MALICIOUS SOFTWARE AND INTERNET

SECURITYViruses, Ad-ware, Spyware,

Trojans and Worms

Ways Malware Enters a System•Malware which is purposefully used or made with the intention to damage or alter a system.•Intentional internal and external

Intentional

•Malware which is injected into a system without knowledge.•Unintentional internal and external

Unintentional

•Malware which infects a system from within.Internal•Malware which infects a system from outsideExternal

VirusesAre malicious tools,

fragments and software which spread themselves by human intervention to infect files or systems of a

network.

Types of Viruses

Polymorphic Stealth Retro

Multipartite

Armored

Companion

Phage Macro

Polymorphic Viruses

Modify themselves to avoid detection from anti-virus software.

Anti-Virus software

searches for viruses by

their signature database and

when virus mutates

signatures don’t match.

Can attack servers, hosts,

systems

Will delete files

Will mutate and encrypt

itself making it harder to

detect and remove from a

system.

Stealth Viruses

Viruses that hide themselves in critical files and folders to avoid detection.

Can attach themselves to boot

sectors of hard drives.

When system utilities or

applications run the stealth virus will

redirect commands around itself.

Will change file and folder size to avoid

detection. Anti-virus signature

databases include file size of

suspected viruses.

Retro Viruses

Viruses that completely bypass, alter and destroy anti-virus software.

Changes and corrupts anti-virus

signature or definition

database.

Will cause anti-virus software to name

critical files as viruses.

Can make your operating system

inoperable.

Multipartite Viruses

Viruses which attack a system/s in multiple ways.

Can infect all executable files and

in the process destroy application

files.

May infect boot sector of a hard

drive.

Attacks on a large scale to make sure

if parts are detected and

deleted at least one will remain.

Armored Viruses

Viruses which prevent users from quickly identifying and removing them from systems leaving the system vulnerable to other attacks.

Difficult to detect

and analyze.

Have multiple layers of protected

code.

Virus is used as a decoy to penetrate

a vulnerable system.

Will rapidly spread.

Can be very

complex and hard

to establish an origin

of the virus.

Virus of choice for Hackers

Companion Viruses

Viruses which attach themselves to legitimate programs.

Will create files with a different extension from the infected program.

Usually reside in the

temporary folder on a computer

Virus will run in place of legitimate program if

typed in RUN.

Attack the windows

registry and windows

configuration database.

Phage Viruses

Viruses which alter and modify programs and databases.

Will infect all databases on a

system.

To remove the entire infected

program must be uninstalled and all instances of that

application need to be removed.

Once small trace will trigger the spread again.

Macro Viruses

Intelligent viruses that run in software which utilize macros (word, excel).

Heavily exploited

because they can be easily

made and distributed.

Hard to detect and analyze.

Can spread onto a system by opening a dirty word or

excel file.

Newer productivity software will

disable macros by

default

Things To Know About Viruses

Anti-Virus Software will not protect you from all viruses. Treat infected computers the way you would a patient

with a cold or a fever. Viruses will mutate and spread if left untreated, and they

will also reappear if infected files are left. Viruses can damage hardware as well as software. Do not open files, folders, programs you do not

recognize. Always scan storage media before opening them up on a

system. Turn off auto-play on all system on a network. Keep virus protection software up to date. Make sure your anti-virus software protects you from

mal-ware, ad-ware, and spyware not just viruses. Scan all e-mail attachments.

Viruses Cont’d Research unknown files and software

before deleting Backup your computer and data before

making major changes. Back-up your registry if you plan to

delete registry keys from it. All viruses spread by HUMAN

INTERVENTION

Spread of Viruses

Business or Network

Marry

Diff. Networks

On and On

Flash or Media

Home Compute

r

Email

Phil

On a nd On

Diff. Network

s

On and On

E-mail

Bob

B and N

Susan

Diff. Network

On and On

P2P

David

Network

Mike

Diff. Network

On and On

Other P2P

Network

Michelle

On and On

Websites

Jack

Network

Amy

On and On

P2P

Users

Network

Email

Clair

Network

Worms

The goal of a worm is to infect other hosts and systems from

the infected system so they can spread to system to system without human intervention.

Worms Vs. Viruses

Viruses• Spread through

Human intervention

• Destroy and alter programs, files and folders.

• Do not install backdoors

Worms• Execute malicious

code• Do not attach

themselves to system files and programs.

• Consume resources but do not corrupt or delete files.

• Install backdoors • Can release a virus• Denial of Service

Attack

Parts of a Worm

Enabling Vulnerability•Installs itself to a vulnerable system.

Propagation Mechanism•Once gains access will begin to replicate.•Finds new targets to attack.

Payload•Once in, it will release a virus or let a hacker gain access.

Steps to Mitigate Worm Attacks:

Preparation: assemble a plan of attack and resources

Classify: the type of attack

Trace Back: the origin of the attack, find patient zero

Steps to Mitigate Worm Attacks Cont’d

Find who is responsible

Trojan Horse Attacks

Masks malware as legitimate applications. When this

malware is installed into a system they release malicious

code and infect the whole system.

Examples of Trojans

Popular fake games

Popular fake anti-virus programs

Computer Maintenance software

Pop-up ads advertising software

Characteristics of Trojan Horses

Trojan Horse

Will be shown through pop-up adds without user consent

Will be misspelled

Are found in bad websites

Will always ask for you to

download filesWill say they will improve system

performance

Symptoms of a Trojan Horse Attack

Trojan

Very Slow system start up

and performance

Safe mode still assessable

Non-stop annoying pop-ups revealing found threats

Software takes a long time to

run

SPAM

Annoying files or mail that takes up disk-space and include malicious attacks. Known as Junk E-Mail.

Much of SPAM is harmless and is used to advertise goods and services.

Effects most web based email applications and services.

SPAM can introduce phishing attacks.

Phishing attacks as for personal information which can later be used to steals credit cards, receipts, and identity.

Protection From SPAMUse a trusted email service like Gmail or

one which offers spam filters. Gmail scans for viruses.

Do not open e-mails you do

not recognize.

Always scan attachments.

Always read user agreements from sites carefully most give you

options to receive e-mails. It is checked by

default.

Do not send others mail if computer is infected with spy-

ware

Do not ever send sensitive information through e-mail or any

online media unless it’s on a secure and trusted

site.

Fight SPAM with E-Mail Organization

•Use this e-mail account to send and receive work related e-mails.•Depending on your organization, they might provide you with an email account to use.

Professional Use

•Use this account when shopping online. For E-bay Amazon, Itunes.•This E-mail account will hold your online shopping receipts, shipping information, and coupons.

Consumer Use

•Use this account to talk to others from social groups, personal blogs, and twitter.•Use this e-mail to register to group networks (Facebook, Linkster and the like.

Social Groups and Blog Use

Fight SPAM with E-Mail Organization Cont’d

•Use this account when registering to sites temporaly. •Use this when registering for sites that may be unsecure. Like peer to peer sharing sites (torrents). •Use this account if you do not have other accounts made.•This is your SPAM filter account. This account will most likely have the most SPAM.

Everything Else Accoun

t

Phishing AttacksAre email attacks which can infect the computer with spam or steal sensitive information from the user.

One of the most common attacks but can easily be avoided by simply not opening up unknown email.

Phishing e-mail web links will redirect the user to malicious sites which will then install spyware on to a system.

Blocking sites using hosts files and using a good firewall can mitigate attacks.

If an email asks you to type in sensitive information than it is a phishing attack.

Genuine companies will not ask its customers to send credit card information over email.

Do not provide the following on unsecure sites, through instant

messaging, unknown emails and pop-up ads:

Credit Card Numbers

Phone Numbers or address on

pop up ads

Passwords or user names in emails or ads

Financial Information

Sensitive documents or

pictures through email

Social Security Numbers or

Identification Numbers

Anything you don’t want

someone to see.

Spy-Ware and Ad-Ware

Attempts to intercept and install malicious applications without the users knowledge.

Spy-Ware can take control, monitor and redirect personal information, surfing habits and redirect browsers to malicious sites.

Can change system configuration and exploit vulnerable systems for commercial gain.

Ad-Ware and Spy-Ware do not usually replicate.

Ad-Ware auto displays adds and pop-ups. Most are harmless but can introduce spy-ware.

Protection From Spy-Ware

Avoid torrent, pornography,

and other shady sites.

Do not ever enter personal information if you are not on an known and secure

site.

Secure sites will have an s after http://, https:// is a secure site.

Download Spybot Search and Destroy from www.cnet.com.

This will actively protect you.

Always clear your history and cookies

after browsing. Download ccleaner

from Cnet.com

Download ZoneAlarm from

cnet.com, this is one of the best free

firewalls available.

Change security settings in

browsers to meet your needs.

Download hostman and update, this will block most phishing

and fake sites.

You can also use Malware Bytes and Ad-Aware

to fight Spy-ware

Other Mal-Ware Categories

• Worms and viruses which launch when certain conditions are met.

• Can stay dormant for a long period of time.

• These are complex attacks and can go off simultaneously.

Logic Bombs

• Goal is to take over the operating system.• Will hide system information from the

Operating system making it vulnerable.• Are hard to detect and many can not be

shown on task manager.• Can be Trojans and can install themselves to

drivers.

Rootkits

Other Mal-Ware Cont’d

•Use command and control infrastructure which completely takes over a system remotely.•These are found online, are installed by worms and Trojans, hides malicious programs, exploits system, and can send sensitive information back to the controlling server

Botnets

•Attacks the DNS server and injects false information.•This can change the IP address of a website and reroute the user to a malicious site.•Hard to detect because its limited in scope. One user can be effected while the others are not.

Cache Poisoning Attack

Next Week

IP addressing and Browsing

Privately

Ports and Blocking certain

ports to stay safe. DCOM attack

Firewalls

The dangers of Social Media and Groups

Password Creation

Mobile Media and Privacy Breeches