1 / 56

Ch 6: Understanding Malware and Social Engineering

Ch 6: Understanding Malware and Social Engineering. CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson. Understanding Malware Types. Malicious Software (Malware). Installed through devious means Symptoms: System runs slower Unknown processes start

rosanne
Download Presentation

Ch 6: Understanding Malware and Social Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ch 6: Understanding Malware and Social Engineering CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide Darril Gibson

  2. Understanding Malware Types

  3. Malicious Software (Malware) • Installed through devious means • Symptoms: • System runs slower • Unknown processes start • Sends out email by itself • Random reboots • more…

  4. Viruses • Code attaches to a host application • Virus acts and spreads when the host application is run • Payload • Causes damage or delivers a message • May join computer to a botnet • Often delayed, so virus can spread

  5. Buckshot Yankee • US Military compromised by USB-borne virus • Led to a ban on USB sticks for a while • Link Ch 6b

  6. Armored Virus • Ways to prevent reverse engineering • Complex code • Encryption • Hiding files

  7. Polymorphic Malware • Mutates when it replicates • May also encrypt itself • Evades antivirus software

  8. Worms • Self-replicating malware • Does not need a host application or user interaction • Consumes network bandwidth • Unlike viruses, worms don't need to be replicated

  9. LoveBug Worm • Link Ch 6c

  10. Logic Bombs • Code that waits for some event, like a certain date • Planted by malicious insiders • Then executes payload • May destroy data, etc.

  11. Link Ch 6f

  12. Backdoors • Allow an attacker to access system covertly • Sometimes manufacturers include secret backdoors in devices • Poor security practice

  13. Trojans • Appears to be a good program, but does something nasty instead • Very common in warez (pirated games & apps), keygens, pirated movies, etc. • Rogue antivirus "scareware"

  14. Fake Antivirus • Link Ch 6d

  15. Mac Flashback Trojan • Link Ch 6e

  16. Botnets • Infected computers ("bots" or "zombies") under control of a Bot herder • Bots phone home to Command-and-Control (C&C) servers • Bots are used to • Send spam • Launch DDoS attacks • Install keyloggers or other additional malware

  17. Ransomware • CryptolockerEncrypts your files • Demands a ransom to get them back • Back up your stuff!

  18. Police Virus

  19. Virus Coaxes Man to Turn Himself in for Child Pornography • Link Ch 6o

  20. Rootkits • Malware that alters system files • Hides from the user and antivirus • Conceals files, running processes, and network connections • Very difficult to detect and remove • Sometimes hooks used to intercept system-level function calls can be detected by antivirus software

  21. Link Ch 6g

  22. Spyware • Reports on user's activity to a remote server • Actions: • Changing a browser home page • Redirecting browser • Installing browser toolbars • Keylogger to steal passwords • Often included with a Trojan

  23. Adware • Pop-up ads • Annoying, but not malicious • Pop-up blockers in browsers are common • Some software is free, but includes ads • Not illegal

  24. Recognizing Common Attacks

  25. Social Engineering Methods • Flattery and conning • Assuming a position of authority • Encouraging someone to perform a risky action • Encouraging someone to reveal sensitive information • Impersonating someone authorizes • Tailgating—following others into a secure area

  26. Education and Awareness Training • The single best protection against social engineering

  27. Impersonation • Wear a uniform • Phone repair technician • Janitor • Etc.

  28. Shoulder Surfing • Looking over a person's shoulder • See passwords typed in • Countermeasure • Privacy screens • Link Ch 6m • Password masking • Passwords appear as dots

  29. Virus Hoaxes • Scary email message • Recommending some unwise action, such as deleting system files • To detect hoaxes: • Antivirus vendor sites • Urban legend sites like snopes.com

  30. Tailgating and Mantraps • Following a person through a secure door • Also called piggybacking • To prevent this, use mantraps, turnstiles, or security guards

  31. Dumpster Diving • Searching through trash to find useful documents • Company directories • Preapproved credit card applications • Any Personally Identifiable Information (PII) • Countermeasures • Shredding documents • Burning documents

  32. Recognizing Other Attacks

  33. Spam and Spam Filters • Much spam is malicious • Malicious attachment and links • Spam filters are useful • Network-based spam filters • Link Ch 6h • Spam filters on end-user machines

  34. Phishing • Email looks like real mail from Paypal, mostly • Tricks user into logging in to a fake site • May link to malware, be used to validate email addresses, or ask for money

  35. Phishing to Get Money • Nigerian "419" scam • Someone has millions of dollars in Nigeria • Wants to use your bank account to smuggle it to the USA • Lottery scams • "Money Mules" • People who repackage stolen goods and send them to criminals

  36. Link Ch 6l

  37. Spear Phishing • Spear phishing • Target a specific set of users with a customized message • One risk caused by database breaches that reveal email addresses • Ex: Email CCSF employees about accreditation and layoffs

  38. Whaling • Targeting high-level executives with phishing attacks

  39. Spim • Spam over Instant Messaging • Can be reduced by whitelisting in the IM client • Image from wsj.com

  40. Vishing • Free, untraceable VoIP (Voice over IP) phone calls • Spoof Caller ID • Try to trick target into revealing credit card number, SSN, birthday, etc.

  41. Privilege Escalation • Moving from "User" to "Administrator" • Not necessary if user logs in as "Administrator" in Windows XP or earlier versions

  42. Blocking Malware and Other Attacks

  43. Protection against Malware • Mail servers • Scan email for malicious attachments • All systems • Put antivirus on all workstations and servers • Boundaries or firewalls • Web security gateways block malicious files and sites

  44. Antivirus Software • Detects viruses, Trojans, worms, spyware, rootkits, and adware • But some malware gets past it, especially rootkits • Real-time protection • Checks every file and device accessed • Scheduled and manual scans • Scan the file system

  45. Signature-based Detection • Signature files • Also called data definition files • Contain patterns that match known viruses • Must be updated frequently • When a matching file is detected • It is deleted, or quarantines • Quarantined files can be inspected, but won't do any harm

  46. Heuristic-based Detection • Detects suspicious behavior • Similar to anomaly-based detection in IDS • Runs questionable code in a virtualized environment • Detects "viral activities" • Prone to false positives

  47. Checking File Integrity • Can detect system file alterations • Records hash values of system files, and detects changes • Included in some HIDS and antivirus

  48. Link Ch 6g

  49. Pop-Up Blockers • Included in Web browsers • Often use whitelisting • Only allow pop-ups from trusted domains, such as ccsf.edu • Effective against adware

  50. Anti-spyware Software • Some overlap with antivirus software • Examples • Ad-Aware • Windows Defender • Spybot—Search and Destroy

More Related