what is malware? definition: definition: a generic term used to describe any form of malicious...
TRANSCRIPT
What is Malware?What is Malware?
Definition:Definition:• A generic term used to describe any A generic term used to describe any
form of malicious software; e.g., Virus, form of malicious software; e.g., Virus, Trojan horse, Spyware, Adware, Trojan horse, Spyware, Adware, Malicious ActiveX web page, Rootkit, Malicious ActiveX web page, Rootkit, Zombie.Zombie.
Jonathan HeldPresented 9/13/2005
Install strange Install strange programsprograms
Slow internet Slow internet connectionsconnections
Slow PC Slow PC performanceperformance
Cause system Cause system instabilities/ crashesinstabilities/ crashes
Web popupsWeb popups
Change IE settingsChange IE settings View / Steal any View / Steal any
information on the PCinformation on the PC Open you up to Open you up to
identity theftidentity theft Log all keystrokes Log all keystrokes
typedtyped Cause your PC to Cause your PC to
attack others attack others (laptops)(laptops)
Render your PC Render your PC unusableunusable
What Harm Can Malware Do?
90% of home users are infected with malware.90% of home users are infected with malware. 20% of home computers are infected with a virus20% of home computers are infected with a virus 88% of the infected users don’t even know they are 88% of the infected users don’t even know they are
infected with malware.infected with malware. 2 of every 3 users don’t have an activated firewall, & 2 of every 3 users don’t have an activated firewall, &
1 of the 3 firewall-using folks have their firewalls 1 of the 3 firewall-using folks have their firewalls improperly configuredimproperly configured
Some worms have infected millions of computers Some worms have infected millions of computers within just a few minutes.within just a few minutes.
Malware is responsible for a third of all Windows Malware is responsible for a third of all Windows application crashesapplication crashes
Viruses alone cost businesses around the world $55 Viruses alone cost businesses around the world $55 billion per year.billion per year.
How Bad is the Problem?
HOW TO TELL IF YOUR COMPUTER ISINFECTED WITH MALWARE
• Sluggish system, Decrease in system performance.
• Computer boots up slower than usual.
• Pop-up ads, while you're not even running your web browser.
• Unwanted changes to Web Browser settings - home page, search page, new toolbars, new added Favorites.
• Hard Drive keeps losing free space.
• New messages, errors, and icons, for programs you never installed,especially on startup.
• Programs crash more often, even after rebooting.
• Suspicious or new Windows processes. (Advanced Users)
What are the differenttypes of Malware?
How do they getonto my computer?
TROJAN Files
SPYWARE
ADWARE / POPUPS
KEYLOGGER
Rogue FTP server
Remote Acc.Backdoor
VIRUS
DDOS ZOMBIE
SPAM RELAY (SpamBot)
ROOTKIT
DIALER
DIFFERENT TYPES OFMALWARE Best to Worst
DAMAGEAll malware will cause sluggish performance and crashes, and here are some additional annoyances:
Nuisance
Some viruses can cause data loss.
Telephone fraud, 1-900 overseas #s
Hard Drive space will dwindle
Any data on your computer can beviewed or stolen, even your keystrokes.COMPLETE SYSTEM COMPROMISE.
Your PC is used only to attack others
BROWSER HIJACK
Malware is usually “Bundled”
This makes somesophisticated Malware difficult
to remove.
Windows reinstallation issometimes required,
and recommended annually.
• SPYWARE: Any program which secretly collects and transmits user information (visited websites, search terms, etc) through the user's Internet connection without user’s knowledge, usually for advertising purposes.
Aside from privacy issue, it also slows down computer and internet connection,and creates system instability and crashes.
• VIRUS: A small “parasite” program that attached to a program or file on your computer’s hard drive without your knowledge, and runs against your wishes. Viruses replicate themselves when the file is shared with others. Their payload is usually harmful, deleting files, opening up the PC for other infections, Slowing thecomputer to a halt, etc.
• WORM: Similar to a virus, but more powerful – doesn’t need a host “file”, and Spreads much more quickly over network.
• EXPLOIT / HACK: small programs or methods which attacks particular unpatched security holes. Not self-replicating. An attack vector which opens up the PC forfurther infection. Once a computer is Hacked, the hacker has complete control over the PC, and can proceed to install viruses, spyware, FTP servers, and anything else.
TERMS
• BROWSER HIJACK: Web sites that, when visited, set the user's default browser homepage to an unwanted URL, change the default search engine, or add unwanted toolbarsand other custom plugins/add-ons to the user's browser and system.
• FIREWALL – Software which runs in the background and blocks suspiciousactivity to & from a computer’s 65,000 network ports. Will block *most* Malware,But not all. Windows XP SP2 has a Firewall built-in.
• PATCH (WindowsUpdate.com) – a small modification to the Windows OS code,to close up a recently discovered vulnerability.
TERMS
Removal
I THINK MY PC IS INFECTED WITH MALWARE…WHAT NOW?
If it's an IFEM computer, tell Jon. Update and run SpywareScanner first, if you have time.
Run 2 spyware scanners. Make sure to update them first.They will detect and remove most of your spyware.(Microsoft Anti-Spyware, Spybot Search&Destroy, Ad-Aware)
Run a full virus scan. Update your virus definitions first.
Go to Control Panel, Add/Remove Programs, and removeany programs you've never heard of, or you don't need.(don't touch the Microsoft programs!)
Microsoft AntiSpyware.Easy to use, easy to install, has straightforwardfriendly "real-time" protection.
Spybot Search&Destroy.Catches more Malware than the Microsoft product,but "real time" protection is sub-par.
Ad-Aware.Similar to SpybotSD above, a little easier to use.Does not offer “real-time” protection.
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
I THINK MY PC IS INFECTED WITH MALWARE – WHAT NOW?
►If it's a browser Hijack, Run "Hijack This", or MS AntiSpyware.
►Use a Process Viewer, such as TaskInfo (Advanced users)
Terminate suspicious processes and Services, check Registry “Start” section.
As a last resort:
► Reformat hard drive, reinstall Windows & all your programs.(back up your files first!)
OR
► Take your PC to a repair service, such as HomePCHelpers or Geeksquad.
Serv-U.exeGAIN.exeakjughwtlpztq.exeSlave.exedameware.exe
fxsvc.exeWinshel.exeservice.exeMicrosofts.exe
MALWARE PROCESSES
Installation files for these programs are inThe IFEM Shared Folder, for your use:
\\shiva\shared\Malware Tools\
How doesMalware spread?
Email attachments, and shared infected Email attachments, and shared infected files.files.
““Bundled” with a software installation Bundled” with a software installation (usually Shareware and Web toobars & add-ons)(usually Shareware and Web toobars & add-ons) (IFEM installs policy)(IFEM installs policy)
An infected PC on the networkAn infected PC on the network Peer-To-Peer (P2P) applications and Peer-To-Peer (P2P) applications and
services services (like Skype, Kazaa, Limewire, etc)(like Skype, Kazaa, Limewire, etc)
Worm or VirusWorm or Virus Exploit / Hack Exploit / Hack (Exploits of security flaws within (Exploits of security flaws within
the operating system or the web browser)the operating system or the web browser)
How did I get Malware on my Computer? How does it spread?
VISITING MALICIOUS WEB SITES
•Clicking a web popup.For example, Clicking “close” or“OK” on a pop-up or ad when it’sreally a link to another web page.
•Automatic installations by
visiting certain web sites(“drive-by-download” )
How did I get Malware on my Computer? How does it spread?
…tricks users into installation bythe use of deceptive buttons andhyperlinks, false error boxes andsystem notices, uncloseablepopups,or other confusingGUI elements;
…falsely poses as Microsoft Windows Update software,"anti-spyware" software, or other software that may be desired by users.
SHAREWAREwww.download.com
Adware(Sponsored)
Crippleware(Certain features areDisabled, or limited “Save”cabability)
Nagware
Software downloadable free of charge, but the author usually requests thatyou pay a small fee if you like the program. Shareware is inexpensivebecause it is usually produced by a single programmer and is offered
directly to customers.
Some shareware is “bundled” with spyware. Always check customer reviews or GoogleBefore you install shareware, and make sure to run spyware scan after you install.
Limited Trial (15 days, etc)
Honorware
Different Types:
Prevention
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
► Keep your Anti-Virus program AND Anti-Spyware Scannerup to date. Run them in background at all times.Do full scans a few times per month.
► Install *all* critical Windows Updates, fromwww.windowsupdate.com, OR make sure it's set to “Automatic".Laptops must be updated manually, every week or two.
► Install Windows XP Service Pack 2 (look for "Windows Firewall" in CP)
► MAKE SURE YOUR XP SP2 FIREWALL IS TURNED ON.A firewall will protect against SOME malware, not all.
► Don’t view or open spam or unknown email attachments.
► Don't click on ANY web pop-ups!
► Set Internet Explorer browser settings to “High”. (optional)
► MAKE SURE you have a strong password for all accounts on your PC.
► Be careful what software you install. Look up the program onGoogle first, to check if the program is safe.Always do a Spyware scan after installing software.
► Never give out passwords or other protected information,and don't leave them lying around.
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Microsoft AntiSpyware.Easy to use, easy to install, has straightforwardfriendly "real-time" protection.
Spybot Search&Destroy.Catches more Malware than the Microsoft product,but "real time" protection is sub-par.
Ad-Aware.Similar to SpybotSD above, a little easier to use.Does not offer “real-time” protection.
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
► DDOS Attacks.
► Spamming relays.
► Paid by advertising agencies and companies.
► To get personal useful information, such as credit card and SS numbers.
► for fun.
► To show off their skills.
WHY DO PEOPLE CREATEVIRUSES AND MALWARE?
Will this stop?Will this stop?
No, not in the near future. Currently, few laws No, not in the near future. Currently, few laws are in place, and no one is being convicted, in are in place, and no one is being convicted, in any country.any country.
The income potential is attractive to those The income potential is attractive to those wishing to work from home, or make extra wishing to work from home, or make extra money.money.
Prevention and awareness is the only protection!Prevention and awareness is the only protection!
Spyware ScannerScreenshots
WindowsXP SP2Internet Explorer
► added protection from Popups and ActiveX
installations!
This website attempted to install unsolicited
software or change settings
