Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network & Computer Attacks (Part 1) January 27, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Published byMarjory Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "Network & Computer Attacks (Part 1) January 27, 2010 MIS 4600 – MBA 5880 - © Abdou Illia."— Presentation transcript:

1 Network & Computer Attacks (Part 1) January 27, 2010 MIS 4600 – MBA 5880 - © Abdou Illia

2 Objectives  Describe different types of malicious software  Discuss methods of protecting against malware attacks  Describe the types of network attacks  Identify physical security attacks and vulnerabilities 2

3 ISC* Objectives  Confidentiality  Making sure that corporate data and transactions with partners remain confidential  Integrity  Making sure that software programs, local data, and data in-transit are not altered or destroyed  Availability  Making sure that computer and network resources or services remain available for users and not disrupted  Accountability  Making sure that users are properly authenticated and their actions accounted for.  Authenticity  Also called non-repudiation. Making sure that business partner cannot deny their actions 3 * Information Security Countermeasures  C – Confidentiality  I – Integrity  A – Availability  A – Accountability/Authenticity

4 Malicious Software attacks  Common types of malware  Viruses  Worms  Trojan horses  Adware | Spyware  Logic bombs  [Web bots] 4

5 What is virus?  A virus is a malware that …  attaches itself to files on a single computer  can replicate from file to file  does not stand on its own  needs a host file – a vector - [unlike some other malware]  Does not spread across computers without human intervention (flash drive, email attachment, etc.) 5 Types of virus host / vector Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux) Volume Boot Records of floppy disks and hard disk partitions | The master boot record (MBR) of a hard disk General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms). Application-specific script files (such as Telix-scripts) System specific autorun script files (such as Autorun.inf file needed by Windows to automatically run software stored on USB Memory Storage Devices). Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, Microsoft Access database files, and AmiPro documents) ELF = Executable and Linkable Format | PDFs & images, like HTML, may link to malicious code | PDFs can also be infected with malicious code

6 Types of viruses  Based on host files  Boot sector viruses: attach themselves to files in boot sector of HD  File infector viruses: attach themselves to program files and user files  Macro viruses: attach to files with macro programs embedded.  Based on mutation techniques  Polymorphic viruses: mutate with every infection (using encryption techniques), making them hard to locate  Metamorphic viruses: rewrite themselves completely each time they are to infect new executables* 6 * metamorphic engine is needed

7 Types of viruses (cont.)  Based on deception methods  Core MS-DOS viruses: make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.  Cavity viruses  infect files without increasing their sizes or damaging the files  overwrite unused areas of executable files  Examples: CIH virus, Chernobyl Virus that are 1 KB in size infect Portable Executable files which have many empty gaps  Antivirus PID killers: kill tasks associated with antivirus  Stealth: hides itself by intercepting disk access requests by antivirus programs. 7 * metamorphic engine is needed Request OS Stealth The stealth returns an uninfected version of files to the anti- virus software, so that infected files seem "clean”. File.exe of 300 KB on a 512 KB block

8 Using Base 64 encoding to hide viruses  Base 64 encoding is used to reduce the size of e-mail attachments 8 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address (es) failed: customerservice@regions.com This message has been rejected because it has a potentially executable attachment “Price.cpl”. This form of attachment has been used by recent viruses or other malware. If you meant to send this file, then package it up as a zip file and resend it. [Message header deleted for brevity] -----------sghsfzfldbjbzqmztbdx Content-Type: application/octet-stream; name=“Price.cpl” Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=“Price.cpl” TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAgAAAAAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9nmFtIGNhbm5vdCBi ZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAABQRQRQAATAEDAA+kgUEAAAAAA OAADiELAQUMAAwAAAACAAAAAAAQBUAAAAQAAAAIAAAIAAEAAQAAAgAAB AAA ….. GWxWigppFLPigOA6Iqb3ZYDSw1XiXi1sV7d6oVtwKiyKmr4PDWUmgExWU6UOIHF6MK …. Email with the Price.cpl attached returned by server Base 64 content of Price.cpl This program cannot be run in DOS mode. User32.dll CloseHandle() CreateFileAb GetWindowsDirectory WriteFile scart kermel32.dll Shell Execute shell32 KEMEL32.DLL USER32.DLL GetProcAddress LoadLibrary ExitProcess Virtual FreeMessageBox What decoding the content reveals.

9 Using Base 64 encoding to hide viruses  Base 64 encoding is used to reduce size of e- mail attachments  Represents 0 to 63 using six bits  A is 000000 … Z is 011001  Converting base 64 strings to decimal equivalent  Create groups of 4 characters, for each group  Convert decimal value of each letter to binary  Rewrite as three groups of eight bits  Convert the binary into decimal  Commercial Base 64 encoders/decoders available  Try converting the Base 64 code below at http://www.motobit.com/util/base64-decoder-encoder.asp http://www.motobit.com/util/base64-decoder-encoder.asp 9 TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=

10 Protecting against viruses  Signature-based antivirus programs  Compare the contents of a file to a database of virus signatures  A signature is an algorithm or a hash (a number or string of characters derived from the virus code) that uniquely identifies a specific virus.  Must update signature database periodically or use automatic update feature if available 10 1)67344883409999999999 2)DF56eeb&^fgkFT&&&88jjj 3)01000010100000000000 4)78020000100000102398 5)89950-1=ddjjdfjj3k3l355 6)………………………………… 1)Sales.xls 2)Forecast.doc 3)Staff.mdb 4)Ingredients.doc 5)Committees.xls 6)Minutes.accdb 7)…………………. Viruses signaturesFiles Question: Name two kinds of situation where signature-based antivirus won’t be effective?

11 Protecting against viruses (cont.)  Heuristic-based antivirus that use generic signature  Through mutation or refinements by attackers, viruses can grow into dozens of slightly different strains called variants  Example: The Vundo trojan has evolve into two distinct family members, Trojan.Vundo and Trojan.Vundo.B  A generic signature can be generated for a virus family.  Heuristic analysis uses generic signatures to identify new malware or variants of known malware 11 Question: Is generic signature more or less accurate than a specific virus’ signature?

12 Protecting against viruses (cont.)  Heuristic-based antivirus that use virtual machines  Allow the antivirus program to simulate what would happen if the suspicious file were to be executed  Execute the questionable program or script within a specialized virtual machine  It then analyzes the execution, monitoring for common viral activities: replication, file overwrites, attempts to hide the existence of the suspicious file.  If one or more virus-like actions are detected, the suspicious file is flagged as a potential virus. 12 Question: Which of the following is likely to lead to false positive virus identifications? signature-based or heuristic-based antivirus.

13 13  Based on the descriptions, is the classification of the malware as virus correct?

14 Worms  Do not attach to files | A worm stands on its own  Self-replicating malware that can propagate across a network by themselves  Use host computer’s resources, and their own network application to send copies of itself to other computers  Types of harms:  Consuming network bandwidth. Moorris and Mydoom are notorious  Consuming host computer resourses (processing, RAM)  Delete files (e.g. ExploreZip worm)  Encrypt files (which leads to cryptoviral extortion attack)  Installing backdoor-zombie programs under control of the worm author (e.g. Sobig) 14

15 Protecting against worms  Worms spread by exploiting OS vulnerabilities  Make sure that unnecessary ports are not open  Regular OS security updates is the best protection  Other effective defense systems:  Antivirus programs  Local firewall software can block incoming worms 15 Application layer Transport layer Internet layer Interface layer Application layer Transport layer Internet layer Interface layer

16 Trojan Programs  Non-self-replicating malware  That appear to be useful programs like game, screen saver, free antivirus, etc.  But are actually backdoor or rootkits that facilitate remote access or a “take over” by a remote hacker  Once a Trojan horse is installed on a target computer, a Trojan can be used to do the following:  Keystroke logging  Data theft (e.g. passwords, credit cards information, etc)  Installing other malware  Using the host computer as part of botnet for spamming or Distributed DoS  Deleting or modifying files 16

17 17 Trojan Programs (cont.)

18 Spyware  Sends information from the infected computer to the attacker  Confidential financial data  Passwords  PINs  Any other stored data  Can registered each keystroke entered  Prevalent technology  Educate users about spyware 18

19 Adware  Similar to spyware  Can be installed without the user being aware  Sometimes displays a banner  Main goal  Determine user’s online purchasing habits  Tailored advertisement  Main problem  Slows down computers 19

20 Protecting Against Malware Attacks at the organizational level  What is/are the most effective technical solution(s) that could be implemented at the network level to deal with malware attacks?  What is/are the most effective non-technical solution(s) that could be implemented in an organization to deal with malware attacks? 20

Download ppt "Network & Computer Attacks (Part 1) January 27, 2010 MIS 4600 – MBA 5880 - © Abdou Illia."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:

Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.

September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Computer Viruses.

Computer Viruses.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.

Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google