Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

Slides:

Advertisements

Similar presentations

Let’s Talk About Cyber Security

Advertisements

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

7 Effective Habits when using the Internet Philip O’Kane 1.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Trojan Horse Program Presented by : Lori Agrawal.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

Virus Encyption CS 450 Joshua Bostic. topics Encryption as a deterent to virus scans. History of polymorphic viruses. Use of encryption by viruses.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

A sophisticated Malware Arpit Singh CPSC 420

Unit 2 - Hardware Computer Security.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Viruses & Destructive Programs

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

C HAPTER 5 General Computer Topics. 5.1 Computer Crimes Computer crime refers to any crime that involves a computer and a network. Net crime refers to.

Introduction of Internet security Sui Wang IS300.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.

Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.

Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.

Computer Viruses By Aidan Leitch and Eli Miloff. Background Info The first virus on the PC was created in Pakistan in 1986 by the Farooq Alvi brothers.

VirusesViruses HackingHacking Back upsBack ups Stuxnet Stuxnet.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Avoiding viruses and malware A quick guide. What is malware?  A virus and malware are the same thing  Spyware  Worm  Trojan  Virus.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Topic 5: Basic Security.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Computer Security By Duncan Hall.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

By: Matthew Newsome.  The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Chapter SOFTWARE Are the programs which are written by different programming languages. These programs are: a series of instruction that tells.

PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

Evolution of Computer Viruses A Technical Presentation by: Logan Kallop.

Travis Deyarmin. In This Presentation  What is Stuxnet  What is Flame  Compare/Contrast  Who is Responsible  Possible Repercussions.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Computer safety Filip Hruby.

WannaCry/WannaCrypt Ransomware

Evolution of Computer Viruses

Network Security Fundamentals

Cybersecurity Case Study STUXNET worm

Chap 10 Malicious Software.

Forensics Week 12.

Object Oriented Programming and Software Engineering CIS016-2

Chap 10 Malicious Software.

WJEC GCSE Computer Science

Presentation transcript:

Flame: Modern Warfare Matthew Stratton

What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications

Flame’s Discovery This is not the malware you are looking for

Kaspersky Labs April, 2012 National Iranian Oil Company infected by an unknown virus International Telecommunication Union asked Kaspersky to investigate Looked for a virus called “Wiper” but found something much worse

New Malware: Flame Kaspersky labs named the new virus “Flame” after the name of one of the prominent modules

Infected Most infected computers found in the Middle East A few infections found in Europe

Tried and True Flame has been in the wild a long time Evidence of Flame’s use as far back as August 2010 –Avoided detection for 20+ months Likely much older, some evidence suggests earlier versions as early as 2007

Flame’s Capabilities Spy in a Box

What is Flame Sophisticated attack toolkit: backdoor, trojan, worm Avoids detection Modular: –Small infection module downloads extra modules once it compromises a system –With all known modules: ~20 MB in size –Wiper may be a Flame module

Infect Signed by fraudulent certificate supposedly from Microsoft Enforced Licensing Intermediate PCA certificate authority Infection module will modify itself to avoid antivirus detection Large size makes it hard to determine that Flame is doing anything malicious

Gather Once a machine is infected, attack modules downloaded from C&C server depending on the target system Sniff network traffic and gather information on Bluetooth devices in range –Could lead to customized attacks in the future

Gather Take screenshots when “interesting” applications are running Turn on built in mic and record audio conversations Key logger Record Skype conversations Gather local files stored on computer, including info from databases

Spread On command of the operator (C&C server)

Notorious Similarities Stuxnet and Duqu

Sophistication Exploit same vulnerabilities –Print spooler –USB infection methods –Not seen anywhere else

Different Developers Different programming language Different software architecture Hypothesis: –Developed in parallel with Stuxnet and Duqu by different teams –Access to same database of vulnerabilities –Both commisioned by same group

Implications The Dawn of Cyber Warfare

Cyber Warfare "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." Developed by a nation state –Complexity –Goals –Targets

Creators Leaked documents and inside sources claim it was a project started by George W. Bush and continued by President Obama –Olympic Games –Developed with Israel No one has openly claimed responsibility

Fin Finding Flame Flame’s functionality Connections to Stuxnet and Duqu Implications: Cyber Warfare

Questions?