More Malware Last Class Worms: Morris Worm Stuxnet Conficker - - PowerPoint PPT Presentation

more malware last class
SMART_READER_LITE
LIVE PREVIEW

More Malware Last Class Worms: Morris Worm Stuxnet Conficker - - PowerPoint PPT Presentation

Jan 07, 2023 404 likes •647 views

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based malware: Exploit kits Fake AV Ransomware Today (continuation) How Malware Spreads Adware Computer Virus A type of malicious

slide-1
SLIDE 1

More Malware

slide-2
SLIDE 2

Last Class

  • Worms:
  • Morris Worm
  • Stuxnet
  • Conficker
  • Web-based malware:
  • Exploit kits
  • Fake AV
  • Ransomware
slide-3
SLIDE 3

Today

  • (continuation) How Malware Spreads
  • Adware
slide-4
SLIDE 4

Computer Virus

  • A type of malicious software program ("malware")

that, when executed, replicates itself by modifying

  • ther computer programs and inserting its own
  • code. - Wikipedia
slide-5
SLIDE 5

Parts of a Virus

  • Infection vector: How a virus spreads
  • Trigger: Sets off the malicious functionality
  • Payload: The malicious functionality
slide-6
SLIDE 6

Phases of a Virus

Dormant Scanning and Propagating Waiting for a trigger Execute

triggered

slide-7
SLIDE 7

How do they infect?

Malware Executable File

slide-8
SLIDE 8

How do they infect?

Malware Executable File

slide-9
SLIDE 9

How do they infect?

Executable File Malware

slide-10
SLIDE 10

How do they infect?

Executable File Malware

slide-11
SLIDE 11

How do they infect?

Executable File Malware Malware

slide-12
SLIDE 12

How do they infect?

Malware

slide-13
SLIDE 13

How do they infect?

Executable File Malware

Packer

slide-14
SLIDE 14

How do they execute?

Executable File Malware Line of code

slide-15
SLIDE 15

How do they execute?

Executable File Malware Line of code

slide-16
SLIDE 16

Definitions

  • Self-Modifying code: Code that can change itself

(usually without changing the functionality)

  • Polymorphic malware: Infects others with an encrypted

copy of itself. Encryption and code changes.

  • Backdoor: Malware that leaves hidden ways of

replicating itself

  • Rootkit: Malicious software to maintain access to

system; good at hiding itself.

slide-17
SLIDE 17

ILOVEYOU

  • Bug in email: sent out messages

subject:ILOVEYOU and attachment:LOVE-LETTER- FOR-YOU.txt.vbs

  • .vbs files were hidden
  • Propogation: Sent itself to all addresses in address

book

  • Payload: Overwrote random files
slide-18
SLIDE 18

Adware

  • Software that contains unwanted ads
slide-19
SLIDE 19

Types of Ad Fraud

  • Pretend to be part of the ad chain and buy traffic,

get paid.

  • Have bots, sell fake ad traffic
  • Disguise source of traffic to ads
  • Cookie stuffing — fake affiliate cookies
  • Ad Stacking — show invisible ads to consumer
slide-20
SLIDE 20

Adblock Plus

  • Browser-based Ad blocker
  • Let in some “acceptible” ads
  • Is this adware? Fraud?
slide-21
SLIDE 21

Fake Software

  • Stuffing ads into software
  • Maybe turning paid software into freeware?
  • Is this adware? fraud?
slide-22
SLIDE 22

DNSChanger

  • Upon infecting your computer, changed your

routers’ nameserver settings.

  • Started in 2006. FBI raided in 2011. Shut down in
  • 2012. Still alive today.
  • Main changes? Major ad networks
  • Is this adware? fraud?
slide-23
SLIDE 23

My Really Cool Toolbar

  • Lots of toolbars, other browser extensions
  • Useful functionality
  • Changed settings (homepage, etc)
  • Hard to Remove
  • Is this adware? fraud?