Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security Mike O'Leary Towson University. Talk Outline Malware Viruses, Worms, Trojan Horses Phishing Spoofing IP Address, , Web Web Attacks Session.

Published byChastity Hill Modified over 7 years ago

Similar presentations

Presentation on theme: "Web Security Mike O'Leary Towson University. Talk Outline Malware Viruses, Worms, Trojan Horses Phishing Spoofing IP Address, , Web Web Attacks Session."— Presentation transcript:

1 Web Security Mike O'Leary Towson University

2 Talk Outline Malware Viruses, Worms, Trojan Horses Phishing Spoofing IP Address, Email, Web Web Attacks Session attacks, Cross Site Scripting

3 Malware Virus A program that attaches itself to the operating system, a program, or a file that enables it to move from one computer to another. Worm A program that travels from one machine to another without human interaction.

4 Malware Trojan Horse A program that purports to do one thing, but in fact does another. Adware, spyware Sony-BMG rootkit

5 Computer Viruses Three main types of viruses: Boot Sector Executable Macro

6 Computer Viruses Boot Sector Viruses The boot sector is the first sector of a hard disk or a floppy disk. When the computer is powered on, it looks at the boot sector, then loads and executes the code found there. Boot sector viruses use the boot sector to ensure that they are run before the operating system even loads. Formerly common; few new ones have been made.

7 Computer Viruses Executable viruses An executable virus inserts itself into a program so that it will be run when the program runs. Different viruses insert their code in different locations; some at the beginning, some in the middle, and some at the end of the infected program. When the virus runs, it will try to infect other programs. Formerly common; now very rare.

8 Example The Chernobyl Virus First struck in April 1999. Virus infects executable files, locating itself in unused portions of the file. On April 26, the virus would attempt to overwrite the victim's hard drive (including the boot sector). In South Korea, as many as 1,000,000 machines were infected; total losses exceeded $250 million. Numerous variants were subsequently released, with various payload dates. It accounted for ~5% of virus infections for 1999. It was still the 16 th most common virus infection in 2002.

9 Example MBP.Kynel Attacks MapInfo tables. MapInfo is a Geographic Information System. The virus is written in the MapBasic language and will start every time MapInfo starts. First found in 2003. Not a common virus.

10 Computer Viruses Macro Viruses These are written in a macro language for an application. The most common macro viruses are for Microsoft Word. First macro viruses were created in 1996. These were more common in the late 1990's than currently

11 Example The Melissa Virus Initially spread via a usenet posting in March 1999. First confirmed report- Friday March 26, 1999 By Monday March 29 over 100,000 machines were infected. One site received 32,000 copies of mail messages with the Melissa virus within 45 minutes. Microsoft closed down their email systems to contain the virus.

12 Example Melissa (ctd.) Melissa is a Microsoft Word macro virus. It is activated whenever the document is opened or closed. The macro would email copies of itself in Microsoft Word documents to fifty users from the victim's address book. A large number of variants were subsequently created.

13 Computer Worms Unlike viruses, worms can replicate themselves without human interaction. Types: Email worms Instant Messaging Worms Internet worms

14 Computer Worms Email worms These spread from machine to machine via email. Some worms use existing email programs to spread; others carry their own email program as part of the payload. Some also forge the source of the email message, making tracking the virus more difficult. These have become much more common over the past few years.

15 Example The Sobig worms Sobig.F was the most common. Sobig.F used its own mail server to send out copies of itself to email addresses found on the victim. First found on August 18, 2003; the worm disabled itself on September 10, 2003. Damage from Sobig.F exceeded $7 billion. One one day during the Sobig.F outbreak, America Online received 31 million email messages; of these 11.5 million contained Sobig.F

16 Example MyDoom First identified in January 2004. Spreads via email as well as peer-to-peer sharing networks. At its peak, up to 20% of emails were infected. Opens a back door to the machine that allows for remote control of the victim's machine. MyDoom.A launched a distributed denial of service attack against SCO. A second variant, called MyDoom.B attacked Microsoft.

17 Computer Worms Instant Messaging worms. These use features of various instant messaging services (e.g. AOL, Yahoo, MSN) to spread. Comparatively rare, but remain a serious threat.

18 Computer Worms Network worms These worms spread without messages of any sort.

19 Computer Worms Blaster Microsoft Windows operating systems use a system of Remote Procedure Calls (RPC). These are programs that listen for network connections on various ports. They are not designed to be disabled. A flaw was discovered in one of these programs. Microsoft issued a patch to fix the flaw, but not all machines were patched before the worm struck.

20 Computer Worms Blaster (ctd.) Blaster searched for computers still running the flawed program. When the flawed program was found, Blaster would copy itself to the new host. Blaster would then search for additional hosts to attack. Blaster also opened up a back door to the machine, allowing for its remote control. Blaster also began a Denial of Service attack on windowsupdate.com Microsoft changed the name of Windows Update to defend against this attack.

21 Computer Worms Slammer Targeted machines that were running Microsoft SQL Server. Some other Microsoft software included MS SQL server. The worm only needs to send one packet to a vulnerable host to infect it. Released in January 2003. The number of attacks doubled every 8½ seconds. Within 3 minutes, it was scanning 55,000,000 hosts per second. The flood of traffic knocked out 5 of the 13 root name servers for the Internet.

22 Trojan Horses A Trojan horse is a program that purports to do one thing, but in fact does another. Keyloggers Back doors Adware Spyware

23 Example I Love You Trojan Horse A Visual Basic Script When the email message is opened, the script runs. It sends itself to everyone in the victim's address book. It overwrites VB scripts on local and network drives with copies of itself. It deletes.jpg and.mp3 files, and replaces them with copies of itself. Released in May 2000 At its peak it infected 45,000,000 computers It is estimated it caused more than $10 billion in damage

24 Example The Sony-BMG rootkit In October 2005, Mark Russinovich discovered a rootkit on his system. This was installed by an audio CD's sold by Sony [Get Right With the Man, by Van Zant.] The rootkit: Hides its presence from the user / owner of the machine. Sends information about the machine back to Sony. Could not be removed [Until Sony provided a tool to do so.] Makes the machine susceptible to a virus written specifically to attack the rootkit.

25 Example Trojan.PPDropper.B July 2006 Exploits a flaw in Microsoft PowerPoint to place a a back door on the system. Not commonly seen in the wild. It seemed to be a targeted attack on unknown Asian companies. It was released the day after a group of Microsoft patches, probably to take advantage of the longest possible window of vulnerability.

26 Phishing Phishing is an attack where the attacker sends an email message purporting to be from a legitimate business, asking for information of value. Account numbers, PINs, Social Security Numbers, Identity Theft. An example:

27

28

29

30

31

32

33 Phishing Phishing attacks have become more sophisticated. There are methods to obfuscate / hide / modify the URL, in both the link and in the browser. Spear-Phishing Some attackers will concentrate on particular people or particular pieces of information.

34 Spoofing Spoofing is pretending to be someone that you are not. Types of spoofing IP address Email address Web spoofing

35 IP Spoofing What is your IP address? How do you spoof your IP address?

36

37 IP Spoofing You can send packets out, but the return traffic is not sent to you. Packet Sniffing Hubs Switch dsniff Do you need to see the return traffic? Denial of service attack. Can the traffic be predicted?

38 Email Spoofing The email address of the sender is provided by the sender. This makes this trivial to modify. You can not trust the source address of an email message!

39 Web Spoofing Typo-squatting URL modification Where does the following link point? http://google.com

40 Web Spoofing You can not trust a hyperlink that is under the control of an attacker! There are even more sophisticated ways of hiding the destination of a hyperlink- e.g. with JavaScript Browser flaws may also allow the value in the browser's address bar to be modified as well.

41 Web Sessions Web pages use HTTP as their protocol. HTTP was designed to be stateless. All connections to a web site are considered to be new connections. This became a problem when user's behavior across a sequence of web pages needed to be tracked. e.g. While shopping. To address this shortcoming, we can use a session ID. The client presents this number with each subsequent connection. The server stores this number locally.

42 Web Session Attacks An attacker who gains access to a session ID can impersonate the victim. The session ID needs to be protected! The session ID needs to be returned to the web site with each request. Cookie POST parameter GET parameter

43 Web Session Attacks Sniffing Exposure Man in the middle Session fixation

44 Web Session Attacks Sniffing If the attacker can see the traffic between the web site and the victim, and if the connection is not well encrypted, then the attacker can read the session ID as it passes between the attacker and victim. This can be prevented by using SSL.

45 Web Session Attacks Exposure Sometimes session ID's are stored as GET parameters. A GET parameter is included as a part of the URL- e.g. http://commerce.com?sessionid=12345 A user who bookmarks this link, or emails this link to a third party has exposed their session ID.

46 Web Session Attacks Man in the middle A victim clicks on a link that they think goes to a commerce site. Instead, it first goes to an attacker's computer, then it is forwarded to the commerce site. The attacker then sees the victim's session ID; moreover the attacker can terminate the connection at any time- e.g. after the billing information has been entered. SSL is no protection here- the attacker is between the victim and the destination.

47 Web Session Attacks Man in the middle These attacks can also occur when connecting to insecure access points- e.g. Wi-Fi.

48 Web Session Attacks Session Fixation Because session ID's are often stored as GET parameters, an attacker can try to convince a user to log in with a particular session ID. Consider the following link: http://commerce.com?session=12345678 This is perfectly valid. An attacker may try to convince victims to click on the link. The attacker then knows the session ID of any victim who uses this link.

49 Cross Site Scripting Many web sites allow users to post information Slashdot Blogs Comment pages on e-commerce shopping sites.

50 Cross Site Scripting What happens if the user's comment is not just a comment, but rather a piece of code? HTML- the attacker can modify the content of the visited page. Javascript- the attacker can obtain information about the victim- including session information. This is called a cross site scripting attack. Web pages that solicit user comments must implement strong filters.

51 Questions? Contact Information: Mike O'Leary Department of Mathematics Towson University Towson, MD 21252 moleary@towson.edu 410-704-4757

Download ppt "Web Security Mike O'Leary Towson University. Talk Outline Malware Viruses, Worms, Trojan Horses Phishing Spoofing IP Address, , Web Web Attacks Session."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computer Viruses.

Computer Viruses.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network

Threats To A Computer Network
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses and Worms Dragan Lojpur Zhu Fang.

Computer Viruses and Worms Dragan Lojpur Zhu Fang.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google