Scribd Logo
Upload

Welcome to Scribd!

  • Easttom PPT 05 Final

    Uploaded by

    mohamedabdulkadir767
    11 views35 pages
    This chapter discusses various types of malware including viruses, Trojan horses, spyware, and buffer overflow attacks. It explains how viruses spread through email and networks, and provides examples of specific viruses like Sobig and Bagle. Trojan horses and spyware are described as programs that conceal malicious functions. The chapter also covers buffer overflow attacks, rootkits, and detecting malware using antivirus and anti-spyware software. The objectives are to understand common malware threats and how to defend against attacks.

    Original Description:

    Original Title

    easttom_ppt_05_final

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This chapter discusses various types of malware including viruses, Trojan horses, spyware, and buffer overflow attacks. It explains how viruses spread through email and networks, and provides examples of specific viruses like Sobig and Bagle. Trojan horses and spyware are described as programs that conceal malicious functions. The chapter also covers buffer overflow attacks, rootkits, and detecting malware using antivirus and anti-spyware software. The objectives are to understand common malware threats and how to defend against attacks.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    11 views35 pages

    Easttom PPT 05 Final

    Uploaded by

    mohamedabdulkadir767
    This chapter discusses various types of malware including viruses, Trojan horses, spyware, and buffer overflow attacks. It explains how viruses spread through email and networks, and provides examples of specific viruses like Sobig and Bagle. Trojan horses and spyware are described as programs that conceal malicious functions. The chapter also covers buffer overflow attacks, rootkits, and detecting malware using antivirus and anti-spyware software. The objectives are to understand common malware threats and how to defend against attacks.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 35

    Computer Security

    Fundamentals

    by Chuck Easttom

    Chapter 5 Malware
    Chapter 5 Objectives

     Understand viruses and how they propagate


     Have a working knowledge of several specific
    viruses
     Understand virus scanners
     Understand what a Trojan horse is

    © 2016 Pearson, Inc. Chapter 5 Malware 2


    Chapter 5 Objectives (cont.)

     Have a working knowledge of several specific


    Trojan horse attacks
     Understand the buffer overflow attack
     Understand spyware
     Defend against these attacks

    © 2016 Pearson, Inc. Chapter 5 Malware 3


    Introduction

     Virus outbreaks
     How they work
     Why they work
     How they are deployed
     Buffer overflow attacks
     Spyware
     Other malware

    © 2016 Pearson, Inc. Chapter 5 Malware 4


    Viruses

     A computer virus
     Self-replicates
     Spreads rapidly
     May or may not have a malicious payload

    © 2016 Pearson, Inc. Chapter 5 Malware 5


    Viruses (cont.)

    How a virus spreads


     Finds a network connection; copies itself to
    other hosts on the network
     Requires programming skill
    OR
     Mails itself to everyone in host’s address book
     Requires less programming skill

    © 2016 Pearson, Inc. Chapter 5 Malware 6


    Viruses (cont.)

     E-mail propagation
     More common for one major reason;
     Microsoft Outlook is easy to work with.
     Five lines of code can cause Outlook to send e-
    mails covertly.
     Other viruses spread using their own e-mail
    engine.

    © 2016 Pearson, Inc. Chapter 5 Malware 7


    Viruses (cont.)

     Network propagation.
     Less frequent, but just as effective
     Web site delivery.
     Relies on end-user negligence
     Multiple vectors for a virus are becoming
    more common.

    © 2016 Pearson, Inc. Chapter 5 Malware 8


    Viruses (cont.)

     Virus Types
     Macro
     Multi-Partite
     Armored
     Memory Resident
     Sparse Infector
     Polymorphic

    © 2016 Pearson, Inc. Chapter 5 Malware 9


    Viruses (cont.)

    Symantic site information on the Sobig virus

    © 2016 Pearson, Inc. Chapter 5 Malware 10


    Viruses (cont.)

    Information on the Minmail virus from the Sophos site

    © 2016 Pearson, Inc. Chapter 5 Malware 11


    Viruses (cont.)

    Information on the Bagle virus from the internet.com site

    © 2016 Pearson, Inc. Chapter 5 Malware 12


    Viruses (cont.)

    Virus hoaxes from the McAfee site

    © 2016 Pearson, Inc. Chapter 5 Malware 13


    Viruses (cont.)

    Wikipedia information on Robert Tappan Morris, Jr.

    © 2016 Pearson, Inc. Chapter 5 Malware 14


    Viruses (cont.)

     Examples
     Rombertik
     Gameover ZeuS
     FakeAV

    © 2016 Pearson, Inc. Chapter 5 Malware 15


    Viruses (cont.)

     Rules for avoiding viruses:


     Use a virus scanner.
     DO NOT open questionable attachments.
     Use a code word for safe attachments from
    friends.
     Do not believe “Security Alerts.”

    © 2016 Pearson, Inc. Chapter 5 Malware 16


    Ransomeware

     Examples
     Cryptolocker
     Cryptowall

    © 2016 Pearson, Inc. Chapter 5 Malware 17


    Trojan Horses

    A program that looks benign, but is not


     A cute screen saver or apparently useful

    login box can


     Download harmful software.
     Install a key logger .
     Open a back door for hackers.

    © 2016 Pearson, Inc. Chapter 5 Malware 18


    Trojan Horses (cont.)

     Competent programmers can craft a Trojan


    horse:
     To appeal to a certain person or
     To appeal to a certain demographic
     Company policy should prohibit unauthorized
    downloads.

    © 2016 Pearson, Inc. Chapter 5 Malware 19


    Trojan Horses (cont.)

    Still-valid CERT advisory on Trojan horses

    © 2016 Pearson, Inc. Chapter 5 Malware 20


    Trojan Horses (cont.)

     Competent programmers can craft a Trojan


    horse:
     To appeal to a certain person or
     To appeal to a certain demographic
     Company policy should prohibit unauthorized
    downloads.

    © 2016 Pearson, Inc. Chapter 5 Malware 21


    The Buffer Overflow Attack

     EliteWrap.

    © 2016 Pearson, Inc. Chapter 5 Malware 22


    The Buffer Overflow Attack (cont.)

    A Microsoft Security Bulletin on a buffer overflow attack

    © 2016 Pearson, Inc. Chapter 5 Malware 23


    The Buffer Overflow Attack (cont.)

    Web tutorial for writing buffer overflows

    © 2016 Pearson, Inc. Chapter 5 Malware 24


    Spyware

     Requires more technical knowledge


     Usually used for targets of choice
     Must be tailored to specific circumstances
     Must then be deployed

    © 2016 Pearson, Inc. Chapter 5 Malware 25


    Spyware (cont.)

     Forms of spyware
     Web cookies
     Key loggers

    © 2016 Pearson, Inc. Chapter 5 Malware 26


    Spyware (cont.)

     Legal Uses
     Monitoring children’s computer use
     Monitoring employees
     Illegal Uses
     Deployment will be covert

    © 2016 Pearson, Inc. Chapter 5 Malware 27


    Spyware (cont.)

    Example of free spyware removal software

    © 2016 Pearson, Inc. Chapter 5 Malware 28


    Other Forms of Malware
     Rootkit
     A collection of hacking tools that can
     Monitor traffic and keystrokes
     Create a backdoor
     Alter log files and existing tools to avoid
    detection
     Attack other machines on the network

    © 2016 Pearson, Inc. Chapter 5 Malware 29


    Malicious Web-Based Code

     Web-Based mobile code


     Code that is portable on all operating systems
     Multimedia rushed to market results in poorly
    scripted code
     Spreads quickly on the web

    © 2016 Pearson, Inc. Chapter 5 Malware 30


    Logic Bombs

     Go off on a specific condition


     Often date
     Can be other criteria

    © 2016 Pearson, Inc. Chapter 5 Malware 31


    APT

     Advanced Persistent Threat


     Advanced techniques, not script kiddy’s
     Ongoing over a significant period of time

    © 2016 Pearson, Inc. Chapter 5 Malware 32


    Detecting and Eliminating Viruses
    and Spyware
     Antivirus software operates in two ways:
     Scans for virus signatures
     Keeps the signature file updated
     Watches the behavior of executables
     Attempts to access e-mail address book
     Attempts to change Registry settings

    © 2016 Pearson, Inc. Chapter 5 Malware 33


    Detecting and Eliminating Viruses
    and Spyware (cont.)
     Anti-spyware software
     www.webroot.com
     www.spykiller.com
     www.zerospy.com
     www.spectorsoft.com

    © 2016 Pearson, Inc. Chapter 5 Malware 34


    Summary

     There are a wide variety of attacks.


     Computer security is essential to the
    protection of personal information and your
    company’s intellectual property.
     Most attacks are preventable.
     Defend against attacks with sound practices
    plus antivirus and antispyware software.

    © 2016 Pearson, Inc. Chapter 5 Malware 35

    You might also like