Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao.

Published byAshley Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao."— Presentation transcript:

1 Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao & Shambhu Upadhyaya Presented by: Abdallah Rasheed Spring 08

2 Copyright © 2006, Idea Group Inc. 2 Outline Types Malware. Approach to antivirus S/W implementation. Mechanism of virus/antivirus.

3 Copyright © 2006, Idea Group Inc. 3 Malware “short for malicious software and is typically used as a catch-all term to refer to the class of software designed to cause damage to any device”. Ex: – a virus, a worm, a Trojan, spyware, or backdoor.

4 Copyright © 2006, Idea Group Inc. 4 Malware impact Increases business risk. Reduces productivity. Loss of customer confidence. Time consuming. Cost of antivirus / firewalls.

5 Copyright © 2006, Idea Group Inc. 5 Malware history 1986, “Pakistani Brain” virus. 1987, “ Merry Christmas” worm. 1988, “Morris worm”. 1990s, more complex viruses. – OS executable. – Network/protocol worms.

6 Copyright © 2006, Idea Group Inc. 6 Antivirus Solution: The Layered Approach: – Layer 1: Gateway and content security – Layer 2: Intranet servers – Layer 3: Desktops and user community Figure 1. Three-layer defense in enterprise network

7 Copyright © 2006, Idea Group Inc. 7 Layer 1 — Gateway Security and Content Security Deals with the internet visible servers & “Demilitarized Zone “DMZ. – Gateway Traffic: Firewall filters. – Content Scanning: Email attachment. Scan emails for a text. Spam emails.

8 Copyright © 2006, Idea Group Inc. 8 Layer 2 — Intranet Servers Email servers – Virtual Private Network (VPN) – Remote Access Server (RAS) Proxy servers. File servers. – Risk minimizing. – Increasing of storage space.

9 Copyright © 2006, Idea Group Inc. 9 Layer 3 — Desktop and User Community Sources of virus infection: – The use of Webmail. – Instant messaging tools. – peer-to-peer file sharing – downloads from the Internet. Administrator privileges Automated scan. Educating user.

10 Copyright © 2006, Idea Group Inc. 10 Antispyware in Enterprise Network Symptoms of spyware: – unauthorized pop-up advertisements making Web browsing difficult; – sudden change in the performance of the computer slowing it down considerably. – appearance of new and unwanted toolbar on the browser without installation. – increased crashing of operating systems, Web browsers.

11 Copyright © 2006, Idea Group Inc. 11 Why Antispyware Increased IT support costs. Theft of intellectual property; Privacy violations. Information disclosure. loss of credibility and damage to the organization.

12 Copyright © 2006, Idea Group Inc. 12 Antivirus detection techniques Pattern Recognition – examines key suspect areas and uses the virus pattern file to compare and detect viruses. Integrity Checking – Initial records of the status of all files on HDD. – Check summing programs to detect changes. – Possibility of virus; – Otherwise; False alarms.

13 Copyright © 2006, Idea Group Inc. 13 Cont. Techniques X-Raying – See the picture of a virus body – Based on the encryption algorithm 32-Bit Viruses and PE File Infectors – Windows 95 that uses 32-bit OS. – PE file infector run themselves each time the host file is executed.

14 Copyright © 2006, Idea Group Inc. 14 Cont. Techniques Entry Point Obscuring (EPO) – Places “ Jump-to-Virus” Instruction in the code. – Insert a viral code in un used space in the file. – Detection is more complex. Encrypted Virus – Has virus decryption body routine & the encrypted body. – Decryption of the virus body.

15 Copyright © 2006, Idea Group Inc. 15 Cont. Techniques Polymorphic Viruses – A mutation engine generates randomized decryption techniques each time the virus infects a new program. – No fixed signature and no fixed decryption routine. – Decryption routine is time consuming.

16 Copyright © 2006, Idea Group Inc. 16 Polymorphic Detection Generic decryption. “A scanner loads the file being scanned into a self- contained virtual container created in the RAM” – When an infected file is executed, the decryption routine executes. – The virus decrypts itself, exposing the virus body to the scanner. – The scanner Identify the virus signature.

17 Copyright © 2006, Idea Group Inc. 17 Heuristic-Based Generic Decryption – a generic set of rules that helps differentiate non- virus from virus behavior. – Inconsistencies may led to the presence of an infected file – Running for long period, exposes the virus body.

18 Copyright © 2006, Idea Group Inc. 18 Anti-Emulation Emulation is to allow the virus to run inside a virtual computer to decrypt itself and reveal its code. anti-emulation systems are incorporated into the decryptor of a virus so that it does not decrypt properly and hence will not reveal its code.

19 Copyright © 2006, Idea Group Inc. 19 Retrovirus Tries to bypass the antivirus by: – modifying the code of an antivirus program file – stopping the execution of the program – using methods in the virus code that cause problems for antivirus. – exploiting a specific weakness or a backdoor in an antivirus.

20 Copyright © 2006, Idea Group Inc. 20 Backdoor “ Trojan allows access to computer resources using network connection” Hackers download scripts onto PCs, essentially hijacking them, and then use them to launch a denial-of service attack. Those PCs become slave computers.

21 Copyright © 2006, Idea Group Inc. 21 Virus Infection Cycle of W32/Gobi PE virus, written in assembly. Infects (.exe) files in windows directory. Changing the registry file. – Once the registry hook is done, Gobi infects programs launched from Windows Explorer before letting them run.

22 Copyright © 2006, Idea Group Inc. 22 Conclusions Malicious code and Internet-based attacks keep increasing, some of the future forecasts regarding malware are: – Spam mails, phishing will continue to be a major concern in e-mail usage. – Social engineering is emerging as one of the biggest challenges, as there is no technical defense against the exploitation of human weaknesses. – The time between vulnerability disclosure and release of malware exploiting the vulnerability continues to get shorter, requiring more proactive assessment tools.

23 Copyright © 2006, Idea Group Inc. 23 References Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues, by Merrill Warkentin and Rayford Vaughn, Idea Group Inc. Argaez, E. D. (2004). How to prevent the online invasion of spyware and adware. March 25, 2008,

Download ppt "Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Adware and Spyware. Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide.

Adware and Spyware. Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Protecting People and Information: Threats and Safeguards

Protecting People and Information: Threats and Safeguards

Similar presentations

Ads by Google