1 / 26

Malware

Malware. Malcode Taxonomy. The Ten Most Common Critical Cyber Security Threats. Malware attack with Social Engineering Tactics SPAM DoS and DDoS attack Phishing and Pharming (identity theft) Botnets IM and P2P attack Mobile and Wireless attack (Wi-Fi and Bluetooth) Rootkits

heathermedina
Download Presentation

Malware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malware

  2. Malcode Taxonomy K. Salah

  3. K. Salah

  4. K. Salah

  5. The Ten Most Common Critical Cyber Security Threats • Malware attack with Social Engineering Tactics • SPAM • DoS and DDoS attack • Phishing and Pharming (identity theft) • Botnets • IM and P2P attack • Mobile and Wireless attack (Wi-Fi and Bluetooth) • Rootkits • Web Application Hacking • Hacking with Google K. Salah

  6. Most Advanced Critical Cyber Security Threats • Zero Day Attack • Web 2.0 Attack • VoIP Attack • Web Services Attack • USB Attack K. Salah

  7. Attack on the Critical Infrastructure • Government Operations • Telecommunications • Electrical Energy • Gas & Oil Storage and Delivery • Water Supply Systems • Banking & Finance • Transportation K. Salah

  8. Virus, Spam and Spyware Relationship Spam Antispam Worm Phish/ Adware Antivirus Antispyware Virus Spyware Zombie/ Trojan K. Salah

  9. Digital Forensics Analysis • Incident Notification • Understand Nature of Incident • Interview • Obtain Authorization • Verify Scope • Team Assembly • Document work area • Document Incident Equipment • Move Equipment • Prepare two images • Preserve/ Protect First Image • Use second Image for restoration and Examination • Data Extraction and Analysis • Watch Assumptions – Date /time • Review Log / Interview • Analysis • Prepare findings • Lesson Learned K. Salah

  10. Anti-forensic techniques • Anti-forensic techniques try to frustrate forensic investigators and their techniques • Overwriting Data and Metadata • Secure Data Deletion • Overwriting Metadata • Preventing Data Creation • Cryptography, Steganography, and other Data Hiding Approaches • Encrypted Data • Encrypted Network Protocols • Program Packers • Steganography • Generic Data Hiding • Examples • Timestomp • Changes the dates of computer files (4 timestamps of NTFS). Encase shows blanks. • Slacker • Store files in the slack of disk blocks K. Salah

  11. Virus Techniques • TSR • Virus can hide in memory even if program has stopped or been detected • Stealth Viruses • Execute original code • Size of file stays the same after infection • Hide in memory within a system process • Virus infects OS so that if a user examines the infected file, it appears normal • Encrypted/Polymorphic Viruses • To hide virus signatures encrypt the code • Have the code mutate to prevent signatures scanning K. Salah

  12. Polymorphic Viruses K. Salah

  13. Virus Cleaning • Remove virus from file • Requires skills in software reverse engineering • Identify beginning/end of payload and restore to original K. Salah

  14. How hard is it to write a virus? • Simple Google search for “virus construction toolkit” • www.pestpatrol.com • Tons of others • Conclusion: Not hard K. Salah

  15. Attaching code K. Salah

  16. Integrate itself K. Salah

  17. Completely replace K. Salah

  18. Boot Sector Virus K. Salah

  19. How viruses work • Attach • Append to program, e-mail • Executes with program • Surrounds program • Executes before and after program • Erases its tracks • Integrates or replaces program code • Gain control • Virus replaces target • Reside • In boot sector • Memory • Application program • Libraries K. Salah

  20. Cont’d • Detection • Virus signatures • Storage patterns • Execution patterns • Transmission patterns • Prevention • Don’t share executables • Use commercial software from reliable sources • Test new software on isolated computers • Open only safe attachments • Keep recoverable system image in safe place • Backup executable system file copies • Use virus detectors • Update virus detectors often K. Salah

  21. Virus Effects and Causes K. Salah

  22. Virus vs. Worm • Both are Malicious Code • Virus does harm • Worm consumes resources K. Salah

  23. Exploitation of Flaws: Targeted Malicious Code • Trapdoors • Undocumented entry point in code • Program stubs during testing • Intentionally or unintentionally left • Forgotten • Left for testing or maintenance • Left for covert access • Salami attack • Merges inconsequential pieces to get big results • A salami attack is a series of minor data-security attacks that together results in a larger attack. • For example, a fraud activity in a bank where an employee steals a small amount of funds from several accounts, can be considered a salami attack, i.e. deliberate diversion of fractional cents • Too difficult to audit K. Salah

  24. Exploitation of Flaws: Targeted Malicious Code (cont’d.) • Covert Channels • An example of human/student covert channel • Programs that leak information • Trojan horse • Discovery • Analyze system resources for patterns • Flow analysis from a program’s syntax (automated) • Difficult to close • Not much documented • Potential damage is extreme K. Salah

  25. File lock covert channel K. Salah

  26. Race Conditions • In wu-ftpd v2.4 • Allows root access • Signal handling • SIGPIPE • EUID=user changes to EUID=root to logout the user and access privileged operations and files • It takes some time to do this • SIGURG • Logging out is broken/stopped and prompt is gotten back with EIUD=root K. Salah

More Related