Investigating Malicious Software Steve Romig The Ohio State University April 2002.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Mountain Lion Security Mac OS X Strong Passwords Every Mac needs a login name and password Every user on every Mac should have their own account.
The Malware Life Cycle. The Fascinating World of Infections.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Computer Viruses.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Format Scandisk Defragmentation Antivirus Compression Software
Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Threats to I.T Internet security By Cameron Mundy.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Staying Safe Online Keep your Information Secure.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
CIS 450 – Network Security Chapter 3 – Information Gathering.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Security at NCAR David Mitchell February 20th, 2007.
Attack Plan Alex. Introduction This presents a step-by-step attack plan to clean up an infected computer This presents a step-by-step attack plan to clean.
Viruses Hacking Backups Computer safety... Viruses A computer virus is a piece of program code that makes copies of itself by attaching itself to another.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
What is Spam? d min.
Don’t let them catch your computer!!!!!
By: Symone Lee Noah Smith Sydney Quesada MYP Technology Period 8/9 Mr.Ochs.
Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Malware Fighting Spyware, Viruses, and Malware Ch 1 -3.
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Uploading Web Page  It would be meaningful to share your web page with the rest of the net user.  Thus, we have to upload the web page to the web server.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Internet Safety Topic 2 Malware Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other dangerous software exists, such.
By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Cyber Info Gathering Techniques
Backdoor Attacks.
Information Security Session October 24, 2005
Chap 10 Malicious Software.
Chap 10 Malicious Software.
How to install and manage exchange server 2010 OP Saklani.
Presentation transcript:

Investigating Malicious Software Steve Romig The Ohio State University April 2002

Malware Analysis Got a piece of *something*, what does it do? In our case, an attachment Not recognized by "usual" anti-virus scanners

Run UNIX "strings" Sometimes useful, sometimes misleading Do Google searches on what turns up Try to determine what it does by symbol names, included libraries, include files, etc. Nothing useful here, that I remember - self-extracting UPX file

Try Running It Danger, Danger!! It Might Do “Bad Things”(tm) –To the computer it is running on –To other computers –Tip off the perpetrators?

So, You Should... Create a clean test machine… Detached from network… Run malware there Don't reuse this for other tests –Hard to figure out what changes are due to what malware –Might screw up subsequent tests

VMWare! Create a virtual machine Install the host operating system, patches, applications as needed *Make a snapshot* of the virtual disk Squirrel your snapshots away somewhere

VMWare (continued) To create a clone: –make a directory –restore files –change config as needed –boot I use a read-only "airlock" with host-only access to pass files back and forth.

Run the Malware No net access, of course System, library call tracers lsof, handlex filemon, regmon (windows only) tcpdump, ethereal

In Our Case Malware makes some registry changes Installs something that starts at login Apparently checks a web site every minute

Create a Fake Network Attempts to resolve an IP Address –We create a fake DNS entry, try again Attempts to connect to tcp/80 at that IP –Web traffic? Create a fake web server, try again Attempts to Download nethief_connect.htm –Search the real web site (found it, but risky) –Search on web (Google)

Google, Babelfish are Your Friends! Got the zip file (finally) It has a readme! (let’s see) Install the application (let’s see) The application web site is down :-(

Google caching, Archive.org to the Rescue! Google caches pages that it has searched, which can be useful Archive.org caches pages (when?) It is (unfortunately) messy dealing with pages cached in archive.org that need to be translated

What Does This Thing Do - Attacker End Install, run application Configure –web site –ftp address, account, password for updating web site Updates web site once a minute with current IP Create the trojan Infect someone

What Does This Thing Do - Victim End Get infected :-) Runs at login Checks web site once a minute Sends "hey, I'm here" traffic to indicated IP address –Shows up on attacker's console

Attacker Selects a Target Click on it in list of active victims Inserts instructions on the web site Intended victim downloads the instructions, connects to tcp/80 on the host where the console is currently running Can now read, write, modify any file

Interesting Notes Works "just fine" behind firewalls There appear to be virus populations that are "known" to only parts of the Internet.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.