Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.

Slides:

Advertisements

Similar presentations

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Advertisements

Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Computer Viruses Preetha Annamalai Niranjan Potnis.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 What is a computer virus? Computer program Replicating Problematic "Event" Types Detection and prevention.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Chapter 8: Operating Systems and Utility Programs Catherine Gifford Dan Falgares.

Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

Automated Classification and Analysis of Internet Malware M. Bailey J. Oberheide J. Andersen Z. M. Mao F. Jahanian J. Nazario RAID 2007 Presented by Mike.

Made by : Mohamed kullab DR. Sanaa el sayegh.  Most personal computers are now connected to the Internet and to local area networks, facilitating the.

Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

Malware Dynamic Analysis Veronica Kovah vkovah.ost at gmail See notes for citation1

Dealing with Malware By: Brandon Payne Image source: TechTips.com.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.

Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012.

Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.

Operating Systems Written by: Tim Keyser Georgia CTAE Resource Network 2010.

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Hands-On Virtual Computing

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Digital Rights Management: Shareware Yue Wang 24 Nov 2004.

Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

ANTIVIRUS ANTIVIRUS Author: Somnath G. Kavalase Junior Software developer at PBWebvsion PVT.LTD.

Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.

Topic 7 Malware Analysis Basics

Techniques, Tools, and Research Issues

Techniques, Tools, and Research Issues

Chapter 1. Basic Static Techniques

Techniques, Tools, and Research Issues

Techniques, Tools, and Research Issues

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Part 1: Basic Analysis Chapter 1: Basic Static Techniques

Chap 10 Malicious Software.

Chap 10 Malicious Software.

Basic Dynamic Analysis VMs and Sandboxes

Talking Malware Analysis with MITRE

Presentation transcript:

Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering

Objectives Analyzing a worm or a virus Provide a method to eliminate How to prevent from infection in future?

Overview Introduction Definition of Malware Definition of MalwareTechniques Lab Scenario Hands-on analysis of Beagle.J Hands-on analysis of Beagle.J

Introduction to Malware How? Forms of Malware Detection Techniques

Forms of Malware VirusTrojansWormsSpywareAdware

Detection Techniques Integrity Checking Static Anti-Virus (AV) Scanners Signature-based Signature-basedStrings Regular expressions Static behavior analyzer Static behavior analyzer Dynamic Anti-Virus Scanners Behavior Monitors Behavior Monitors

Malware Analysis Techniques VMWare Multiple Operating System Multiple Operating System Creates network between host and guest systems Creates network between host and guest systems Self-contained files Self-contained files Can transfer virtual machines to other PCs.vmx – configuration file.vmdk – image of hard disk

Lab Scenario Static Analysis BinText BinText Extracts strings from code IDA Pro IDA ProDissembler USD 399/user UPX UPX UPX compression/decompression

BinText Extracts strings from executables Reveals clues: IRC Commands, SMTP commands, registry keys IRC Commands, SMTP commands, registry keys

IDA Pro Disassembles executables into assembly instructions Easy-to-use interface Separates subroutines, creates variable names, color- coded Separates subroutines, creates variable names, color- coded

UPX Decompression Executable packer commonly used by virus writers Can compress wide range of files Windows PE executables, DOS executables, DOS COM files, and many more Windows PE executables, DOS executables, DOS COM files, and many more To unpack: upx.exe -d -o dest.exe source.exe upx.exe -d -o dest.exe source.exe

Decompressed Output

Process Observation Tools Process Explorer Monitor processes Monitor processesFileMon Monitor file operations Monitor file operationsRegMon Monitor operations on registry Monitor operations on registryRegshot Take snapshot of registry and filesProcDump Dump code from memory

Beagle.J Capabilities Registry/Run on startup Copies into folders containing “shared” Sends copies by Backdoor

Conclusion As you have seen there are various ways for an attacker to get malicious code to execute on remote computers We have only scratched on the surface, there are much more to learn and discover

Questions ? References Images Images Softwares Softwares BinText – IDA Pro – UPX –