Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them Jay Stamps,

Published byLydia Hensley Modified over 8 years ago

Similar presentations

Presentation on theme: "Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them Jay Stamps,"— Presentation transcript:

1 Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them Jay Stamps, jstamps@stanford.edu, 723-0018jstamps@stanford.edu ITSS Help Desk Level 1 Training, November 18, 2004

2 Course Objectives  Understand what malware is, where it comes from, and what it does  Diagnose compromised or infected computers based on reported symptoms  Basic troubleshooting techniques for possibly compromised computers  Research & diagnostic tools  Prevention: Worth a pound of cure!

3 It’s Been a Rough Few Years for Windows PCs…

4 Sorry…  But that was the last picture you’re going to see in this presentation!  The good news is that your instructor loves questions, and you’re cordially invited to interrupt him at any time, or save your questions for later  It’s a clich é, but there are no “ dumb questions ” : The point is to learn  And if I don ’ t have a good answer, I ’ ll suggest that you make finding one part of your homework assignment!

5 What’s “Malware”?  Shortened form of “malicious software”  But it’s not always really malicious  So “malware” is a general term for:  Computer and macro viruses of any kind  Internet and mass-mailing worms  Trojan horses, backdoors and rootkits  Other computer exploits, bots, zombies  Spyware, adware, and other software installed on a computer without the user’s knowledge or informed consent  And then there are the “hoax viruses”…

6 Why Use the Word “Virus”?  The analogy with biological viruses  Computer viruses exist to self-replicate  They can often adapt (mutate) to survive  They might or might not harm the host  They “infect” by inserting themselves into a “healthy” system (be it a computer program or living organism)  The term “virus” is heavily overused  That’s why we’re talking about “malware”  But when someone’s PC is misbehaving…  They call 5-HELP and say, “I’ve got a virus!”

7 Are Only PCs Affected?  The answer is “No”  Are Macintoshes immune?  The answer is “yes and no” - sort of…  The first virus in 1982 infected Apple IIs  A great deal of malware - some of it not so malicious - existed for Mac OS “Classic”  Are there any Mac OS X malware programs? Well, not in the wild, not yet…  What about Unix and Linux OSes?  Lots of malware is in circulation for these platforms - lots!

8 Why Does Malware Exist?  When “viruses” first became common…  And “normal people” began to use personal computers…  If a “virus” struck, they were confused, alarmed, felt violated…  They’d ask, “Where do these things come from?” and “How did I get infected?”  Often they’d feel embarrassed, like they’d picked up an STD in a reckless moment…  When told, “People deliberately create viruses,” they’d properly ask, “Why?”  What do you think? Why does malware exist? (Possible homework assignment!)

9 Brief History of Malware  “Viruses” appeared in early 1980s  Very soon after first personal computers  They spread by floppy disks, later via “bootleg” & other software on “BBSes”  They often weren’t meant to be destructive  Internet “worms” arrived in late 1980s  “There may be a virus loose on the internet.” - Andy Sudduth of Harvard University, 34 minutes past midnight, November 3, 1988

10 Brief History Continued  First mass-mailing worm came in 1999  Usually called the “Melissa virus”  It was also a “macro virus”  Infected file had to be opened in MS Word  Spyware hits the scene around 2000  “Adware” claims to be legitimate, legal  “Browser hijacking” is common symptom  Other exploits, trojans, backdoors…  Have been around for a long time  Hackers target entities for malicious attack, or may want “free” computing resources

11 We’ll Stick to MS Windows  The majority of computer users at Stanford have Microsoft Windows PCs  The majority of malware “in the wild” today attacks only Windows PCs  Malware is very platform-dependent  Microsoft has only recently made computer security a priority  In the past…  MS tended to “enable everything by default”  Network-connected “services” running on a computer are an open invitation to hackers

12 Why So Much Malware?  Is malware becoming more common?  Yes!!! It is!!! (and harder to fight off)  Why might that be?  The Internet! Plus all the high-powered PCs in homes & offices connected to it  Why does that make a difference?  As with biological viruses, lots of people (or computers) are rubbing up against each other in a common space; and computers (like people) don’t always cover their mouths when they sneeze…

13 “Help! I’ve Got a Virus!”  A lot of people self-diagnose (wrongly)  “Doc, I think I’ve got the flu.” “How much did you drink last night?” “Uh, three six packs. I think. I don’t really remember…”  Only a few years ago…  Most folks who thought their PC had a viral infection were wrong!  When PCs behaved strangely, usually there was a problem with the OS or an application that was not at all virus-related  Today that’s still true, but…

14 Today That’s True, But…  Malware is more common, while OSes and applications are both more feature- laden and (often) more robust  More features mean more potential vulnerabilities for hackers to exploit  Greater robustness means strange behavior is somewhat likelier to be caused by malware  Plus more people use protective software  Few people these days are unaware of the necessity of running antivirus software  Some people even use it correctly!

15 You Answer a Call to 5-HELP  And the caller begins to explain…  “I think my PC has a virus”  Maybe it does, and maybe it doesn’t  We’ll look at diagnostic approaches presently  “I got an email from the Security Office…”  Get the details, but…  A referral to the Level 2 Help Desk, or local or contract support is probably the right move  If Networking or the Security Office has noticed a problem, the computer is almost certainly hacked  If the caller has self-diagnosed, or if you suspect malware is involved, you ask…

16 The Usual Questions 1  If a caller’s PC might have an infection, or otherwise be compromised:  Ask what version of Windows they’re using  Ask them if they’re keeping it patched  Ask them if they’re using antivirus software, and if it’s up-to-date  For Windows 2000 & XP, ask them if they have good passwords for all user accounts  Ask them if they use a firewall  The caller may not know the answers to some of these questions, of course…

17 The Usual Questions 2  So you may need to guide the caller to learn the answers to these questions  To check if Windows is properly updated, have the caller visit:  http://windowsupdate.microsoft.com http://windowsupdate.microsoft.com  Launch Symantec AntiVirus to check the date of the virus definitions file  To check password strength, use the Stanford Security Self-Help tool  Windows XP has a built-in firewall, as do many broadband routers

18 The Answers  If a user can’t access the network, that problem is likely not caused by malware  If a user can’t run, install or update SAV or other security software, that’s a clue that the PC has been infected by a worm  If Windows isn’t patched, and/or AV software is out of date, and/or user accounts have weak passwords, the PC is definitely vulnerable to compromise  If the web browser (especially IE) goes to unexpected sites, suspect spyware

19 More Symptoms  We’ve just looked at a couple of common symptoms of malware  Here are some other possible signs:  Sluggishness  One or more unexpected restarts  Frequent system crashes  Constant hard disk activity  Generalized “strange behavior”  Hackers try to hide their presence: If they’re good, they will succeed  Worms and some viruses do likewise

20 Steps to Recovery  Most symptoms of malware also have other, more mundane causes  If there’s any reason to suspect the presence of malware on a user’s PC, update virus definitions, disconnect the network cable, and run a full antivirus scan of all hard drives  Install and run SpySweeper  And always, always teach computer users how to protect themselves from malware! Prevention is key!

21 Mass-Mailing Worms  Mass-mailing worms are one of the most common vectors for malware  Most people know not to open “suspicious” email attachments  But the worm writers are getting a lot craftier, and the attachments often look less “suspicious” these days  Many people are still confused by sender address “spoofing”  Mass-mailing worms mail themselves out using randomly chosen sender addresses

22 I Got a “Suspicious” Email  A caller might say:  I got a strange email message from my bank (or a bank I don’t even use), etc.  I got a message from my “system administrator” telling me to do something  I got a message from a friend telling me there’s some file I’m supposed to delete  Such messages are usually “phishing” attacks, or “hoax viruses”  Delete the email message; don’t do what it says; never give out private information

23 Top 6 PC Security Must-Dos  Patch Windows automatically  New patches 2nd Tuesday of each month  Use BigFix & Windows Automatic Updates  Use strong passwords (even better, pass phrases) for all user accounts  Use a firewall, such as Windows XP’s built-in software firewall  Use and properly maintain good antivirus software  Don’t open suspicious email attachments  Disable Windows File & Printer Sharing

24 Tools for Prevention  Essential Stanford Software  http://ess.stanford.edu http://ess.stanford.edu  Symantec AntiVirus  BigFix client  SpySweeper  Security Self-Help Tool  Use the Firefox web browser (not IE)  Stanford Secure Computing web site  http://securecomputing.stanford.edu http://securecomputing.stanford.edu  Microsoft Baseline Security Analyzer  http://support.microsoft.com/kb/320454 http://support.microsoft.com/kb/320454

25 Questions? Research Tools  If you’ve been saving up questions, now’s your chance!  Tools for research & troubleshooting:  http://support.microsoft.com/kb/129972 http://support.microsoft.com/kb/129972  http://www.google.com http://www.google.com  http://www.sarc.com http://www.sarc.com  http://www.mcafeesecurity.com/us/security/home.asp http://www.mcafeesecurity.com/us/security/home.asp  http://housecall.trendmicro.com/ http://housecall.trendmicro.com/  http://en.wikipedia.org/wiki/Computer_virus http://en.wikipedia.org/wiki/Computer_virus  http://www.spywareinfo.com/ http://www.spywareinfo.com/  http://support.microsoft.com http://support.microsoft.com  http://www.microsoft.com/technet http://www.microsoft.com/technet  http://www.cert.org/ http://www.cert.org/  http://www.cisecurity.org/ http://www.cisecurity.org/

Download ppt "Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them Jay Stamps,"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Downloading + Viruses. Downloading Modems (56K) V.90 DSL (digital subscriber line) Cable Modem Satellite.

Downloading + Viruses. Downloading Modems (56K) V.90 DSL (digital subscriber line) Cable Modem Satellite.
Computer Viruses.

Computer Viruses.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the common cold of modern technology. One e-mail in every 200 containing.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Windows Desktop Security for the Rest of Us ITSS Tech Express Presentation Jay Stamps, ITSS, 723-0018 Turing Auditorium, January.

Windows Desktop Security for the Rest of Us ITSS Tech Express Presentation Jay Stamps, ITSS, Turing Auditorium, January.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Similar presentations

Ads by Google