Understanding Malware: Types, Usage, and Protection
Malware, short for malicious software, encompasses various forms of hostile software designed to disrupt computer operation, steal sensitive information, or gain unauthorized access. It includes viruses, trojan horses, worms, spyware, phishing, ransomware, and more. Malware is often used to steal personal, financial, or business data. Protecting your computer from malware involves awareness, using anti-malware programs, and practicing safe browsing habits. Learn about the types of malware, how they spread, and common symptoms to detect their presence.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
MALWARE MALWARE Malware Usage of Malware Types of Malware How Malware Spreads? How Can You Protect Computer? Symptoms Anti-Malware Program
Malware Malware Short for malicious software. A malicious software is used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software
Usage Usage of Malware of Malware Many early infectious programs, including the first Internet Worm, were written as experiments or pranks. Today, malware is used primarily to steal sensitive, personal, financial, or business information for the benefit of others. Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. However, malware is often used against individuals to gain personal information such as social security numbers, bank or credit card numbers, and so on.
Types of Malware Types of Malware Viruses Trojan horses Worms Spyware Zombie Phishing Spam Adware Ransomware Botnet
Viruses Viruses A computer virus is a malicious piece of executable code that propagates typically by attaching itself to a host document that will generally be an executable file. A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. Viruses copy themselves to other disks to spread to other computers. They can be merely annoying or they can be vastly destructive to your files.
Virus go through four stages Virus go through four stages 1. Dormant phase not all have this stage. 2. Propagation phase copies itself 3. Triggering phase caused by some event count of the number of copies made A particular date, etc 4. Execution phase do damage!
Examples of famous viruses Examples of famous viruses 1981 first computer virus written by 15 yr old student named Richard Skernta used floppy disk to travel between machines 1988 Jerusalem Infected both .EXE and .COM files Friday 13thit deleted all programs in the infected system Boot sector viruses Yale from USA, Stoned form New Zealand, Ping Pong from Italy first self-encrypting virus 1991 first polymorphic virus (Tequila): change pattern and encrypt itself. Michelangelo (traditional virus)
1998 Chernobyl launched in Taiwan infecting .exe files remained resident in the memory overwrite data on the hard drive making it inoperable overwrites BIOS preventing boot-up estimated damage $20 to $80 million 1999 Melissa mass mailer Used Outlook to send email messages of itself to 50 names on the contact list of a user Message read: Here is that document you asked for don t show anyone else. Infected 15 to 20 percent of all business PCs Estimated damage between $300 and $600 million 2000 I love You Virus spread via Outlook file attachment, over-written files
Types of viruses Types of viruses Parasitic traditional Memory-resident: infects every program that runs Boot sector infects the master boot record Polymorphic mutates with each infection creates copies that are functionally equivalent, but have different bit patterns may randomly insert superfluous instructions or interchange the order May use encryption each infection generates a different random key Stealth uses compression intercept I/O subroutines Macro Viruses two thirds of all computer viruses Aimed at MS Word docs
Antivirus Protection Antivirus Protection Prevention IPS such as firewall Detection (locate the virus) Identification (identify the specific virus) Removal using antivirus and other tools Currently four generations of antivirus software Scanners Heuristic rules look for fragments of code Memory-resident programs watch for activity associated with infection attempts Fourth gen. uses all of these + access control capability, which limits ability of viruses to penetrate a system.
Trojan Horses Trojan Horses A Trojan Horse program has the appearance of having a useful and desired function. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. These are often used to capture your logins and passwords. Uses social engineering
Example of Trojan Horses Example of Trojan Horses Naked Wife : mass-mailed Trojan if executed, can delete files necessary for everyday computer operation. Zeus Trojan (infiltrates through spam emails): developed by hackers to steal banking details from infected devices. Remote access Trojans (RATs): sent as an email attachment and create a backdoor for administrative control over the target computer. Backdoor Trojans (backdoors) IRC Trojans (IRCbots) Trojans use Internet Relay Chat (IRC) Keylogging Trojans: NetBus - is Trojan horse malware created in 1998 with the target to remotely control a system running windows OS. Like any other Trojan, NetBus also has 2 components: the client and server. The server infects the host computer and the client is used to control it.
Example of Trojan Horses Example of Trojan Horses Keylogging Trojans: keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that person using the keyboard is unaware that their actions are being monitored.
WORMS WORMS A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. It does not need to attach itself to an existing program. Worm uses one of the following: Email facility Remote execution capability executes a copy of itself on another system Remote login capability worm logs in as a user File-sharing services
Example of a Typical Worm Example of a Typical Worm 1. Scan for hosts running infected product Check if port is open Check version or even try to infect anyway 2. Download/infect machine with code which will continue the spread of the worm Once in, downloads tools from third party host, or even download more copies of itself 3. Issuing a payload Deleting, modification, back-dooring, flooding or other related activity 4. Scan more hosts and repeat Repeat Step 1
Morris worm Morris worm Released by Robert Morris 1988 one of the first computer worms distributed via the Internet. It was the first to gain significant mainstream media attention. According to its creator, the Morris worm was not written to cause damage, but to gauge the size of the Internet. Quite sophisticated Tried a variety of methods for gaining access: Attempted to login to a remote host as a legitimate user Exploited a bug in finger protocol (port 79) Sentenced to 400 hours community service and $10,000 fine
Code Red Code Red July 2001 July 2001 Two variants attacked MS IIS servers Operated in three stages: scanning, flooding and sleeping Scanning phase phase: searched for vulnerable computers (MS II servers) Flooding phase: DoS attack on the White House Website Sleep mode could last indefinitely Replaced website text with the phrase hacked by Chinese. At its peak, it infected 2,000 machines every minute = 250,000 under 9 hours.
Code Red II Code Red II Variant of Code Red Exploited the same vulnerability as Code Red Gave the attacker control over the infected system Each variant was smarter than the previous one Many MS IIS servers had not been patched Alarm messages arrived in first few hours No one was monitoring these systems Emails bounced Worm continue unchecked for days
Sobig Worm August 03 has six variants Some features similar to a Trojan virus because it disguises itself as electronic mail Example: Mydoom January 2004 Also known as Novang, Shimgapi e.g. W32.MyDoom@mm, and Mimail.R Record for the fastest-spreading e-mail worm 100,000 infected emails per hour were blocked Gets computer user to open an infected email attachment installed a backdoor Worst email worm to date $250,000 bounty for creator of these worms
Blaster Worm Blaster Worm August 2003 August 2003 Also known as Lovsan or Lovesan Focus on Windows 2000 and Windows XP OS Attack 120,000 unpatched systems during first 36 hrs DoS attack on MS Windows Update Website Caused OS to crack Contains two messages I just want to say Love You San hence the name Billy Gates why do you make this possible? Stop making money and fix your software Infected over 1 million computers
Conflicker Conflicker Worm Worm Modifies the Registry Resets PC s System Restore point Downloads files from the hacker s website
Stuxnet Stuxnet Worm Worm July 13, 2010 July 13, 2010 Targets industrial control systems known as SCADA systems If found it attempts to steal code and design projects Exploits four zero-day vulnerabilities Link fine vulnerability to spread through USB drives Remote code execution vulnerability Two local priviledge escalation vulnerabilities Stuxnet worm target Iran, specifically industrial to cool the fans or reduce the fan of a nuclear reactor.
Defences Defences Against Worms Against Worms Modus operandi of true worms is to exploit a known vulnerability Key defence latest patches Host-based IDS detects unauthorized system activity Network-based IDS detects signatures of known worms Antivirus software for email worms Don t run executables or open files from unknown sources!
Adware and Spyware Adware and Spyware Annoying and deceptive software Information gathering programs Designed to monitor user behavior Includes spyware, adware and spam Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Economically motivated e.g. online advertisements Collects info about your surfing habits with or without your knowledge Not illegal and Not necessarily malicious Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer free versions that come bundled with adware.
Spyware Spyware Spyware is a type of malware installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Spyware programs lurk on your computer to steal important information, like your passwords and logins and other personal identification information and then send it off to someone else.
Spyware does not directly spread like a virus or worm Spyware does not directly spread like a virus or worm 1. Installed without user s knowledge Usually presented as a useful utility, which users download and install Example: Web accelerator Bonzi Buddy targeted at children 2. Bundled with shareware and other free software When the user installs it also install spyware 3. Tricks users by manipulating security features Download requires a user action No matter which button the user presses, a download starts
Spyware exist as independent executable programs Have the capability to: Monitor your keystrokes Scan files on the hard drive Snoop other applications, such as chat programs or word processors Install other spyware programs Read cookies Change the default home page on the Web browser Consistently relaying information back to the spyware author Can slow down your computer
Spam Spam Spam Spam is email that you did not request and do not want. One person's spam is another's useful newsletter or sale ad. Spam is a common way to spread viruses, trojans, and the like.
Zombie Zombie Zombie programs take control of your computer and use it and its Internet connection to attack other computers or networks or to perform other criminal activities.
Phishing Phishing Phishing (pronounced like the word 'fishing') is a message that tries to trick you into providing information like your social security number or bank account information or logon and password for a web site. The message may claim that if you do not click on the link in the message and log onto a financial web site that your account will be blocked, or some other disaster.
Ransomware Ransomware Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. It restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer. In 2012, a major ransomware known as Reveton began to spread. It displayed a warning purportedly from a law enforcement agency claiming that the computer has been used for illegal activities, such as downloading unlicensed software or child pornography. Due to this behavior, it is commonly referred to as the "Police Trojan".
Buffer Overflow Buffer Overflow Advanced hacking technique Requires some skill and programming knowledge Aim utilize a vulnerable/security hole Objective to gain root priviledges How does it work?: when a program is executed, it is mapped into memory in an organized manner. The defence: buffer overflow attacks often take advantage of poor application programming. Write secure code
Bots Bots Programs that perform some predefined actions in an automated way. A bot is a computer that has been compromised through a malware infection and can be controlled remotely by a cyber criminal. Cause: software vulnerabilities, IE misconfiguration, or opening an email attachment. Used for DDoS attacks similar to zombies Spam: spammers pay to access bots that run email-gateways Harder to block is spam from multiple sources Harvesting valuable information includes online banking credentials, software activation license keys, etc Secondary infection scanning and creating more zombies.
Botnet Example Botnet Example Zeus Began to spread in 2006 Objective stealing banking information by keystroke logging (tracking/ logging the keys struck on a keyboard) and form grabbing Purchased for around $3000-4000 Storm Uses email spamming and phishing websites Begins gathering infected computers into the storm botnet Infected 1.7 million computers Responsible for blasting out 20 percent of spam sent worldwide Storm 2.0 strain 2010 relays junk e-mail advertising male enhancement pills and adult websites
Action Action Keystroke logging passwords to get keys to decrypt the packets Sniffing Traffic watching for clear text passwords Installing Advertisement Add-ons Set up a fake website with some advertisement Negotiate a deal with hosting companies that pay for clicks on adds Bots click on the pop-ups Manipulating online polls/games Mass identity theft phishing mails Spreading new malware
How How Malware Spreads? Malware Spreads? Malware is a program that must be triggered or somehow executed before it can infect your computer system and spread to others. Here are some examples on how malware is distributed: a) Social network b) Pirated software c) Removable media d) Emails e) Websites
Damages Damages 1. Data Loss - Many viruses and Trojans will attempt to delete files or wipe hard drives when activated, but even if you catch the infection early, you may have to delete infected files. 2. Account Theft Many types of malware include keylogger functions, designed to steal accounts and passwords from their targets. This can give the malware author access to any of the user's online accounts, including email servers from which the hacker can launch new attacks. 3. Botnets Many types of malware also subvert control over the user's computer, turning it into a "bot" or "zombie." Hackers build networks of these commandeered computers, using their combined processing power for tasks like cracking password files or sending out bulk emails.
Damages Damages contd contd 4. Financial Losses If a hacker gains access to a credit card or bank account via a keylogger, he can then use that information to run up charges or drain the account. Given the popularity of online banking and bill payment services, a hacker who manages to secrete a keylogger on a user's system for a full month may gain access to the user's entire financial portfolio, allowing him to do as much damage as possible in a single attack.
How Can You Protect Your Computer? How Can You Protect Your Computer? Install protection software. Practice caution when working with files from unknown or questionable sources. Do not open e-mail if you do not recognize the sender. Download files only from reputable Internet sites. Install firewall. Scan your hard drive for viruses monthly.
Symptoms Symptoms Increased CPU usage Slow computer or web browser speeds Problems connecting to networks Freezing or crashing Modified or deleted files Appearance of strange files, programs, or desktop icons Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off antivirus and firewall programs) Strange computer behavior Emails/messages being sent automatically and without user s knowledge (a friend receives a strange email from you that you did not send) There seems to be a lot of network activity when you are not using the network The available memory on your computer is lower than it should be Programs or files appear or disappear without your knowledge File names are changed
Anti Anti- -Malware Malware Program Program Anti-Malware program is used to prevent, detect, and remove computer viruses, worms, trojan horses and any other type of malware. Examples of Anti-Malware program: Antivirus program Anti-spyware program Anti-spam program Firewall Antivirus Program Antivirus" is protective software designed to defend your computer against malicious software. In order to be an effective defense, the antivirus software needs to run in the background at all times, and should be kept updated so it recognizes new versions of malicious software.
Examples of Antivirus Program Examples of Antivirus Program Norton Antivirus AVG Kaspersky Avast! PC-Cilin McAffee Avira Panda Etc.
Anti Anti- -Spyware Spyware Program Program Anti-spyware program is a type of program designed to prevent and detect unwanted spyware program installations and to remove those programs if installed. Examples of Anti-spyware program: Spyware Doctor AVG Anti-spyware STOPzilla Spysweeper Anti-Spam Program Anti-spam software tries to identify useless or dangerous messages for you.
Firewall Firewall A firewall blocks attempts to access your files over a network or internet connection. It blocks incoming attacks. Your computer can become infected through shared disks or even from another computer on the network, so you need to monitor what your computer is putting out over the network or internet also.
Summary Summary Malicious code attacks work because of: Flaws in software design Vulnerabilities caused by insecure configurations Social engineering Human error and/or na ve users Persistence on the part of hackers
LAB LAB Ping of Death Ping of Death Open a Command Prompt and set a VERY large sized, continuous Ping going, directed at a chosen IP address (website) Ping t l 65000 (IP address) Repeat this ten more times in separate copies of the Command Prompt. Then Open a browser visit the website and try to explore the site Observe the effect on the website as more students direct these Pings at the website What was the effect on the website?
IP Addressing Example IP View the IP address on your own computer: I Motivation Ipconfig, ipconfig /all, IP IP Addresses To find a computer name from an IP address or vice versa I nslookup IP address/domain name e.g nslookup abuad.edu.ng To list all servers IP address between your computer and your website: e.g. tracert google.com I
References [1] Class note by Adam C. Champion, Ph.D. [2] Principle of Information Security by Michael E. Whitman, 5th Edition, Herbert J. Mattord. [3] Network Security Essentials: Applications and Standards, 4th Edition, William Stallings.