viruses and internet security
TRANSCRIPT
MALICIOUS SOFTWARE AND INTERNET
SECURITYViruses, Ad-ware, Spyware,
Trojans and Worms
Ways Malware Enters a System•Malware which is purposefully used or made with the intention to damage or alter a system.•Intentional internal and external
Intentional
•Malware which is injected into a system without knowledge.•Unintentional internal and external
Unintentional
•Malware which infects a system from within.Internal•Malware which infects a system from outsideExternal
VirusesAre malicious tools,
fragments and software which spread themselves by human intervention to infect files or systems of a
network.
Types of Viruses
Polymorphic Stealth Retro
Multipartite
Armored
Companion
Phage Macro
Polymorphic Viruses
Modify themselves to avoid detection from anti-virus software.
Anti-Virus software
searches for viruses by
their signature database and
when virus mutates
signatures don’t match.
Can attack servers, hosts,
systems
Will delete files
Will mutate and encrypt
itself making it harder to
detect and remove from a
system.
Stealth Viruses
Viruses that hide themselves in critical files and folders to avoid detection.
Can attach themselves to boot
sectors of hard drives.
When system utilities or
applications run the stealth virus will
redirect commands around itself.
Will change file and folder size to avoid
detection. Anti-virus signature
databases include file size of
suspected viruses.
Retro Viruses
Viruses that completely bypass, alter and destroy anti-virus software.
Changes and corrupts anti-virus
signature or definition
database.
Will cause anti-virus software to name
critical files as viruses.
Can make your operating system
inoperable.
Multipartite Viruses
Viruses which attack a system/s in multiple ways.
Can infect all executable files and
in the process destroy application
files.
May infect boot sector of a hard
drive.
Attacks on a large scale to make sure
if parts are detected and
deleted at least one will remain.
Armored Viruses
Viruses which prevent users from quickly identifying and removing them from systems leaving the system vulnerable to other attacks.
Difficult to detect
and analyze.
Have multiple layers of protected
code.
Virus is used as a decoy to penetrate
a vulnerable system.
Will rapidly spread.
Can be very
complex and hard
to establish an origin
of the virus.
Virus of choice for Hackers
Companion Viruses
Viruses which attach themselves to legitimate programs.
Will create files with a different extension from the infected program.
Usually reside in the
temporary folder on a computer
Virus will run in place of legitimate program if
typed in RUN.
Attack the windows
registry and windows
configuration database.
Phage Viruses
Viruses which alter and modify programs and databases.
Will infect all databases on a
system.
To remove the entire infected
program must be uninstalled and all instances of that
application need to be removed.
Once small trace will trigger the spread again.
Macro Viruses
Intelligent viruses that run in software which utilize macros (word, excel).
Heavily exploited
because they can be easily
made and distributed.
Hard to detect and analyze.
Can spread onto a system by opening a dirty word or
excel file.
Newer productivity software will
disable macros by
default
Things To Know About Viruses
Anti-Virus Software will not protect you from all viruses. Treat infected computers the way you would a patient
with a cold or a fever. Viruses will mutate and spread if left untreated, and they
will also reappear if infected files are left. Viruses can damage hardware as well as software. Do not open files, folders, programs you do not
recognize. Always scan storage media before opening them up on a
system. Turn off auto-play on all system on a network. Keep virus protection software up to date. Make sure your anti-virus software protects you from
mal-ware, ad-ware, and spyware not just viruses. Scan all e-mail attachments.
Viruses Cont’d Research unknown files and software
before deleting Backup your computer and data before
making major changes. Back-up your registry if you plan to
delete registry keys from it. All viruses spread by HUMAN
INTERVENTION
Spread of Viruses
Business or Network
Marry
Diff. Networks
On and On
Flash or Media
Home Compute
r
Phil
On a nd On
Diff. Network
s
On and On
Bob
B and N
Susan
Diff. Network
On and On
P2P
David
Network
Mike
Diff. Network
On and On
Other P2P
Network
Michelle
On and On
Websites
Jack
Network
Amy
On and On
P2P
Users
Network
Clair
Network
Worms
The goal of a worm is to infect other hosts and systems from
the infected system so they can spread to system to system without human intervention.
Worms Vs. Viruses
Viruses• Spread through
Human intervention
• Destroy and alter programs, files and folders.
• Do not install backdoors
Worms• Execute malicious
code• Do not attach
themselves to system files and programs.
• Consume resources but do not corrupt or delete files.
• Install backdoors • Can release a virus• Denial of Service
Attack
Parts of a Worm
Enabling Vulnerability•Installs itself to a vulnerable system.
Propagation Mechanism•Once gains access will begin to replicate.•Finds new targets to attack.
Payload•Once in, it will release a virus or let a hacker gain access.
Steps to Mitigate Worm Attacks:
Preparation: assemble a plan of attack and resources
Classify: the type of attack
Trace Back: the origin of the attack, find patient zero
Steps to Mitigate Worm Attacks Cont’d
Find who is responsible
Trojan Horse Attacks
Masks malware as legitimate applications. When this
malware is installed into a system they release malicious
code and infect the whole system.
Examples of Trojans
Popular fake games
Popular fake anti-virus programs
Computer Maintenance software
Pop-up ads advertising software
Characteristics of Trojan Horses
Trojan Horse
Will be shown through pop-up adds without user consent
Will be misspelled
Are found in bad websites
Will always ask for you to
download filesWill say they will improve system
performance
Symptoms of a Trojan Horse Attack
Trojan
Very Slow system start up
and performance
Safe mode still assessable
Non-stop annoying pop-ups revealing found threats
Software takes a long time to
run
SPAM
Annoying files or mail that takes up disk-space and include malicious attacks. Known as Junk E-Mail.
Much of SPAM is harmless and is used to advertise goods and services.
Effects most web based email applications and services.
SPAM can introduce phishing attacks.
Phishing attacks as for personal information which can later be used to steals credit cards, receipts, and identity.
Protection From SPAMUse a trusted email service like Gmail or
one which offers spam filters. Gmail scans for viruses.
Do not open e-mails you do
not recognize.
Always scan attachments.
Always read user agreements from sites carefully most give you
options to receive e-mails. It is checked by
default.
Do not send others mail if computer is infected with spy-
ware
Do not ever send sensitive information through e-mail or any
online media unless it’s on a secure and trusted
site.
Fight SPAM with E-Mail Organization
•Use this e-mail account to send and receive work related e-mails.•Depending on your organization, they might provide you with an email account to use.
Professional Use
•Use this account when shopping online. For E-bay Amazon, Itunes.•This E-mail account will hold your online shopping receipts, shipping information, and coupons.
Consumer Use
•Use this account to talk to others from social groups, personal blogs, and twitter.•Use this e-mail to register to group networks (Facebook, Linkster and the like.
Social Groups and Blog Use
Fight SPAM with E-Mail Organization Cont’d
•Use this account when registering to sites temporaly. •Use this when registering for sites that may be unsecure. Like peer to peer sharing sites (torrents). •Use this account if you do not have other accounts made.•This is your SPAM filter account. This account will most likely have the most SPAM.
Everything Else Accoun
t
Phishing AttacksAre email attacks which can infect the computer with spam or steal sensitive information from the user.
One of the most common attacks but can easily be avoided by simply not opening up unknown email.
Phishing e-mail web links will redirect the user to malicious sites which will then install spyware on to a system.
Blocking sites using hosts files and using a good firewall can mitigate attacks.
If an email asks you to type in sensitive information than it is a phishing attack.
Genuine companies will not ask its customers to send credit card information over email.
Do not provide the following on unsecure sites, through instant
messaging, unknown emails and pop-up ads:
Credit Card Numbers
Phone Numbers or address on
pop up ads
Passwords or user names in emails or ads
Financial Information
Sensitive documents or
pictures through email
Social Security Numbers or
Identification Numbers
Anything you don’t want
someone to see.
Spy-Ware and Ad-Ware
Attempts to intercept and install malicious applications without the users knowledge.
Spy-Ware can take control, monitor and redirect personal information, surfing habits and redirect browsers to malicious sites.
Can change system configuration and exploit vulnerable systems for commercial gain.
Ad-Ware and Spy-Ware do not usually replicate.
Ad-Ware auto displays adds and pop-ups. Most are harmless but can introduce spy-ware.
Protection From Spy-Ware
Avoid torrent, pornography,
and other shady sites.
Do not ever enter personal information if you are not on an known and secure
site.
Secure sites will have an s after http://, https:// is a secure site.
Download Spybot Search and Destroy from www.cnet.com.
This will actively protect you.
Always clear your history and cookies
after browsing. Download ccleaner
from Cnet.com
Download ZoneAlarm from
cnet.com, this is one of the best free
firewalls available.
Change security settings in
browsers to meet your needs.
Download hostman and update, this will block most phishing
and fake sites.
You can also use Malware Bytes and Ad-Aware
to fight Spy-ware
Other Mal-Ware Categories
• Worms and viruses which launch when certain conditions are met.
• Can stay dormant for a long period of time.
• These are complex attacks and can go off simultaneously.
Logic Bombs
• Goal is to take over the operating system.• Will hide system information from the
Operating system making it vulnerable.• Are hard to detect and many can not be
shown on task manager.• Can be Trojans and can install themselves to
drivers.
Rootkits
Other Mal-Ware Cont’d
•Use command and control infrastructure which completely takes over a system remotely.•These are found online, are installed by worms and Trojans, hides malicious programs, exploits system, and can send sensitive information back to the controlling server
Botnets
•Attacks the DNS server and injects false information.•This can change the IP address of a website and reroute the user to a malicious site.•Hard to detect because its limited in scope. One user can be effected while the others are not.
Cache Poisoning Attack
Next Week
IP addressing and Browsing
Privately
Ports and Blocking certain
ports to stay safe. DCOM attack
Firewalls
The dangers of Social Media and Groups
Password Creation
Mobile Media and Privacy Breeches