Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Fundamentals

Published byImogene Montgomery Modified over 7 years ago

Similar presentations

Presentation on theme: "Computer Security Fundamentals"— Presentation transcript:

1 Computer Security Fundamentals
by Chuck Easttom Chapter 5 Malware

2 Chapter 5 Objectives Understand viruses and how they propagate
Have a working knowledge of several specific viruses Understand virus scanners Understand what a Trojan horse is Understand viruses (worms) and how they propagate, including the Sobig and Sasser types. Have a working knowledge of several specific virus outbreaks. Understand how virus scanners operate. Understand what a Trojan horse is and how it operates. © 2016 Pearson, Inc Chapter 5 Malware

3 Chapter 5 Objectives (cont.)
Have a working knowledge of several specific Trojan horse attacks Understand the buffer overflow attack Understand spyware Defend against these attacks Have a working knowledge of several specific Trojan horse attacks. Grasp the concept behind the buffer overflow attack. Have a better understanding of spyware and how it enters a system. Defend against each of these attacks through sound practices, antivirus software, and antispyware software. © 2016 Pearson, Inc Chapter 5 Malware

4 Introduction Virus outbreaks Buffer overflow attacks Spyware
How they work Why they work How they are deployed Buffer overflow attacks Spyware Other malware © 2016 Pearson, Inc Chapter 5 Malware

5 Viruses A computer virus Self-replicates Spreads rapidly
May or may not have a malicious payload Even without a malicious payload, rapid deployment may utilize network bandwidth, slowing the system down and generating a DoS. Some people would take issue with the definition, saying that it blurs the difference between a virus and a worm. But today, so many hybrids (worm/virus combos) are written that maybe it doesn’t make any difference. © 2016 Pearson, Inc Chapter 5 Malware

6 Viruses (cont.) How a virus spreads
Finds a network connection; copies itself to other hosts on the network Requires programming skill OR Mails itself to everyone in host’s address book Requires less programming skill How a virus spreads Scans the host for a network connection and copies itself to other hosts on the network. This method requires a degree of programming skill. OR Reads host’s address book, sending itself to everyone in the address book. This method requires much less programming skill. Any of these scripts are available on the web. © 2016 Pearson, Inc Chapter 5 Malware

7 Viruses (cont.) E-mail propagation More common for one major reason;
Microsoft Outlook is easy to work with. Five lines of code can cause Outlook to send s covertly. Other viruses spread using their own engine. propagation is much more common for one major reason: Microsoft Outlook is written for ease of programming and user convenience. Five lines of code can reference Outlook and send out an ! A programmer can cause Outlook to send s covertly. Other viruses spread using their own engine. © 2016 Pearson, Inc Chapter 5 Malware

8 Viruses (cont.) Network propagation. Web site delivery.
Less frequent, but just as effective Web site delivery. Relies on end-user negligence Multiple vectors for a virus are becoming more common. As virus writers become more sophisticated, the type of propagation also becomes more sophisticated. © 2016 Pearson, Inc Chapter 5 Malware

9 Viruses (cont.) Virus Types Macro Multi-Partite Armored
Memory Resident Sparse Infector Polymorphic As virus writers become more sophisticated, the type of propagation also becomes more sophisticated. © 2016 Pearson, Inc Chapter 5 Malware

10 Viruses (cont.) Symantic site information on the Sobig virus
The worm sends itself to all the addresses it finds in the .txt, .eml, .html, .htm, .dbx, and .wab files. The message has the following characteristics: From: Subject: The subject will be one of these: Re: Movies Re: Sample Re: Document Re: Here is that sample Symantic site information on the Sobig virus © 2016 Pearson, Inc Chapter 5 Malware

11 Viruses (cont.) Information on the Minmail virus from the Sophos site
W32/Mimail-A is a worm that arrives with the following characteristics: Subject line: your account <random letters> Message text: Hello there, I would like to inform you about important information regarding your address. This address will be expiring. Please read attachment for details. --- Best regards, Administrator Attached file: message.zip W32/Mimail-A spoofs the From field of the sent s using the address domain>. Inside the message.zip compressed file is another file called message.html. If this file is opened, the worm will copy itself to C:\<Windows>\exe.tmp and C:\<Windows>\videodrv.exe The worm exploits a known security vulnerability. A patch has been available from Microsoft for some months that reportedly fixes the vulnerability. Information on the Minmail virus from the Sophos site © 2016 Pearson, Inc Chapter 5 Malware

12 Viruses (cont.) Bagle (beagle) is a mass mailing worm that alters the “From” field in s and makes it appear as if it is from someone you know. Information on the Bagle virus from the internet.com site © 2016 Pearson, Inc Chapter 5 Malware

13 Viruses (cont.) Virus hoaxes from the McAfee site
There are 94 hoaxes listed on this page alone. Virus hoaxes from the McAfee site © 2016 Pearson, Inc Chapter 5 Malware

14 Viruses (cont.) Wikipedia information on Robert Tappan Morris, Jr.
Some conspiracy theorists have noted that the story of Robert Morris would not be complete without mentioning his father, Robert Morris, who at the time of the release of the Morris Worm was the Chief Scientist of the NSA. He had a habit of bringing home neat things for his son to play with (like one of the original Enigma Code machines), so perhaps his son got his hands on a fledging NSA project? Maybe. Or perhaps he had something to prove to his father? Wikipedia information on Robert Tappan Morris, Jr. © 2016 Pearson, Inc Chapter 5 Malware

15 Viruses (cont.) Examples Rombertik Gameover ZeuS FakeAV
Rombertik wreaked havoc in This malware uses the browser to read user credentials to websites Gameover ZeuS is a virus that creates a peer-to-peer botnet. Essentially, it establishes encrypted communication between infected computers and the command and control computer, allowing the attacker to control the various infected computers. This virus first appeared in July It affected Windows systems ranging from Windows 95 to Windows 7 and Windows server This was a fake antivirus (thus the name FakeAV) that would pop up fake virus warnings. This was not the first such fake antivirus malware, but it was one of the more recent ones. © 2016 Pearson, Inc Chapter 5 Malware

16 Viruses (cont.) Rules for avoiding viruses: Use a virus scanner.
DO NOT open questionable attachments. Use a code word for safe attachments from friends. Do not believe “Security Alerts.” There's plenty of free antivirus software on the Web – get some! If friends send attachments, have a code word in the subject line, indicating that the attachment is safe. Note that this “code word” concept is good, but difficult to implement, especially among numerous people. © 2016 Pearson, Inc Chapter 5 Malware

17 Ransomeware Examples Cryptolocker Cryptowall
One of the most widely known examples of ransomeware is the infamous CryptoLocker, first discovered in CryptoLocker utilized asymmetric encryption to lock the user’s files. Several varieties of CryptoLocker have been detected. CryptoWall is a variant of CryptoLocker first found in August It looked and behaved much like CryptoLocker. In addition to encrypting sensitive files, it would communicate with a command and control server and even take a screenshot of the infected machine. By March 2015 a variation of CryptoWall had been discovered that is bundled with the spyware TSPY_FAREIT.YOI and actually steals credentials from the infected system, in addition to holding files for ransom. © 2016 Pearson, Inc Chapter 5 Malware

18 Trojan Horses A program that looks benign, but is not
A cute screen saver or apparently useful login box can Download harmful software. Install a key logger . Open a back door for hackers. Example: It is simple for a script kiddy to download a VB script that canmimic a bank’s logon screen. © 2016 Pearson, Inc Chapter 5 Malware

19 Trojan Horses (cont.) Competent programmers can craft a Trojan horse:
To appeal to a certain person or To appeal to a certain demographic Company policy should prohibit unauthorized downloads. Competent programmers can craft a personally appealing Trojan horse or one that would appeal to a certain demographic. Company security policy should prohibit any unauthorized downloads. Odds are that in a freely downloading environment, someone will eventually download a Trojan. This could spread to other hosts on the network. In the form of a logic bomb, deployed by the Trojan, the effect could be devastating. © 2016 Pearson, Inc Chapter 5 Malware

20 Trojan Horses (cont.) Still-valid CERT advisory on Trojan horses
The CERT advisory is old, but the only thing that has changed with Trojans is the creative use of them. No one has come up with a better way of doing it, just different ways of using it. Still-valid CERT advisory on Trojan horses © 2016 Pearson, Inc Chapter 5 Malware

21 Trojan Horses (cont.) Competent programmers can craft a Trojan horse:
To appeal to a certain person or To appeal to a certain demographic Company policy should prohibit unauthorized downloads. Competent programmers can craft a personally appealing Trojan horse or one that would appeal to a certain demographic. Company security policy should prohibit any unauthorized downloads. Odds are that in a freely downloading environment, someone will eventually download a Trojan. This could spread to other hosts on the network. In the form of a logic bomb, deployed by the Trojan, the effect could be devastating. © 2016 Pearson, Inc Chapter 5 Malware

22 The Buffer Overflow Attack
EliteWrap. There are a number of tools, some free for download, that will help a person create a Trojan horse. One that I use in my penetration testing classes is eLiTeWrap. It is easy to use. Essentially, it can bind any two programs together. Using a tool such as this one, anyone can bind a virus or spyware to an innocuous program such as a shareware poker game. This would lead to a large number of people downloading what they believe is a free game and unknowingly installing malware on their own system © 2016 Pearson, Inc Chapter 5 Malware

23 The Buffer Overflow Attack (cont.)
Vulnerability Details LSASS Vulnerability - CAN : A buffer overrun vulnerability exists in LSASS that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of the affected system. A Microsoft Security Bulletin on a buffer overflow attack © 2016 Pearson, Inc Chapter 5 Malware

24 The Buffer Overflow Attack (cont.)
A source on the web for learning how to write buffer overflows! Web tutorial for writing buffer overflows © 2016 Pearson, Inc Chapter 5 Malware

25 Spyware Requires more technical knowledge
Usually used for targets of choice Must be tailored to specific circumstances Must then be deployed Spyware requires a more sophisticated perpetrator. It is not usually used for targets of opportunity, but for targets of choice. It must be created or tailored to a specific set of circumstances, and then deployed. © 2016 Pearson, Inc Chapter 5 Malware

26 Spyware (cont.) Forms of spyware Web cookies Key loggers
Web cookies – Recording a few facts to return to a Web site Key loggers – Recording everything you type, including all your usernames and passwords plus all of your files and documents This information is logged to a log file and uploaded or even ed to the perpetrator at his convenience. There are many more types of spyware. What about the one that looks for a particular type of web cam and then turns it on when it wants, such as when you are in the room? © 2016 Pearson, Inc Chapter 5 Malware

27 Spyware (cont.) Legal Uses Illegal Uses
Monitoring children’s computer use Monitoring employees Illegal Uses Deployment will be covert When monitoring employees, make sure you have an acceptable use policy that everyone has signed informing them that there will be employee monitoring. When monitoring your kids, you are on your own! © 2016 Pearson, Inc Chapter 5 Malware

28 Spyware (cont.) Example of free spyware removal software
This is just one example of a free spyware remover. Many more Web sites with free antispyware exist, in addition to the ones mentioned in the text. Example of free spyware removal software © 2016 Pearson, Inc Chapter 5 Malware

29 Other Forms of Malware Rootkit A collection of hacking tools that can
Monitor traffic and keystrokes Create a backdoor Alter log files and existing tools to avoid detection Attack other machines on the network Rootkit is a collection of hacking tools. After getting root (administrative-level access), the rootkit is installed. It has various tools that may do the following: Monitor traffic and keystrokes Create a backdoor Alter log files and existing tools to avoid detection Attack other machines on the network © 2016 Pearson, Inc Chapter 5 Malware

30 Malicious Web-Based Code
Web-Based mobile code Code that is portable on all operating systems Multimedia rushed to market results in poorly scripted code Spreads quickly on the web Web-based mobile code is code that is portable on all operating systems, such as HTTP or JAVA, and also has a malicious payload. As the market calls for more and more interactive multimedia experiences, a rush to market results in poorly scripted code. The web increases the mobility of these untrustworthy programs. Consumers love all the fun things. Security techs are nervous about ActiveX, VBScript, and so forth. © 2016 Pearson, Inc Chapter 5 Malware

31 Logic Bombs Go off on a specific condition Often date
Can be other criteria On October 29, 2008, a logic bomb was discovered in the company’s systems. This logic bomb had been planted by a former contractor, Rajendrasinh Makwana, who had been terminated. The bomb was set to activate on January 31, 2009 and completely wipe all of the company’s servers © 2016 Pearson, Inc Chapter 5 Malware

32 APT Advanced Persistent Threat Advanced techniques, not script kiddy’s
Ongoing over a significant period of time The security firm Mandiant tracked several APTs over a period of 7 years, all originating in China[md]specifically, Shanghai and the Pudong region. These APTs were simply named APT1, APT2, and so on. The attacks were linked to the UNIT of China’s Military. The Chinese government regards this unit’s activities as classified, but it appears that offensive cyber warfare is one of its tasks. Just one of the APTs from this group compromised 141 companies in 20 different industries. APT1 was able to maintain access to victim networks for an average of 365 days, and in one case for 1,764 days. APT1 is responsible for stealing 6.5 terabytes of information from a single organization over a 10-month time frame. We will discuss the Chinese attack in more detail in Chapter 12 as part of our discussion of cyber terrorism and information warfare. © 2016 Pearson, Inc Chapter 5 Malware

33 Detecting and Eliminating Viruses and Spyware
Antivirus software operates in two ways: Scans for virus signatures Keeps the signature file updated Watches the behavior of executables Attempts to access address book Attempts to change Registry settings Get antivirus software and use it! © 2016 Pearson, Inc Chapter 5 Malware

34 Detecting and Eliminating Viruses and Spyware (cont.)
Anti-spyware software Click on any of these links to show a trial version. © 2016 Pearson, Inc Chapter 5 Malware

35 Summary There are a wide variety of attacks.
Computer security is essential to the protection of personal information and your company’s intellectual property. Most attacks are preventable. Defend against attacks with sound practices plus antivirus and antispyware software. © 2016 Pearson, Inc Chapter 5 Malware

Download ppt "Computer Security Fundamentals"

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Viruses.

Viruses.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google