Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware Short for malicious software and is typically used as a

Published byBrooke Campbell Modified over 6 years ago

Similar presentations

Presentation on theme: "Malware Short for malicious software and is typically used as a"— Presentation transcript:

1 Malware Short for malicious software and is typically used as a
catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al. Microsoft

2 Adware Spyware Ransomware Worm Zombie Trojan Rabbit Keylogger Rootkit Logic Bomb Virus Backdoor

3 Worm Trojan Virus Spyware Adware Ransomware Rabbit Rootkit Logic Bomb Keylogger Zombie Backdoor

4 Most serious attacks vectors 2017 (%)

5 Types of security events

6 Spam with Malware

7 Malicious programs Operate automatically
Sometimes they need initial action from the user Social engineering Propagation can be fast Difficult Detection Containment Eradication

8 History Since 1970 Creeper virus in ARPANET
“I'M THE CREEPER : CATCH ME IF YOU CAN.” Very popular in the 80s and 90s DOS and Windows The resumed with renewed strength The net $

9 Malicious code A program or part of a program that has the intent to cause damage or “unexpected” events Executables (compiled) Scripts (interpreted) Macros (series of commands) Onjectives Information stealing Eliminate import files of a system Invasive advertising (adware, spyware, spam)

10 Types Virus Worms Trojan horses Logic bombs Backdoors Rabbits Zombies

11 Virus Latin vīrus = poison Programs that modify other programs
Infection process They add them selves to other programs Requires execution “A virus is a piece of code that inserts itself into a host, including operating systems, to propagate. It cannot run independently. It requires that its host program be run to activate it” RFC 1135

12 Infection process (very simple)

13 Worm Programs that trasnport themselves across the network
They propagate as autonomous programs Very fast propagation Network and autonomy Significant threat Speed without the intervention of users Now the dividing line between virus and worms is blurred There are many worms with viral components

14 Logic Bombs One of the oldest Code embedded in genuine programs
They get activated by specific conditions Presence/absence of a file Date and time Specific events (keys) Once activated they usually cause damage Modification/deletion of files

15 Trojans They seem to have another function
There are atractive to execute Games, animations, updates Upon exetution they do something else Give access to an attacker There are used to propagate virus, create backdoors Or just cause damage

16 Zombies Program that take possession of a computer
Later the computers are used for an attack to a thrid person Typically used in DDOS attacks They exploit failures and vulneravilities of systems to get installed

17 Backdoors Secret point of access to an OS
It is usefull to bypass security of a system login/password, acceso físico, etc. Used by developers as a convenience The problem: they forget to teake them out..... Sometimes is intentional Very hard to block

18 The most popular...... Wikipedia

19 Famous worms

20 Morris worm Robert T. Morris Jr., November 1988
Post graduate student at Cornell Ph. D. de Harvard First grave incident in the Internet Infected 6000 sites Now he is a professor at MIT Overloaded the machines Sendmail hole Buffer overflow in finger 1990: Sentenced to 3 years probation, 440 horas community service and fine of $10,050 Caused the creation of CERT

21 Code Red First modern worm 359,000 machines in less than 14 hours
2,000 hosts per minute (at its peak) July 19, 2001 Still active Many mutations Attack IIS $2.5 billions in losses Microsoft released a patch in the middle of june

22 Nimda Another worm against IIS September of 2001 Still active

23 Sapphire/Slammer The fastest and most efficient
Infected the 90% of vulnerable machines (more than 75,000) in 10 minutes The complete worm was 376 bytes Random IP address to generate targets Against SQL server South Korea was down for 12 hours 500,000 servers in the world

24 Sapphire/Slammer

25 Sapphire/Slammer

26 jdbgmgr.exe virus hoax Email spam in 2002
The objective of this is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search" 2.- In the "Files or Folders option" write the name jdbgmgr.exe 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- if you find jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON 6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

27 Cryptovirology Cryptography used in virus attacks
A. Young & M. Yung, IEEE 1996 Original Thesis A. Young 1995 Give malware enhanced privacy and robustness against reverse-engineering Give the attacker better anonymity Using Public key Cryptography Stong back-doors open only with private key Access-for-sale worm Virus is encrypted, making detection very difficult Initial use of cryptovirology Germany, 1993 Communication virus-author also encrypted

28 MALATHI. R. S in Slidshare (https://pt. slideshare

29 Ransomware

30 Ransomware Attacker generates a key pair
Puts the public key in the malware file Releases the malware. (mail, web site, trojan, etc.) Once in the victim computer. It generates a random symmetric key (asymmetric ciphertext) Encrypts the victims data with such key Uses the public key to encrypt the symmetric key Deletes all the original data Display a message including the asymmetric ciphertext, explaining how to pay the ransom The victim sends the money and the asymmetric ciphertext Attacker receives payment Unencrypts the asymmetric ciphertext with with its own private key Sends the simmetric key to the victim The victim can unencrypt his/her data with the symmetric key

31 Ransomware operation

Download ppt "Malware Short for malicious software and is typically used as a"

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Lecture 13 Malicious Software modified from slides of Lawrie Brown.

Lecture 13 Malicious Software modified from slides of Lawrie Brown.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Threats To A Computer Network

Threats To A Computer Network
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
D. Beecroft Fremont High School 2009-2010 VIRUSES.

D. Beecroft Fremont High School VIRUSES.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Similar presentations

Ads by Google