Dangerous attachments Can contain malware itself, which might or might not be caught by antivirus tools Attachments are very dangerous. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains. Phishing ‘Spanish Prisoner’ schemes Tricking a user into giving away personal or financial information.

16 From: Internal Revenue Service Sent: Wednesday, March 01, :45 PM To: Subject: IRS Notification - Please Read This. After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $ Please submit the tax refund request and allow us 6-9 days in order to process it. A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for your tax refund, please click here Regards,Internal Revenue Service Example of a phishing

17 Old versions of IE and Firefox are vulnerable to attack. Browser plugins are popular targets because they often don’t get updated Adobe Quicktime Java Flash For Firefox: https://www.mozilla.com/plugincheck/ Operating system security holes Vista SMBv2, for example Software Vulnerabilities

18 Legitimate websites can contain dangerous links or harmful code: Facebook (stolen passwords) Forums, blogs, etc. Security holes in webservers Bad advertisements / popups Search engines can be tricked Some attacks can happen without any interaction from you! Sometimes called drive-by downloads Usually associated with a browser or plugin vulnerability Malicious / Compromised Websites

19 Automatic infections: Worms, drive-by downloads, etc Can infect your machine instantly and without user interaction Typically a result of unpatched or vulnerable software The best defense is to make sure you’re using up to date software, particularly web browser and other web-related tools. Suffers from zero-day syndrome, by which we mean that software vulnerabilities are sometimes only discovered when malware that exploits it begins to spread. Recap

20 Many modern forms of malware rely on tricking the user: Phishing Trojans Malicious websites, advertisements, popups attachments Sometimes classified as social engineering attacks. These cannot infect your machine automatically; the best defense is to learn to recognize likely malware and then ignore / delete / avoid it. Recap

21 Phished password used to send spam within 1 hour If bank information is stolen: So is your money Your account can be used to transfer money overseas If your Facebook account is taken, it will be used to: Identify other potential victims Spread “Koobface” and similar trojans Scare your friends into sending money to “rescue” you If your computer is trojaned... Your Role in Criminal Activity

22 “Rootkits” lie to antivirus software about what files exist The computer, now owned by the criminals, will be used to monitor your activities and attack others It’s Not Your Computer Anymore

23 ColdwellBanker.com: Gumblar trojan Tennis.com: Gumblar, a few weeks before the French Open CW.edu and Berklee.edu, behaving Gumblar-like today NYTimes.com: bad ad 9/13, PEZCyclingNews.com: noon yesterday, via ad network Kaspersky: 0.64% of the web serves up malware Who Can Help Infect You?

24 % Proportion of Adobe Reader installations on Carleton administrative desktops that are current. The other 90% are vulnerable to Gumblar-style attacks. 0 Number of computers worldwide with a version of Adobe Reader that can handle new attacks starting December 11 th. How Vulnerable Are You?

25 Create and use a limited-privilege account Demo Use up-to-date antivirus Carleton’s McAfee (licensed for home use) Microsoft Security Essentials (free for home use) Set a Fraud Alert at AnnualCreditReport.com Instructs lenders not to open new credit accounts in your name unless your identity has been verified Prevents you (for example) from opening a department- store credit card on the spot 3 Easy Ways to Be Safer

26 Turn off JavaScript in Adobe Reader Demo Safer Computing, continued

27 If you use Firefox Update Firefox to 3.6 Consider the NoScript extension, NoScript.net If you have Vista/Windows 7, but not NoScript Internet Explorer 8 is probably safer Safer Computing, continued

28 Help from Secunia.com on software updates Try the PSI utility from secunia.com Safer Computing, continued

29 Question Time


Download ppt "0101 0011 0110 0101 0110 0011 0111 0101 0111 0010 0110 1001 0111 0100 0111 1001 0010 0000 0100 0001 0111 0100 0010 0000 0100 1000 0110 1111 0110 1101 0110."

Similar presentations


Ads by Google