malware what is malware
play

Malware What is malware? Malware: malicious software worm - PowerPoint PPT Presentation

Mar 22, 2024 •115 likes •540 views

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

  1. Malware

  2. What is malware? • Malware: malicious software • worm • ransomware • adware • virus • trojan horse • etc.

  3. … and how do we fight it? • AV software • Firewalls • Filtering • Patching • Writing more secure software • Training users

  4. How to Monetize Malware • Botnets • Networking infected computers together • Sending instructions to those computers to do things like: • Send spam • Mine cryptocurrency • Perform ad fraud • Perform DDoS attacks • Stealing banking credentials • Stealing Bitcoin and other alternative currencies • Ransoming the computer • Pay per install software

  5. How malware spreads • Attachments in emails • Other social engineering • Drive-by downloads • Spreading itself

  6. Vulnerabilities vs. Exploits • Vulnerability: hole in software • Exploit: code written to use vulnerability to gain unauthorized access to something • There’s way more known vulnerabilities than known exploits. • https://www.exploit-db.com/ vs. https://nvd.nist.gov/

  7. Zero Day Attacks • Realized exploit comes before known vulnerability • Fairly rare • Zero days are expensive — 1.5 million USD for Apple iOS 10 exploit • Overwhelmingly, exploits in the wild are not 0day.

  8. Morris Worm • Created in 1988 by Robert Morris • Purportedly to measure the Internet • Infected 10% of computers connected to the Internet • Slowed down computers to where they became unusable.

  9. Morris Worm • Exploited Unix systems through: • sendmail • finger • rsh • weak passwords • Note that the vulnerabilities that he exploited were known. • Buggy: installed itself multiple times, didn’t phone home, etc.

  10. Effects of Morris Worm • CERT organizations worldwide • CERT-CC at CMU funded by the US gov • Patching known vulnerabilities • More attention to computer security

  11. Conficker • Computer worm first appearing in November 2008 • Sinkholed in 2009 • Good guys registered domain names used for attacks • Operators arrested in 2011 • Still infecting computers today • Millions of infections — hard to count.

  12. Conficker — how it spreads • Conficker-A: Vulnerability in Windows. Infected machines scanned IP space for more machines. • Conficker-B: Added infected USB devices, shared network folders with weak passwords. • Conficker C: Hardened new command and control infrastructure and added fake AV as a monitization. • Conficker D-E: Turned from centralized botnet to peer-to-peer

  13. Conficker Infections over Time

  14. Reaction to Conficker • Patch released before worm, yet patch rate was slow. • Large scale anti-botnet effort • Microsoft added security updates for unlicensed software • Conficker botnet shrank at a slower pace than the market share of Windows XP / Vista

  15. Stuxnet • Worm first known about in 2010, detected as early as 2005 • Built by the US and Israeli governments to attack Iranian nuclear program • Targets PLCs through Windows computers • Infected over 200,000 Windows machines

  16. Stuxnet - how it spreads • Use zero day exploits to compromise Windows machines • Spread using USB drives, peer-to-peer RPC • Bridges computers connected to the Internet with those that aren’t • Attacks files connected to certain SCADA software • Hijacks communication

  17. Reaction to Stuxnet • Cyberwarfare IRL • Car bomb attacks against Iranians by Iranian government • Some efforts to isolate important PLCs better: • Similar effort against North Korea failed • Doqu/Flame

  18. Drive by downloads • Website infected with malware • Malware injects code into webpage • That code infects those who visit it by directing them to an exploit kit through an intermediary

  19. How are websites targeted? • Find an exploit in a certain piece of software • Use Google Dorks to find websites with that vulnerability • Compromised advertising • Other ways?

  20. Exploit Kits • Each machine has different software on it • Uses a host of exploits to infect a machine • Exploit kits can be bought or rented

  21. Fake Antivirus • Installs itself on your machine and forces you to buy software • Many people buy this software • Largely shut down by shutting down payment processors

  22. Ransomware • Encrypts all your files using a key: • Old: same key for all • New: different key for each system • Requires victim to pay criminal to get files back: • Old: Payments through Western Union and the like • New: Payments through Bitcoin

  23. Computer Virus • A type of malicious software program ("malware") that, when executed, replicates itself by modifying other computer programs and inserting its own code. - Wikipedia

  24. Parts of a Virus • Infection vector: How a virus spreads • Trigger: Sets off the malicious functionality • Payload: The malicious functionality

  25. Phases of a Virus Scanning and Propagating Waiting for a trigger Dormant triggered Execute

  26. How do they infect? Malware Executable File

  27. How do they infect? Malware Executable File

  28. How do they infect? Malware Executable File

  29. How do they infect? Executable File Malware

  30. How do they infect? Malware Executable File Malware

  31. How do they infect? Malware

  32. How do they infect? Packer Executable File Malware

  33. How do they execute? Malware Executable File Line of code

  34. How do they execute? Malware Executable File Line of code

  35. Definitions • Self-Modifying code: Code that can change itself (usually without changing the functionality) • Polymorphic malware: Infects others with an encrypted copy of itself. Encryption and code changes. • Backdoor: Malware that leaves hidden ways of replicating itself • Rootkit: Malicious software to maintain access to system; good at hiding itself.

  36. ILOVEYOU • Bug in email: sent out messages subject:ILOVEYOU and attachment:LOVE-LETTER- FOR-YOU.txt.vbs • .vbs files were hidden • Propogation: Sent itself to all addresses in address book • Payload: Overwrote random files

  37. Adware • Software that contains unwanted ads

  38. Types of Ad Fraud • Pretend to be part of the ad chain and buy traffic, get paid. • Have bots, sell fake ad traffic • Disguise source of traffic to ads • Cookie stuffing — fake affiliate cookies • Ad Stacking — show invisible ads to consumer

  39. Adblock Plus • Browser-based Ad blocker • Let in some “acceptible” ads • Is this adware? Fraud?

  40. Fake Software • Stuffing ads into software • Maybe turning paid software into freeware? • Is this adware? fraud?

  41. DNSChanger • Upon infecting your computer, changed your routers’ nameserver settings. • Started in 2006. FBI raided in 2011. Shut down in 2012. Still alive today. • Main changes? Major ad networks • Is this adware? fraud?

  42. My Really Cool Toolbar • Lots of toolbars, other browser extensions • Useful functionality • Changed settings (homepage, etc) • Hard to Remove • Is this adware? fraud?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

567 views • 22 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND & CONTROL QUESTIONS & ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware Detection The number of new malware exceeds 75 million by the end of 2011, and is still increasing. The number of malware that produced

1.34k views • 91 slides
Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Describe types of malware See certain malware behaviors Scan and analyze malware

883 views • 25 slides
More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based malware: Exploit kits Fake AV Ransomware Today (continuation) How Malware Spreads Adware Computer Virus A type of malicious

647 views • 23 slides
Secure Computation without Coordination Amos Beimel (BGU) Yuval Ishai (Technion, UCLA) Eyal

Secure Computation without Coordination Amos Beimel (BGU) Yuval Ishai (Technion, UCLA) Eyal

Ad Hoc PSM Protocols: Secure Computation without Coordination Amos Beimel (BGU) Yuval Ishai (Technion, UCLA) Eyal Kushilevitz (Technion) Eurocrypt 2017 Ad Hoc MPC [BGIK16] The (basic) problem: Universe of n (honest but curious) parties.

419 views • 14 slides
CARES Act Grants: Submission and Review May 14, 2020 Chat Feature Select the Chat icon to make

CARES Act Grants: Submission and Review May 14, 2020 Chat Feature Select the Chat icon to make

CARES Act Grants: Submission and Review May 14, 2020 Chat Feature Select the Chat icon to make a comment or ask a question . Be certain the To field is set to All Participants An orange dot on the Chat icon indicates that you have unread

825 views • 33 slides
1 2 + Why are we at this workshop? + What are we hoping to get from it? + What are we hoping to

1 2 + Why are we at this workshop? + What are we hoping to get from it? + What are we hoping to

1 2 + Why are we at this workshop? + What are we hoping to get from it? + What are we hoping to contribute to it? 3 Most important reason (with homage/apologies to Vanilla Ice) + Vendor - SemWeb expertise in applications in enterprise

342 views • 18 slides
CSCI 4250/6250 Fall 2011 Computer and Networks Security Malware Goodrich, Chapter 4

CSCI 4250/6250 Fall 2011 Computer and Networks Security Malware Goodrich, Chapter 4

CSCI 4250/6250 Fall 2011 Computer and Networks Security Malware Goodrich, Chapter 4 Viruses, Worms, Trojans, Rootkits Malware = Malicious Software can be classified into several categories, depending on propagation and concealment

472 views • 46 slides
Chardae Caine Research Associate ccaine@lkm.org 785.354.9565 What is Cybersecurity? The body

Chardae Caine Research Associate ccaine@lkm.org 785.354.9565 What is Cybersecurity? The body

www.lkm.org Chardae Caine Research Associate ccaine@lkm.org 785.354.9565 What is Cybersecurity? The body of information technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage,

444 views • 19 slides
Detecting the behavioral relationships of malware connections (slides) Conference Paper August

Detecting the behavioral relationships of malware connections (slides) Conference Paper August

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/307638742 Detecting the behavioral relationships of malware connections (slides) Conference Paper August 2016 CITATIONS READS 0

380 views • 17 slides
SherlockDroid, an Inspector for Android Marketplaces Axelle Apvrille - FortiGuard Labs, Fortinet

SherlockDroid, an Inspector for Android Marketplaces Axelle Apvrille - FortiGuard Labs, Fortinet

SherlockDroid, an Inspector for Android Marketplaces Axelle Apvrille - FortiGuard Labs, Fortinet Ludovic Apvrille - Institut Mines-Telecom, Telecom ParisTech, LTCI CNRS Hack.Lu, Luxembourg October 2014 Who are we? Axelle Ludovic Hack.Lu

718 views • 55 slides

More recommend