So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Student Laptop Program Victories and Defeats Dr. Timothy M. Chester, CIO Texas A&M University at Qatar

Presented by Jamie Leben IT-Works Computer Services

An Integrated Approach to Computer and Information Literacy Linda Ehley Alverno College Associate Professor CS EDUCAUSE 2003 Copyright – Linda Ehley 2003.

Tools for Help Desk Management: Assessment & Guidance Karen Pothering Elinor Pennsylvania State University "Copyright.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.

And how you can handle it.  Trojan horses  Spyware  Adware  Rootkits  Viruses  Worms Software that works without the victim’s permission.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Windows Malware: Detection And Removal TechBytes Tim Ramsey.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

Invent the Future. Some information about VT ~28,000 students; 83% UG/17% Graduate Most users publish/utilize a single address such as

 Lesson 05: Computer Maintenance. Keep Software Up-To-Date Patches Security Holes Improves Software Stability Improves Software Performance Adds.

Using Second Life SAC07 Cynthia M. Calongne August 7, 2007 Copyright Cynthia M. Calongne, This work is the intellectual property of the author. Permission.

Incident Response From the Ground Up Ellen Young and Adam Goldstein Dartmouth College NERCOMP March 11, 2008.

Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

NetReg – Virus Killer? Spam Stopper? Copyright – 2006This work is the intellectual property of the authors. Permission is granted for this material to.

Protecting Yourself Antivirus Programs By: Stephanie Shaughnessy.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Laptop Survival and Management Help Desk Services Pat Valiquette Mark Miller Campus tools – Fall 2006.

OPERATION SYSTEM (WINDOWS) VIRUS REMOVAL. COMPUTER VIRUS - Type of malware that, when executed, replicates by inserting copies of itself (possibly modified)

Security for Seniors SeniorNet Help Desk

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP Network Security Analyst, Washington.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

By Mohammed kiche. Viruses A computer virus is a malware program that when executed replicates by inserting copies of itself modified into other computer.

Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Attack Plan Alex. Introduction This presents a step-by-step attack plan to clean up an infected computer This presents a step-by-step attack plan to clean.

Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Managing Applications, Services, Folders, and Libraries Lesson 4.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Internet safety By Suman Nazir

Virus. What is a virus ? A virus is a programme that is loaded onto your computer without your knowledge. Most viruses ‘infect’ other programmes by modifying.

Understand Malware LESSON Security Fundamentals.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

Phishing with Worms Twenty Years of Digital Threats—What Have We Learned and Where Are We Now?

© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

For more information on Rouge, visit:

Joseph J. Malone Security for Seniors Joseph J. Malone

Malware Incident Response

Julian Hooker Assistant Managing Director Educause Southwest

Direct Deposit Phishing Attack

Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.

Chap 10 Malicious Software.

CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.

Configuring Internet-related services

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

© Mike Reese This work is the intellectual property of the author

An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.

Chap 10 Malicious Software.

Presentation transcript:

So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst, Washington University in St. Louis Copyright Brian Allen This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

NSS NSO Business School Law School Arts & Sciences Medical School Engineering School Internets Decentralized Campus Network NSS = Network Services and Support NSO = Network Security Office Library Social Work Art & Architecture IS&T

Tools SecCheck Symantec Endpoint AV Ultimate Boot CD for Windows Knoppix Boot CD TrendMicro Online Scan Sysinternal Tools SpyBot Search and Destroy-Advanced Mode Clean It By Hand

We Interrupt This NSO Presentation For An Important Security Announcement

Knoppix Self contained and complete OS Will boot even if no hard drive Linux (command line) with a nice gui Knoppix has been around since 2000 Popular in the security community There are other Linux Live CDs ClamAV or F-Prot are free AV options

Sysinternals Tools I like Process Explorer Autoruns Process Monitor PSTools TCPView RootkitRevealer

Art of Cleaning It By Hand Favorite malware hideouts: c:\windows\system32, c:\windows\system, c:\windows\system32\drivers Find create and modify timestamps Start from that date look for more badness Look at the binary file attributes Rename or move each file as you go Purge every Temp directory Reboot, repeat

Current Threats Torpig, Mebroot - Sinowal Conficker worm Cutwail Rustock Grum virus BlackEnergy - HTTP-based botnet used primarily for DDoS attacks

Security Websites ThreatExpert Sandbox Virus Total Sunbelt CWSandbox Anubis Sandbox Norman Sandbox

Norman message.htm-MALWARE : INFECTED with W32/Malware (Signature: MyDoom) [ DetectionInfo ] * Filename: C:\analyzer\scan\message.htm-MALWARE. * Signature name: * Executable type: Application. [ Changes to filesystem ] * Creates file C:\WINDOWS\TEMP\zincite.log. [ Changes to registry ] * Accesses Registry key "HKLM\Software\Microsoft\Daemon". [ Network services ] * Looks for an Internet connection. [ Process/window information ] * Creates process "services.exe"". * Will automatically restart after boot (I'll be back...).

Case Study Dear user, We have received reports that your account has been used to send a large amount of spam messages during the last week. We suspect that your computer had been infected by a recent virus and now contains a hidden proxy server. Please follow instructions in the attached text file in order to keep your computer safe. Best wishes, The WUSTL.EDU team.

NO! DON’T CLICK ON IT!

So Your Computer Is Infected, Now What?

Clean vs Rebuild? Pros/Cons Discussion

Books Cryptonomicon – fiction Cuckoo's egg - nonfiction Safaribooksonline.com – free for wustl.edu