Windows Malware: Detection And Removal TechBytes Tim Ramsey.

Slides:

Advertisements

Similar presentations

Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:

Advertisements

Thank you to IT Training at Indiana University Computer Malware.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

7 Effective Habits when using the Internet Philip O’Kane 1.

Spyware & It’s Remedies CS 526 Research Project Spring 2008 Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Introduction to Security Computer Networks Computer Networks Term B10.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

1 Computer Security: Protect your PC and Protect Yourself.

Chapter Nine Maintaining a Computer Part III: Malware.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

With Microsoft Windows 7© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Windows 7.

Security for Seniors SeniorNet Help Desk

Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.

Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Protecting Your Computer & Your Information

What is Malware? Definition: Definition: A generic term used to describe any form of malicious software; e.g., Virus, Trojan horse, Spyware, Adware, Malicious.

How to Avoid Spyware By Hottman Computers & Consulting Co

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Anti-Spyware Solutions for MIT IT Partners Conference, April 19, 2005 Jonathan Hunt Senior Manager Software Service, IS&T.

Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.

Return to the PC Security web page Lesson 5: Dealing with Malware.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Rootkits What are they? What do they do? Where do they come from?

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

What is Spam? d min.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Computer Skills and Applications Computer Security.

Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.

Understand Malware LESSON Security Fundamentals.

Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

Malware Fighting Spyware, Viruses, and Malware Ch 1 -3.

Bay Ridge Security Consulting (BRSC). Importance in Securing System  If don’t keep up with security issues or fixes Exploitation of root access Installation.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

By: Matthew Newsome.  The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.

Internet Safety Topic 2 Malware Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other dangerous software exists, such.

DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

For more information on Rouge, visit:

Botnets A collection of compromised machines

Botnets A collection of compromised machines

Presentation transcript:

Windows Malware: Detection And Removal TechBytes Tim Ramsey

Computer Security! What is “malware”? How does malware get on my PC? How do I get rid of malware? Resources

What Is “Malware”? “Malicious Software” Includes: –Viruses, worms, Trojan horses –Spyware –Remote-control software –“Botnets” –Rootkits The lines are getting blurry

Viruses, Worms, Trojan Horses Viruses: modify executables and documents; we humans do the rest Worms: self-replicating programs Trojan Horses: still fooling us after all these years

Spyware Installed with or without your knowledge and consent –Do you read the entire EULA? –I do (except the French part) Tracks URLs visited, information entered into forms Can even monitor secure ( pages

Spyware, Cont. Keyboard loggers: capture passwords, PINs, account numbers Organized crime loves this stuff

Remote–Control Software Windows Remote Assistance VNC, Radmin Netbus, BackOrifice

Botnets “The single greatest threat facing humanity” Quickly becoming a top problem on campus Hordes of infected “drone” hosts Used for spam relay, DDOS, scanning, infection

Botnets, Cont. Spreading via IM, , compromise Installs remote-control software Connects to central server to announce presence and await commands Allows “Botmaster” to control 100, 1000, infected hosts with simple commands Continually evolving

Botnets, Cont. 2 Network connections are initiated by the drone hosts Uses common protocols: HTTP, IRC, FTP Starting to see stealth techniques employed to hide infection (rootkits), communications (SSL, steganography) Tremendous incentives for Botmasters to grow, maintain, defend their horde You don’t want this on your computer

How Does Malware Get On My PC? Compromise –Security vulnerabilities –Browser vulnerabilities –Open file shares Social Engineering –People click on the darndest things –Packaged with other software

How Do I Get Rid Of Malware? Best: Don’t get infected –Antivirus –OS and application patches –Enable Windows Firewall –Healthy paranoia Don’t run files that friends or strangers send to you! Don’t install random software from the Web Um, yeah. I still got infected. What now?

Malware Removal Safest: “R/R” Reformat / Reinstall are necessary if the infection contains a remote control component –No telling what has been installed, changed –SIRT policy –A botnet infection means R/R is mandatory Otherwise, try to identify the infection

Identifying The Infection Anti-Virus software scan Anti-Spyware scan –Spybot Search & Destroy –Microsoft Windows AntiSpyware (Beta) –AdAware Other, more specialized, tools

Removing The Infection Are you sure you wouldn’t rather R/R? If you’ve identified the infection, look for a removal tool –Symantec, McAfee, other AV vendors –Google search (but be careful) When in doubt, reformat and reinstall

A Note About Reformat / Reinstall Back up your data first Practically every OS is vulnerable to network compromise during installation –Unplug the computer from the network –Install OS, service packs, patches from CD –Enable Windows Firewall –Install SAV from CD –Set administrator password –Then plug back in

Rootkits: Making Life Harder Pre-packaged software to hide malware Freely obtainable (rootkit.org) There are even commercial packages! Insert hooks into system, kernel Trap program calls to list directory contents, running processes, registry entries Filter out what the bad guys don’t want you to see

Detecting Rootkits Look for the hooks Look for known file names, processes Look for what’s being hidden Difficult to do, getting more difficult Tools exist to do this, but most don’t detect everything Hot topic of research for both sides

Removing Rootkits Are you sure you wouldn’t rather R/R? Removal tools exist for most rootkits Deep magic, requiring wizardry and time

Resources K-State provided antivirus software – Spybot Search & Destroy – Microsoft Windows Antispyware (Beta) – ware/software/ ware/software/

Resources, Cont. Rootkit Detection – – ootkitreveal.shtmlhttp:// ootkitreveal.shtml K-State configuration for XP Firewall – 274http://knowledgebase.itac.ksu.edu/art.asp?id= 274 SANS Top 20 –

Questions?

Thanks For Coming! (I hope today wasn’t too taxing)

This Slide Intentionally Left Blank