1 / 25

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them. Jay Stamps, jstamps@stanford.edu , 723-0018 ITSS Help Desk Level 1 Training, November 18, 2004. Course Objectives. Understand what malware is, where it comes from, and what it does

milos
Download Presentation

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Malware: Viruses, Worms, Trojan Horses, & SpywareWhat They Are & How to Deal with Them Jay Stamps, jstamps@stanford.edu, 723-0018 ITSS Help Desk Level 1 Training, November 18, 2004

  2. Course Objectives • Understand what malware is, where it comes from, and what it does • Diagnose compromised or infected computers based on reported symptoms • Basic troubleshooting techniques for possibly compromised computers • Research & diagnostic tools • Prevention: Worth a pound of cure!

  3. It’s Been a Rough Few Years for Windows PCs…

  4. Sorry… • But that was the last picture you’re going to see in this presentation! • The good news is that your instructor loves questions, and you’re cordially invited to interrupt him at any time, or save your questions for later • It’s a cliché, but there are no “dumb questions”: The point is to learn • And if I don’t have a good answer, I’ll suggest that you make finding one part of your homework assignment!

  5. What’s “Malware”? • Shortened form of “malicious software” • But it’s not always really malicious • So “malware” is a general term for: • Computer and macro viruses of any kind • Internet and mass-mailing worms • Trojan horses, backdoors and rootkits • Other computer exploits, bots, zombies • Spyware, adware, and other software installed on a computer without the user’s knowledge or informed consent • And then there are the “hoax viruses”…

  6. Why Use the Word “Virus”? • The analogy with biological viruses • Computer viruses exist to self-replicate • They can often adapt (mutate) to survive • They might or might not harm the host • They “infect” by inserting themselves into a “healthy” system (be it a computer program or living organism) • The term “virus” is heavily overused • That’s why we’re talking about “malware” • But when someone’s PC is misbehaving… • They call 5-HELP and say, “I’ve got a virus!”

  7. Are Only PCs Affected? • The answer is “No” • Are Macintoshes immune? • The answer is “yes and no” - sort of… • The first virus in 1982 infected Apple IIs • A great deal of malware - some of it not so malicious - existed for Mac OS “Classic” • Are there any Mac OS X malware programs? Well, not in the wild, not yet… • What about Unix and Linux OSes? • Lots of malware is in circulation for these platforms - lots!

  8. Why Does Malware Exist? • When “viruses” first became common… • And “normal people” began to use personal computers… • If a “virus” struck, they were confused, alarmed, felt violated… • They’d ask, “Where do these things come from?” and “How did I get infected?” • Often they’d feel embarrassed, like they’d picked up an STD in a reckless moment… • When told, “People deliberately create viruses,” they’d properly ask, “Why?” • What do you think? Why does malware exist? (Possible homework assignment!)

  9. Brief History of Malware • “Viruses” appeared in early 1980s • Very soon after first personal computers • They spread by floppy disks, later via “bootleg” & other software on “BBSes” • They often weren’t meant to be destructive • Internet “worms” arrived in late 1980s • “There may be a virus loose on the internet.” - Andy Sudduth of Harvard University, 34 minutes past midnight, November 3, 1988

  10. Brief History Continued • First mass-mailing worm came in 1999 • Usually called the “Melissa virus” • It was also a “macro virus” • Infected file had to be opened in MS Word • Spyware hits the scene around 2000 • “Adware” claims to be legitimate, legal • “Browser hijacking” is common symptom • Other exploits, trojans, backdoors… • Have been around for a long time • Hackers target entities for malicious attack, or may want “free” computing resources

  11. We’ll Stick to MS Windows • The majority of computer users at Stanford have Microsoft Windows PCs • The majority of malware “in the wild” today attacks only Windows PCs • Malware is very platform-dependent • Microsoft has only recently made computer security a priority • In the past… • MS tended to “enable everything by default” • Network-connected “services” running on a computer are an open invitation to hackers

  12. Why So Much Malware? • Is malware becoming more common? • Yes!!! It is!!! (and harder to fight off) • Why might that be? • The Internet! Plus all the high-powered PCs in homes & offices connected to it • Why does that make a difference? • As with biological viruses, lots of people (or computers) are rubbing up against each other in a common space; and computers (like people) don’t always cover their mouths when they sneeze…

  13. “Help! I’ve Got a Virus!” • A lot of people self-diagnose (wrongly) • “Doc, I think I’ve got the flu.” “How much did you drink last night?” “Uh, three six packs. I think. I don’t really remember…” • Only a few years ago… • Most folks who thought their PC had a viral infection were wrong! • When PCs behaved strangely, usually there was a problem with the OS or an application that was not at all virus-related • Today that’s still true, but…

  14. Today That’s True, But… • Malware is more common, while OSes and applications are both more feature-laden and (often) more robust • More features mean more potential vulnerabilities for hackers to exploit • Greater robustness means strange behavior is somewhat likelier to be caused by malware • Plus more people use protective software • Few people these days are unaware of the necessity of running antivirus software • Some people even use it correctly!

  15. You Answer a Call to 5-HELP • And the caller begins to explain… • “I think my PC has a virus” • Maybe it does, and maybe it doesn’t • We’ll look at diagnostic approaches presently • “I got an email from the Security Office…” • Get the details, but… • A referral to the Level 2 Help Desk, or local or contract support is probably the right move • If Networking or the Security Office has noticed a problem, the computer is almost certainly hacked • If the caller has self-diagnosed, or if you suspect malware is involved, you ask…

  16. The Usual Questions 1 • If a caller’s PC might have an infection, or otherwise be compromised: • Ask what version of Windows they’re using • Ask them if they’re keeping it patched • Ask them if they’re using antivirus software, and if it’s up-to-date • For Windows 2000 & XP, ask them if they have good passwords for all user accounts • Ask them if they use a firewall • The caller may not know the answers to some of these questions, of course…

  17. The Usual Questions 2 • So you may need to guide the caller to learn the answers to these questions • To check if Windows is properly updated, have the caller visit: • http://windowsupdate.microsoft.com • Launch Symantec AntiVirus to check the date of the virus definitions file • To check password strength, use the Stanford Security Self-Help tool • Windows XP has a built-in firewall, as do many broadband routers

  18. The Answers • If a user can’t access the network, that problem is likely not caused by malware • If a user can’t run, install or update SAV or other security software, that’s a clue that the PC has been infected by a worm • If Windows isn’t patched, and/or AV software is out of date, and/or user accounts have weak passwords, the PC is definitely vulnerable to compromise • If the web browser (especially IE) goes to unexpected sites, suspect spyware

  19. More Symptoms • We’ve just looked at a couple of common symptoms of malware • Here are some other possible signs: • Sluggishness • One or more unexpected restarts • Frequent system crashes • Constant hard disk activity • Generalized “strange behavior” • Hackers try to hide their presence: If they’re good, they will succeed • Worms and some viruses do likewise

  20. Steps to Recovery • Most symptoms of malware also have other, more mundane causes • If there’s any reason to suspect the presence of malware on a user’s PC, update virus definitions, disconnect the network cable, and run a full antivirus scan of all hard drives • Install and run SpySweeper • And always, always teach computer users how to protect themselves from malware! Prevention is key!

  21. Mass-Mailing Worms • Mass-mailing worms are one of the most common vectors for malware • Most people know not to open “suspicious” email attachments • But the worm writers are getting a lot craftier, and the attachments often look less “suspicious” these days • Many people are still confused by sender address “spoofing” • Mass-mailing worms mail themselves out using randomly chosen sender addresses

  22. I Got a “Suspicious” Email • A caller might say: • I got a strange email message from my bank (or a bank I don’t even use), etc. • I got a message from my “system administrator” telling me to do something • I got a message from a friend telling me there’s some file I’m supposed to delete • Such messages are usually “phishing” attacks, or “hoax viruses” • Delete the email message; don’t do what it says; never give out private information

  23. Top 6 PC Security Must-Dos • Patch Windows automatically • New patches 2nd Tuesday of each month • Use BigFix & Windows Automatic Updates • Use strong passwords (even better, pass phrases) for all user accounts • Use a firewall, such as Windows XP’s built-in software firewall • Use and properly maintain good antivirus software • Don’t open suspicious email attachments • Disable Windows File & Printer Sharing

  24. Tools for Prevention • Essential Stanford Software • http://ess.stanford.edu • Symantec AntiVirus • BigFix client • SpySweeper • Security Self-Help Tool • Use the Firefox web browser (not IE) • Stanford Secure Computing web site • http://securecomputing.stanford.edu • Microsoft Baseline Security Analyzer • http://support.microsoft.com/kb/320454

  25. Questions? Research Tools • If you’ve been saving up questions, now’s your chance! • Tools for research & troubleshooting: • http://support.microsoft.com/kb/129972 • http://www.google.com • http://www.sarc.com • http://www.mcafeesecurity.com/us/security/home.asp • http://housecall.trendmicro.com/ • http://en.wikipedia.org/wiki/Computer_virus • http://www.spywareinfo.com/ • http://support.microsoft.com • http://www.microsoft.com/technet • http://www.cert.org/ • http://www.cisecurity.org/

More Related