Karlstad University Malware Ge Zhang Karlstad Univeristy.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Chapter Nine Maintaining a Computer Part III: Malware.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
Malicious Software Malicious Software Han Zhang & Ruochen Sun.
1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Data Security and Encryption (CSE348) 1. Lecture # 27 2.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
For any query mail to or BITS Pilani Lecture # 1.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Malicious Software.
VIRUS.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Understand Malware LESSON Security Fundamentals.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
COMPUTER VIRUSES Computer Technology. What is a Computer Virus? A kind of A kind of Malicious software written intentionallyMalicious software written.
Attack Methods  Attacks  DoS (Denial of Service)  Malware.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Malicious Software.
Viruses and Other Malicious Content
Computer Technology Notes 5
NET 311 Information Security
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Presentation transcript:

Karlstad University Malware Ge Zhang Karlstad Univeristy

Karlstad University Focus What malware are Types of malware How do they infect hosts How do they propagate How do they hide How to detect them

Karlstad University What is a malware ? A Malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do.

Karlstad University What it is good for ? Steal personal information Steal valuable data Destroy data Denial of Service Use your computer as relay

Karlstad University Viruses A malicious piece of code that spreads itself from file to file A virus needs a host file Requires user interaction –Like opening a file Different types of viruses –Program viruses –Boot viruses –Macro viruses Infected File Virus as payload

Karlstad University Worms A malicious piece of code that spreads itself from computer to computer by exploiting vulnerabilities –A worm needs no host file –Spreads without user interaction Can spread via – attachments –LAN or Internet 2 nd generation of worms automatically search for vulnerable computers and infect them –Whole Internet can be infected in less than 20 minutes

Karlstad University Malicious Scripts Malicious scripts written in JavaScript, VBScript, ActiveX, Flash, etc Can be hidden in s or websites –Flash banners and included JavaScript files –Cross Site Script (XSS) –Cookie steal

Karlstad University Trojans “Trojan Horse” Programs with hidden malicious functionalities Appear to be screen savers, games, or other “useful” programs –“There’s an app for that!” IPhone and Android apps

Karlstad University Backdoors & Rootkits A secret entry point into a program/system that allows someone aware of the trap door to gain access without going through the usual security access procedures Backdoors –Usually left by programmers for debugging and testing purposes, intentionally or unintentionally Rootkits –Usually installed by an attacker after having gained root/administrator access –Modifies the entire system and avoids detection

Karlstad University Logical Bombs Malicious code programmed to be activated on a specific date, time or circumstances Action could be everything from formatting hard drive to display a silly message on the user’s screen Often combined with a virus/worm (e.g, Chernobyl virus)

Karlstad University Blended Threats Advanced malicious software that combines the characteristics of viruses, worms, trojans and malicious scripts are sometimes called “Blended Threats” –It’s hard to know where to draw the line Exploits one or many vulnerabilities in programs or operating system * Mick Douglas, PaulDotCom Podcast

Karlstad University Viruses 4 phases: –Dormant phase: It is idle, waiting for some event –Triggering phase: activated to perform some intended actions –Propagation phase: Copy itself into other programs –Execution phase: execute the payload

Karlstad University DOS boot Sequence ROM BIOS: locates the master boot sector Master boot sector: partition table DOS boot sector: executable codes and FAT

Karlstad University DOS bootstrap virus A bootstrap virus resides in one of the boot sectors Becomes active before DOS is operational Example: stoned virus

Karlstad University How a bootstrap virus takes control?

Karlstad University Parasitic virus Overwriting virus Appending virus

Karlstad University Companion virus Do not need to modify the original files Create a new file with a specific name

Karlstad University Lifecycle of virus A virus gets created and released The virus infects several machines Samples are sent to anti-virus companies Records a signature from the virus The companies include the new signature in their database Their scanner now can detect the virus

Karlstad University Virus hidden mechanisms Encrypt virus code with random generated keys What happens if the boot area is encrypted?

Karlstad University Virus hidden mechanisms (2) Polymorphism: randomly changes the encryption/decryption portion of a virus –Change key each time the virus starts –Change the range of plaintext –Change the location of encryption subroutine Countermeasure: scan in RAM (after self- decrypting)

Karlstad University Virus hidden mechanisms (3) Entry point changes Random execution (JMP)

Karlstad University Macro viruses Macro: an executable program embedded in a document to automate repetitive tasks. (save keystrokes) Application-dependent, e.g., MS office Cross the O.S. platform Why virus writers like macro viruses? –Easy to learn –Easy to write –Popularity of MS office

Karlstad University How macro virus works Every word document is based on a template When an existing or new document is opened, the template setting are applied first A global template: NORMAL.DOT

Karlstad University Worm Worm: self-replicating over networks, but not infecting program and files Example: Morris worm, blaster worm

Karlstad University The structure of worms Target locator (find the target) – address collector –IP/port scanner Warhead –Break into remote machines Propagation –Automatically sending s –Automatically attack remote hosts Remote control and update –Download updates from a web server –Join a IRC channel Lifecycle management –Commit suicide –Avoid repeatedly infecting the same host Payload

Karlstad University State of Worm Technology Multiplatform: Windows, unix, mac, … Multiexploit: web server, browser, ,… Ultrafast spreading: host/port scanning Polymorphic: Each copy has new code generated by equivalent instructions and encryption techniques. Metamorphic: different behavior patterns Transport vehicles: for the payloads (spread attacking tools and zombies) Zero-day exploit: self-updated

Karlstad University discussion Is it a good idea to spread worms with system patches?

Karlstad University Trojan A program with hidden side-effects that are not specified in the program documentation and are not intended by the user executing the program

Karlstad University What a trojan can do Remote administration trojans: attackers get the complete control of a PC Backdoor: steal data and files Distributed attacks: zombie network Password stealers: capture stored passwords Audio, video capturing: control devices Keyloggers: capture inputting passwords Adware: popup advertisements Logic bomb: only executed when a specific trigger condition is met

Karlstad University Familiar with your PC Startup programs/services Frequently used IP ports –20/21 FTP –23 Telnet –25 SMTP –80 WWW Netstat

Karlstad University Malware Payloads No payload Payload without damage –Only display some information Payload with little impact –Modify documents (wazzu virus) Payload with heavy impact –Remove files, format storage –Encrypting data (blackmail) –Destroy hardware (W95.CIH): rewrite flash bios DDoS attacks Steal data for profit

Karlstad University Malware naming CARO (computer antivirus researchers organization) CARO naming convention (1991).... –e.g., cascade.1701.A. Platform prefix

Karlstad University Malware defenses (1) Detection: once the infection has occurred, determine that it has occurred and locate the virus Identification: once detection has been achieved, identify the specific virus that has infected a program Removal: once the specific virus has been identified, remove the virus from the infected program and restore it to its original state

Karlstad University Malware defenses (2) The first generation scanner –Virus signature (bit pattern) –Maintains a record of the length of programs The second generation scanner –Looks for fragments of code (neglect unnecessary code) –Checksum of files (integrity checking) Virus-specific detection algorithm –Deciphering (W95.Mad, xor encrypting) –Filtering

Karlstad University Malware defenses (3) The third generation scanner –Identify a virus by its actions The fourth generation scanner –Include a variety of anti-virus techniques Collection method –Using honeypots

Karlstad University Malware in Mobile Phones Mobile phones are computers with great connectivity –Internet –WLAN –Bluetooth –Regular phone network (SMS, MMS) –RFID

Karlstad University In the future… New spreading methods: e.g., RFID Infected!

Karlstad University Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.