Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Published byJason Wood Modified over 8 years ago

Similar presentations

Presentation on theme: "Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software."— Presentation transcript:

1

2 Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software Inspector  2) Network Software Inspector

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19 Basic Steps for an Infection  Save all important data  Best: Wipe the machine-do a fresh install  If this is not possible- then try to clean it  Change all passwords  Install latest anti-virus software  Apply all patches  Turn on the Firewall  Let the NSO know so we can search for other compromised machines

20 Advanced Steps for an Infection  SecCheck  Virus Total  Malware Analysis: 1. Norman Sandbox 2. Anubis 3. CWSandbox 4. Threat Expert

21 Different Types of Infections  Virus – Relies on users to spread: email attachments, links in an email  Worm – can spread on its own  Trojan – A malicious file that appears to be legitimate  Bot – A worm that phones home to a Command & Controller so the attacker can give it instructions

22 What Do Most Infections Do?  Send Spam  Scan the network  Attack other machines – called a DDOS (Distributed Denial of Service) attack  Run a distribution server for malicious files: web server or ftp server  Set up a Phishing site  Act as a proxy for other malicious traffic  Download spyware and adware to the machine  Run a keylogger

23 Guidelines for Attempting to Clean a Machine  Install an AV tool like Symantec Anti-Virus Corporate Edition with the latest signatures and run a full scan  Other techniques/tools:  Seccheck (Windows)  netstat –anb (Windows command line)  lsof (Linux)  Ultimate Boot CD for Windows (UBCD)  Sysinternals Suite (Windows GUI)

24 Spam Proxys and SecCheck  Lawrence Baldwin is the author of seccheck and owner of mynetwatchman.com  He was directly involved in taking down a spam botnet which was responsible for sending out 5-10% of the mail on the Internet =~ about 2-10 billion spam messages per day

25 SecCheck continued  Windows forensic tool  Aids in the detection and removal of malicious software  Passive  Runs in about three-six minutes  Send me the URL for the report and I can help analyze it

26 STC Josh Leibner after running SecCheck “I'm pretty baffled as to why AV, HijackThis, and AdAware didn't catch any of this. I'll set up another appointment with the student so that I can more thoroughly clean the computer.”

27 Actual Reports for WashU IPs  http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=190837b316eedbd6aab02db074f67a77 http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=190837b316eedbd6aab02db074f67a77  http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=76a554a590f845d26fc06274d5a847c8 http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=76a554a590f845d26fc06274d5a847c8  http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=4d7ab225b5f447f6346db1f4733bbac6 http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=4d7ab225b5f447f6346db1f4733bbac6  http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=70c2f42b966fe39baf6478595d92403b http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=70c2f42b966fe39baf6478595d92403b  http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=7bc71e08adf1cf344d1689ac7a0d08a9 http://sc.mynetwatchman.com/seccheck/SubmissionStatus.js p?submissionID=7bc71e08adf1cf344d1689ac7a0d08a9

28

29

30

31

32 Use A Tool to Check for Third Party Software Vulnerabilities Like Secunia’s PSI or NSI

33

34

35

36

37

38

39

40 Useful Links:  http://www.virustotal.com/ http://www.virustotal.com/  http://www.norman.com/microsites/nsic/ http://www.norman.com/microsites/nsic/  http://anubis.iseclab.org/index.php http://anubis.iseclab.org/index.php  http://www.cwsandbox.org/ http://www.cwsandbox.org/  http://www.mynetwatchman.com/tools/sc/ http://www.mynetwatchman.com/tools/sc/  http://technet.microsoft.com/en- us/sysinternals/default.aspx http://technet.microsoft.com/en- us/sysinternals/default.aspx  http://www.ubcd4win.com/ http://www.ubcd4win.com/

41 Contact Information And More Useful Links  http://nso.wustl.edu – NSO website http://nso.wustl.edu  If you have a computer security incident email the NSO at nso@wustl.edu or directly to me at ballen@wustl.edu nso@wustl.edu  http://www.wustl.edu/policies/compolcy.html - WashU Computer Policy http://www.wustl.edu/policies/compolcy.html  www.mynetwatchman.com/tools/sc/ - Seccheck www.mynetwatchman.com/tools/sc/  www.ubcd4win.com – Ultimate Boot CD for Windows www.ubcd4win.com  www.antiphishing.org – Phishing Information www.antiphishing.org  mozilla.com – Download Firefox mozilla.com  http://www.microsoft.com/athome/security/spyware/software /default.mspx - Microsoft Defender http://www.microsoft.com/athome/security/spyware/software /default.mspx

42 Watch Out For Malicious links and attachments  Links to phishing and hacking sites, as well as malicious files, can arrive by email, instant message, web page, etc.  Know your source!  Verify before clicking.  Don’t open anything unexpected.  ~100 users were removed from the network for days because of a bot infection transmitted through an AIM link

43 Use it to identify: Phishing Malicious links And to protect personal information!

Download ppt "Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,

So Your Computer is Infected, Now What? STC/STS Tech Training 3:00-4:00, Tuesday, August 18, 2009 Brian Allen Network Security Analyst,
Investigating Malicious Software Steve Romig The Ohio State University April 2002.

Investigating Malicious Software Steve Romig The Ohio State University April 2002.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.

COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Threats To A Computer Network

Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the common cold of modern technology. One e-mail in every 200 containing.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Quiz Review.

Quiz Review.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Similar presentations

Ads by Google