1 / 25

Windows Malware: Detection And Removal

Windows Malware: Detection And Removal. TechBytes Tim Ramsey. Computer Security!. What is “malware”? How does malware get on my PC? How do I get rid of malware? Resources. What Is “Malware”?. “ Mal icious Soft ware ” Includes: Viruses, worms, Trojan horses Spyware

Rita
Download Presentation

Windows Malware: Detection And Removal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Malware: Detection And Removal TechBytes Tim Ramsey

  2. Computer Security! • What is “malware”? • How does malware get on my PC? • How do I get rid of malware? • Resources

  3. What Is “Malware”? • “Malicious Software” • Includes: • Viruses, worms, Trojan horses • Spyware • Remote-control software • “Botnets” • Rootkits • The lines are getting blurry

  4. Viruses, Worms, Trojan Horses • Viruses: modify executables and documents; we humans do the rest • Worms: self-replicating programs • Trojan Horses: still fooling us after all these years

  5. Spyware • Installed with or without your knowledge and consent • Do you read the entire EULA? • I do (except the French part) • Tracks URLs visited, information entered into forms • Can even monitor secure (https://) pages

  6. Spyware, Cont. • Keyboard loggers: capture passwords, PINs, account numbers • Organized crime loves this stuff

  7. Remote–Control Software • Windows Remote Assistance • VNC, Radmin • Netbus, BackOrifice

  8. Botnets • “The single greatest threat facing humanity” • Quickly becoming a top problem on campus • Hordes of infected “drone” hosts • Used for spam relay, DDOS, scanning, infection

  9. Botnets, Cont. • Spreading via IM, email, compromise • Installs remote-control software • Connects to central server to announce presence and await commands • Allows “Botmaster” to control 100, 1000, 10000+ infected hosts with simple commands • Continually evolving

  10. Botnets, Cont. 2 • Network connections are initiated by the drone hosts • Uses common protocols: HTTP, IRC, FTP • Starting to see stealth techniques employed to hide infection (rootkits), communications (SSL, steganography) • Tremendous incentives for Botmasters to grow, maintain, defend their horde • You don’t want this on your computer

  11. How Does Malware Get On My PC? • Compromise • Security vulnerabilities • Browser vulnerabilities • Open file shares • Social Engineering • People click on the darndest things • Packaged with other software

  12. How Do I Get Rid Of Malware? • Best: Don’t get infected • Antivirus • OS and application patches • Enable Windows Firewall • Healthy paranoia • Don’t run files that friends or strangers send to you! • Don’t install random software from the Web • Um, yeah. I still got infected. What now?

  13. Malware Removal • Safest: “R/R” • Reformat / Reinstall are necessary if the infection contains a remote control component • No telling what has been installed, changed • SIRT policy • A botnet infection means R/R is mandatory • Otherwise, try to identify the infection

  14. Identifying The Infection • Anti-Virus software scan • Anti-Spyware scan • Spybot Search & Destroy • Microsoft Windows AntiSpyware (Beta) • AdAware • Other, more specialized, tools

  15. Removing The Infection • Are you sure you wouldn’t rather R/R? • If you’ve identified the infection, look for a removal tool • Symantec, McAfee, other AV vendors • Google search (but be careful) • When in doubt, reformat and reinstall

  16. A Note About Reformat / Reinstall • Back up your data first • Practically every OS is vulnerable to network compromise during installation • Unplug the computer from the network • Install OS, service packs, patches from CD • Enable Windows Firewall • Install SAV from CD • Set administrator password • Then plug back in

  17. Rootkits: Making Life Harder • Pre-packaged software to hide malware • Freely obtainable (rootkit.org) • There are even commercial packages! • Insert hooks into system, kernel • Trap program calls to list directory contents, running processes, registry entries • Filter out what the bad guys don’t want you to see

  18. Detecting Rootkits • Look for the hooks • Look for known file names, processes • Look for what’s being hidden • Difficult to do, getting more difficult • Tools exist to do this, but most don’t detect everything • Hot topic of research for both sides

  19. Removing Rootkits • Are you sure you wouldn’t rather R/R? • Removal tools exist for most rootkits • Deep magic, requiring wizardry and time

  20. Resources • K-State provided antivirus software • http://antivirus.ksu.edu/nav/ • Spybot Search & Destroy • http://www.safer-networking.org/  • Microsoft Windows Antispyware (Beta) • http://www.microsoft.com/athome/security/spyware/software/

  21. Resources, Cont. • Rootkit Detection • http://www.f-secure.com/blacklight/ • http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml • K-State configuration for XP Firewall • http://knowledgebase.itac.ksu.edu/art.asp?id=274 • SANS Top 20 • http://www.sans.org/top20/

  22. Questions?

  23. Thanks For Coming! (I hope today wasn’t too taxing)

  24. This Slide Intentionally Left Blank

More Related