malicious software
play

Malicious Software Countermeasures Summary ITS335: IT Security - PowerPoint PPT Presentation

Jan 02, 2024 •356 likes •673 views

ITS335 Malicious Software Malicious Software Propagation Payload Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October

  1. ITS335 Malicious Software Malicious Software Propagation Payload Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l05, Steve/Courses/2013/s2/its335/lectures/malicious.tex, r2958 1/30

  2. ITS335 Contents Malicious Software Malicious Software Malicious Software Propagation Payload Countermeasures Summary Malware By Propagation Techniques Malware By Payloads Countermeasures Summary 2/30

  3. ITS335 Malicious Software Malicious Software ◮ Malware is “ a program that is inserted into a system, Malicious Software usually covertly, with the intent of compromising the Propagation confidentiality, integrity, or availability of the victim’s Payload data, applications, or operating system or otherwise Countermeasures annoying or disrupting the victim ” – NIST Summary ◮ A classification of malware: Propagation how the malware spreads ◮ Viruses ◮ Worms ◮ Social engineering Payload actions malware takes when reaches victim ◮ System corruption ◮ Zombies and bots ◮ Information theft ◮ Stealthing ◮ Countermeasures: anti-virus software 3/30

  4. ITS335 Contents Malicious Software Malicious Software Malicious Software Propagation Payload Countermeasures Summary Malware By Propagation Techniques Malware By Payloads Countermeasures Summary 4/30

  5. ITS335 Nature of Viruses Malicious Software ◮ A virus is piece of software that “infects” programs and Malicious Software copies itself to other programs Propagation ◮ The phases of a virus are: Payload 1. Dormant: virus is idle; will be activated by some event Countermeasures (like logic bomb) Summary 2. Propagation: virus copies itself into other programs or areas of operating system 3. Triggering: virus is activated to perform some function; similar triggers to logic bombs, but also number of times virus copied 4. Execution: function is performed, either harmless (display a message) or malicious (delete or modify files) ◮ Most viruses are specific to operating systems and/or hardware platforms 5/30

  6. ITS335 A Simple Virus Malicious Software program V := Malicious Software {goto main; Propagation 1234567; Payload subroutine infect-executable := Countermeasures {loop: file := get-random-executable-file; Summary if (first-line-of-file = 1234567) then goto loop else prepend V to file; } subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if some condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next: } 6/30

  7. ITS335 Compression Virus Malicious Software ◮ The simple virus can be detected because file length is Malicious Software different from original program Propagation ◮ This detection can be avoided using compression Payload ◮ Assume program P1 is infected with virus CV Countermeasures 1. For each uninfected file P2, the virus compresses P2 to Summary produce P2 2. Virus CV is pre-pended to P2 (so resulting size is same as P2) 3. P1 is uncompressed and (4) executed 7/30

  8. ITS335 A Compression Virus Malicious Software program CV := Malicious Software { goto main; Propagation 01234567; Payload subroutine infect-executable := Countermeasures {loop: Summary file := get-random-executable-file; if (first-line-of-file = 01234567) then goto loop; (1) compress file; (2) prepend CV to file; } main: main-program := { if ask-permission then infect-executable; (3) uncompress rest-of-file; (4) run uncompressed file;} } 8/30

  9. ITS335 Types of Viruses: By Target Malicious Software Boot Sector Infector infects a master boot record or boot Malicious Software record and spreads when a system is booted from the Propagation disk containing the virus Payload File Infector infects files that the operating system or shell Countermeasures considers to be executable Summary Macro Virus infects files with macro or scripting code that is interpreted by an application Multipartite Virus infects files in multiple ways 9/30

  10. ITS335 Types of Viruses: By Concealment Strategy Malicious Software Encrypted Virus a portion of the virus creates a random Malicious Software encryption key and encrypts the remainder of the virus Propagation Stealth Virus a form of virus explicitly designed to hide itself Payload from detection by anti-virus software Countermeasures Summary Polymorphic Virus a virus that mutates with every infection Metamorphic Virus a virus that mutates and rewrites itself completely at each iteration and may change behaviour as well as appearance 10/30

  11. ITS335 Example Viruses Malicious Software Malicious Software Propagation Payload Countermeasures Summary 11/30

  12. ITS335 Worms Malicious Software ◮ Program that actively seeks out more machines to Malicious Software infect and each infected machine Propagation ◮ Serves as an automated launching pad for attacks on Payload other machines Countermeasures Summary ◮ Exploits software vulnerabilities in client or server programs ◮ Can use network connections to spread from system to system ◮ Spreads through shared media (USB drives, CD, DVD data disks) ◮ E-mail worms spread in macro or script code included in attachments and instant messenger file transfers ◮ Upon activation the worm may replicate and propagate again ◮ Usually carries some form of payload 12/30

  13. ITS335 Worm Replication Malicious Software E-mail or instant messaging worm e-mails a copy of itself to Malicious Software other systems; sends itself as an attachment via an Propagation instant message service Payload File sharing creates a copy of itself or infects a file as a virus Countermeasures on removable media Summary Remote execution capability worm executes a copy of itself on another system Remote file access capability worm uses a remote file access or transfer service to copy itself from one system to the other Remote login capability worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other 13/30

  14. ITS335 Example Worms Malicious Software Malicious Software Propagation Payload Countermeasures Summary 14/30

  15. ITS335 Social Engineering Malicious Software Tricking users to assist in the compromise of own system Malicious Software ◮ Unsolicited bulk email Spam Email Propagation ◮ Common carrier of malware as Payload attachments or via links Countermeasures ◮ Used for phishing attacks Summary ◮ Useful software that also performs Trojan Horses harmful functions 15/30

  16. ITS335 Contents Malicious Software Malicious Software Malicious Software Propagation Payload Countermeasures Summary Malware By Propagation Techniques Malware By Payloads Countermeasures Summary 16/30

  17. ITS335 System Corruption Malicious Software Action taken by malware on system: corrupt the system Malicious Software Data Destruction delete, overwrite data; encrypt data and Propagation then demand payment to decrypt (ransomware) Payload Countermeasures Real-World Damage corrupt BIOS code so computer cannot Summary boot; control industrial systems to operate such that they fail, e.g. Stuxnet worm Logic Bomb activate when certain conditions are met, e.g. presence/absence of files, data/time, particular software or user 17/30

  18. ITS335 Zombies and Bots Malicious Software ◮ Take over another Internet attached computer and uses Malicious Software that computer to launch or manage attacks Propagation ◮ botnet: collection of bots capable of acting in a Payload coordinated manner Countermeasures ◮ Uses: Summary ◮ distributed denial-of-service (DDoS) attacks ◮ spamming ◮ sniffing traffic ◮ keylogging ◮ spreading new malware ◮ installing advertisement add-ons and browser plugins ◮ attacking IRC chat networks ◮ manipulating online polls/games 18/30

  19. ITS335 Information Theft Malicious Software Keyloggers Malicious Software Propagation ◮ Captures keystrokes to allow attacker to monitor Payload sensitive information Countermeasures ◮ Typically uses some form of filtering mechanism that Summary only returns information close to keywords, e.g. “login”, “password” Spyware ◮ Subverts the compromised machine to allow monitoring of a wide range of activity on the system ◮ Monitoring history and content of browsing activity ◮ Redirecting certain Web page requests to fake sites ◮ Dynamically modifying data exchanged between the browser and certain Web sites of interest 19/30

  20. ITS335 Phishing Malicious Software ◮ Exploits social engineering to leverage the user’s trust by Malicious Software masquerading as communication from a trusted source Propagation ◮ Include a URL in a spam e-mail that links to a fake Payload Web site that mimics the login page of a banking, Countermeasures gaming, or similar site Summary ◮ Suggests that urgent action is required by the user to authenticate their account ◮ Attacker exploits the account using the captured credentials ◮ Spear-phishing: ◮ recipients are carefully researched by the attacker ◮ e-mail is crafted to specifically suit its recipient, often quoting a range of information to convince them of its authenticity 20/30

  21. ITS335 Other Malware Malicious Software ◮ Backdoor Malicious Software ◮ Trapdoor Propagation ◮ Rootkit Payload Countermeasures ◮ Mobile code Summary ◮ Drive-by-downloads ◮ Flooders ◮ . . . 21/30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer Vienna University of Technology Alessandro Di Federico Politecnico di Milano Federico Maggi Politecnico di Milano Paolo Milani Comparetti Vienna

566 views • 27 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

568 views • 22 slides
A Bestiary of Ugly Malware A non-scientific survey of current day malicious software, as seen in

A Bestiary of Ugly Malware A non-scientific survey of current day malicious software, as seen in

A Bestiary of Ugly Malware A non-scientific survey of current day malicious software, as seen in the wild Marion Marschalek | marion@0x1338.at | @pinkflawd Software that steals your data Software that destroys your data Software that abuses

472 views • 23 slides
Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often masquerades as good software or attaches itself to good software Some malicious programs need host programs Trojan horses, logic bombs, viruses

624 views • 40 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network

Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network

Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network Traces Roberto Perdisci (1,2) , Wenke Lee (1,2) , Nick Feamster (1) (1) (2) USENIX NSDI 2010 Malware = Malicious Software Most modern cyber

601 views • 31 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke Chair for System Security 1 Introduction 2 Malicious Code in SDN 3 Access Control in SDN 4 Conclusions Software-Defined Networks|Horst Grtz

418 views • 19 slides
Untangling the code An overview of techniques to reverse engineer malicious software Prashant

Untangling the code An overview of techniques to reverse engineer malicious software Prashant

Untangling the code An overview of techniques to reverse engineer malicious software Prashant Gupta Security Architect, McAfee Inc. June 3, 2013 McAfee Confidential Internal Use Only Abstract Reverse engineering and analysis of binary code

381 views • 20 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Feb. 8, 2010 Malicious Software Malicious Software programs exploiting system vulnerabilities known

427 views • 10 slides
Firewalls What is a firewall? A machine to protect a network from malicious external

Firewalls What is a firewall? A machine to protect a network from malicious external

Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits between a LAN/WAN and the Internet Running special software to regulate network traffic Lecture 9 Page 1

602 views • 29 slides
CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers a. nappa , z. xu, m.z.

CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers a. nappa , z. xu, m.z.

CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers a. nappa , z. xu, m.z. rafique, j.caballero, g.gu imdea software institute success lab, texas a&m univeristy Cybercriminals use geographically distributed servers to

652 views • 24 slides
Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

OWASP T urkey - Uygulama Gvenlii Gn Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci Siber Gvenlik Dernei ali@ikinci.info 9 June 2012 Turkey About Me Working on Malicious Web Sites

505 views • 31 slides
Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for Networks and Trap doors System Software Logic bombs May 12, 2002 Worms Examples Lecture 11 Lecture 11 Page 1 Page 2 CS 239,

234 views • 12 slides
Second Quarter 2020 Earnings Slides August 4, 2020 Forward-Looking Statements This presentation

Second Quarter 2020 Earnings Slides August 4, 2020 Forward-Looking Statements This presentation

Second Quarter 2020 Earnings Slides August 4, 2020 Forward-Looking Statements This presentation includes forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995. Such forward looking statements

401 views • 29 slides
CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED

CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED

CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX EXPL PLOITS Dr. Ben Livshits Java and Native Interactions 2 Possible to compile bytecode class file to native code class

1.22k views • 86 slides
Malware Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage and

Malware Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage and

CSE 127: Computer Security Malware Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage and David Wagner Vulnerability of the week: Sudo flaw thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html Today

748 views • 39 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
Just a few thoughts The goodol times . From Mata Hari to Kim Possible Slide No.: 2

Just a few thoughts The goodol times . From Mata Hari to Kim Possible Slide No.: 2

Rolf Schulz, Director Just a few thoughts The goodol times . From Mata Hari to Kim Possible Slide No.: 2 Stealing Information but how? The cooperation of insiders was necessary but why should they do this ? financial gain ,

532 views • 40 slides
http://cs224w.stanford.edu Epidemic Model based on Random Trees (a variant of branching

http://cs224w.stanford.edu Epidemic Model based on Random Trees (a variant of branching

CS224W: Social and Information Network Analysis Jure Leskovec, Stanford University http://cs224w.stanford.edu Epidemic Model based on Random Trees (a variant of branching processes) Root node, patient 0 A patient meets d other

774 views • 64 slides
How to Avoid Becoming a Victim of Cybercrime https://ww /www.rayson.us/ae aehan

How to Avoid Becoming a Victim of Cybercrime https://ww /www.rayson.us/ae aehan

How to Avoid Becoming a Victim of Cybercrime https://ww /www.rayson.us/ae aehan anson/presentations/current/psap/ My personal website Online outline of this presentation Has bonus information and links to articles not covered in

1.51k views • 104 slides
Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda

Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda

Ray-Ban phishing scams occur a lot on Facebook CS 88S Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda Review last weeks material Phishing & Social Engineering Various Malwares Spam

774 views • 52 slides

More recommend