SlideShare a Scribd company logo

Malware by Ms. Allwood

Download as PPT, PDF
••
S
Stavia

This document discusses different types of malware such as viruses, worms, Trojans, and blended threats. It describes how viruses spread by infecting files and requiring user interaction, while worms can spread automatically from computer to computer by exploiting vulnerabilities. Trojans appear useful but have hidden malicious functions. Blended threats combine characteristics of different malware types. The document also outlines how malware infects systems, hides, and can be detected through techniques like signatures and behavior analysis.

Software
1 of 27
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
MALWARE
OBJECTIVES  What malware are  Types of malware  How do they infect hosts  How do they hide  How to detect them
WHAT IS A MALWARE ? A Malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do.
WHAT IT IS GOOD FOR ?  Steal personal information  Steal valuable data  Destroy data  Denial of Service  Use your computer as relay
VIRUSES  A malicious piece of code that spreads itself from file to file  A virus needs a host file  Requires user interaction  Like opening a file  Different types of viruses  Program viruses  Boot viruses  Macro viruses Infected File Virus as payload
WORMS  A malicious piece of code that spreads itself from computer to computer by exploiting vulnerabilities  A worm needs no host file  Spreads without user interaction  Can spread via  e-mail attachments  LAN or Internet  2nd generation of worms automatically search for vulnerable computers and infect them  Whole Internet can be infected in less than 20 minutes
TROJANS  “Trojan Horse”  Programs with hidden malicious functionalities  Appear to be screen savers, games, or other “useful” programs  “There’s an app for that!”  IPhone and Android apps
LOGICAL BOMBS  Malicious code programmed to be activated on a specific date, time or circumstances  Action could be everything from formatting hard drive to display a silly message on the user’s screen  Often combined with a virus/worm (e.g, Chernobyl virus)
BLENDED THREATS  Advanced malicious software that combines the characteristics of viruses, worms, trojans and malicious scripts are sometimes called “Blended Threats”  It’s hard to know where to draw the line  Exploits one or many vulnerabilities in programs or operating system *Mick Douglas, PaulDotCom Podcast https://twitter.com/#!/haxorthematrix/statuses/242108
VIRUSES  4 phases:  Dormant phase: It is idle, waiting for some event  Triggering phase: activated to perform some intended actions  Propagation phase: Copy itself into other programs  Execution phase: execute the payload
MACRO VIRUSES  Macro: an executable program embedded in a document to automate repetitive tasks. (save keystrokes)  Application-dependent, e.g., MS office  Cross the O.S. platform  Why virus writers like macro viruses?  Easy to learn  Easy to write  Popularity of MS office
HOW MACRO VIRUS WORKS  Every word document is based on a template  When an existing or new document is opened, the template setting are applied first  A global template: NORMAL.DOT
WORM  Worm: self-replicating over networks, but not infecting program and files  Example: Morris worm, blaster worm
THE STRUCTURE OF WORMS  Target locator (find the target)  Email address collector  IP/port scanner  Warhead  Break into remote machines  Propagation  Automatically sending emails  Automatically attack remote hosts  Remote control and update  Download updates from a web server  Join a IRC channel  Lifecycle management  Commit suicide  Avoid repeatedly infecting the same host  Payload
STATE OF WORM TECHNOLOGY  Multiplatform: Windows, unix, mac, …  Multiexploit: web server, browser, email,…  Ultrafast spreading: host/port scanning  Polymorphic: Each copy has new code generated by equivalent instructions and encryption techniques.  Metamorphic: different behavior patterns  Transport vehicles: for the payloads (spread attacking tools and zombies)  Zero-day exploit: self-updated
DISCUSSION  Is it a good idea to spread worms with system patches?
TROJAN  A program with hidden side-effects that are not specified in the program documentation and are not intended by the user executing the program
WHAT A TROJAN CAN DO  Remote administration trojans: attackers get the complete control of a PC  Backdoor: steal data and files  Distributed attacks: zombie network  Password stealers: capture stored passwords  Audio, video capturing: control devices  Keyloggers: capture inputting passwords  Adware: popup advertisements  Logic bomb: only executed when a specific trigger condition is met
FAMILIAR WITH YOUR PC  Startup programs/services  Frequently used IP ports 20/21 FTP 23 Telnet 25 SMTP 80 WWW  Netstat
MALWARE PAYLOADS  No payload  Payload without damage Only display some information  Payload with little impact Modify documents (wazzu virus)  Payload with heavy impact Remove files, format storage Encrypting data (blackmail) Destroy hardware (W95.CIH): rewrite flash bios  DDoS attacks  Steal data for profit
MALWARE NAMING  CARO (computer antivirus researchers organization)  CARO naming convention (1991)  <family_name>.<group_name>.<Infective_length >.<variant>.<modifier>  e.g., cascade.1701.A.  Platform prefix  win32.nimda.A@mm
MALWARE DEFENSES (1)  Detection: once the infection has occurred, determine that it has occurred and locate the virus  Identification: once detection has been achieved, identify the specific virus that has infected a program  Removal: once the specific virus has been identified, remove the virus from the infected program and restore it to its original state
MALWARE DEFENSES (2)  The first generation scanner Virus signature (bit pattern) Maintains a record of the length of programs  The second generation scanner Looks for fragments of code (neglect unnecessary code) Checksum of files (integrity checking)  Virus-specific detection algorithm Deciphering (W95.Mad, xor encrypting) Filtering
MALWARE DEFENSES (3)  The third generation scanner  Identify a virus by its actions  The fourth generation scanner  Include a variety of anti-virus techniques  Collection method  Using honeypots
MALWARE IN MOBILE PHONES  Mobile phones are computers with great connectivity  Internet  WLAN  Bluetooth  Regular phone network (SMS, MMS)  RFID
IN THE FUTURE…  New spreading methods: e.g., RFID Infected! Infected! Infected!
QUESTIONS?

More Related Content

PPTX
Malwares
Claire Medolla
 
PPTX
Introduction to Malwares
Abdelhamid Limami
 
PPTX
MALWARE AND ITS TYPES
daniyalqureshi712
 
PPT
Malware
Tuhin_Das
 
PDF
Malware and security
Gurbakash Phonsa
 
PPTX
MALWARE
Anupam Das
 
PPTX
Malware & Anti-Malware
Arpit Mittal
 
PPTX
Trojans and backdoors
Gaurav Dalvi
 
Malwares
Claire Medolla
 
Introduction to Malwares
Abdelhamid Limami
 
MALWARE AND ITS TYPES
daniyalqureshi712
 
Malware
Tuhin_Das
 
Malware and security
Gurbakash Phonsa
 
MALWARE
Anupam Das
 
Malware & Anti-Malware
Arpit Mittal
 
Trojans and backdoors
Gaurav Dalvi
 

What's hot (20)

PPTX
Trojan virus & backdoors
Shrey Vyas
 
PPTX
Common malware and countermeasures
Noushin Ahson
 
PPTX
computer virus ppt.pptx
Abiniyavk
 
PPT
Virus
CHITRA S
 
PPTX
Malware and it's types
Aakash Baloch
 
PDF
What is malware
Malcolm York
 
PPTX
Types of malware
techexpert2345
 
DOCX
Introduction to trojans and backdoors
jibinmanjooran
 
PPT
Trojan backdoors
seth edmond
 
PDF
Malware
Nikola Milosevic
 
PPT
Introduction to Malware
amiable_indian
 
PPTX
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
PPTX
Computer Malware and its types
Jatin Kumar
 
PPT
Trojan horse
Gaurang Rathod
 
PPT
Backdoor
phanleson
 
PPT
spyware
Akhil Kumar
 
PPTX
Ppt123
Faiz Khan
 
PPTX
Dickmaster
DickMaster1
 
PDF
How To Protect From Malware
INFONAUTICS GmbH
 
PPT
Viruses and Spyware
Buffalo Seminary
 
Trojan virus & backdoors
Shrey Vyas
 
Common malware and countermeasures
Noushin Ahson
 
computer virus ppt.pptx
Abiniyavk
 
Virus
CHITRA S
 
Malware and it's types
Aakash Baloch
 
What is malware
Malcolm York
 
Types of malware
techexpert2345
 
Introduction to trojans and backdoors
jibinmanjooran
 
Trojan backdoors
seth edmond
 
Malware
Nikola Milosevic
 
Introduction to Malware
amiable_indian
 
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
Computer Malware and its types
Jatin Kumar
 
Trojan horse
Gaurang Rathod
 
Backdoor
phanleson
 
spyware
Akhil Kumar
 
Ppt123
Faiz Khan
 
Dickmaster
DickMaster1
 
How To Protect From Malware
INFONAUTICS GmbH
 
Viruses and Spyware
Buffalo Seminary
 
Ad

Viewers also liked (14)

PPTX
Android village @nullcon 2012
hakersinfo
 
PDF
Android malware overview, status and dilemmas
Tech and Law Center
 
PPTX
Security Awareness 9 10 09 V4 Virus Trojan
Megan Bell
 
PDF
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
 
PPT
Tesina Sobri
Abraham Domínguez Cuña
 
PPT
Virus (Trojan Horse,Salami Attack)
Ferellica
 
PPTX
Network virus
A M
 
PPTX
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
PPS
introduction to malwares,virus,trojan horse
Spandan Patnaik
 
PPTX
Template ppt Android Menarik
Saeful Bahri
 
PPT
Computer Malware
aztechtchr
 
PDF
Pitch Deck Templates for Startups
NextView Ventures
 
PDF
Contoh Desain Slide Presentasi Ilmiah Kreatif dan Menarik #3
Arry Rahmawan
 
PDF
State of the Word 2011
photomatt
 
Android village @nullcon 2012
hakersinfo
 
Android malware overview, status and dilemmas
Tech and Law Center
 
Security Awareness 9 10 09 V4 Virus Trojan
Megan Bell
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
 
Tesina Sobri
Abraham Domínguez Cuña
 
Virus (Trojan Horse,Salami Attack)
Ferellica
 
Network virus
A M
 
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
introduction to malwares,virus,trojan horse
Spandan Patnaik
 
Template ppt Android Menarik
Saeful Bahri
 
Computer Malware
aztechtchr
 
Pitch Deck Templates for Startups
NextView Ventures
 
Contoh Desain Slide Presentasi Ilmiah Kreatif dan Menarik #3
Arry Rahmawan
 
State of the Word 2011
photomatt
 
Ad

Similar to Malware by Ms. Allwood (20)

PPTX
1311782 634629102605888750
bhagatsigh
 
PPTX
MALWARE AND ITS TYPES
Sagilasagi1
 
PDF
Computer viruses
MDAZAD53
 
PDF
COMPUTER VIRUSES AND WORMS.pdf
Mahmud Hasan Tanvir
 
PPT
Unit - 5.ppt
DHANABALSUBRAMANIAN
 
DOC
Malware
zelkan19
 
DOC
Malware
zelkan19
 
PPTX
Internet Security
Manoj Sahu
 
PPT
Malicious
ashraf karaimeh
 
PPTX
Mitppt
Aarti Prakash
 
PDF
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
eLiberatica
 
PPT
Chapter-10 key management and distribution.ppt
ubaidullah75790
 
PPT
Computer virus
omroyal
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
ODP
Virus&malware
Robin Garza
 
PPT
Computer virus
Walden University
 
PPT
Virus
Nitin Dhiman
 
PPTX
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
PPT
Ne Course Part One
backdoor
 
PPT
W 12 computer viruses
Institute of Management Studies UOP
 
1311782 634629102605888750
bhagatsigh
 
MALWARE AND ITS TYPES
Sagilasagi1
 
Computer viruses
MDAZAD53
 
COMPUTER VIRUSES AND WORMS.pdf
Mahmud Hasan Tanvir
 
Unit - 5.ppt
DHANABALSUBRAMANIAN
 
Malware
zelkan19
 
Malware
zelkan19
 
Internet Security
Manoj Sahu
 
Malicious
ashraf karaimeh
 
Mitppt
Aarti Prakash
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
eLiberatica
 
Chapter-10 key management and distribution.ppt
ubaidullah75790
 
Computer virus
omroyal
 
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
Virus&malware
Robin Garza
 
Computer virus
Walden University
 
Virus
Nitin Dhiman
 
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
Ne Course Part One
backdoor
 
W 12 computer viruses
Institute of Management Studies UOP
 

Recently uploaded (20)

PPTX
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
PDF
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
PPTX
Explanation about Structures in C language.pptx
Veeral Rathod
 
PDF
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
PDF
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PDF
lesson-2-rules-of-netiquette.pdf.bshhsjdj
jasmenrojas249
 
PDF
Adobe Illustrator Crack Full Download (Latest Version 2025) Pre-Activated
imang66g
 
PDF
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
PDF
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
PDF
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
PDF
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
PDF
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
PPTX
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
PPTX
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PPTX
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
PDF
ChatPharo: an Open Architecture for Understanding How to Talk Live to LLMs
ESUG
 
PDF
Protecting the Digital World Cyber Securit
dnthakkar16
 
PDF
New Download FL Studio Crack Full Version [Latest 2025]
imang66g
 
PPTX
Web Testing.pptx528278vshbuqffqhhqiwnwuq
studylike474
 
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
Explanation about Structures in C language.pptx
Veeral Rathod
 
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
lesson-2-rules-of-netiquette.pdf.bshhsjdj
jasmenrojas249
 
Adobe Illustrator Crack Full Download (Latest Version 2025) Pre-Activated
imang66g
 
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
ChatPharo: an Open Architecture for Understanding How to Talk Live to LLMs
ESUG
 
Protecting the Digital World Cyber Securit
dnthakkar16
 
New Download FL Studio Crack Full Version [Latest 2025]
imang66g
 
Web Testing.pptx528278vshbuqffqhhqiwnwuq
studylike474
 

Malware by Ms. Allwood

  • 2. OBJECTIVES  What malware are  Types of malware  How do they infect hosts  How do they hide  How to detect them
  • 3. WHAT IS A MALWARE ? A Malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do.
  • 4. WHAT IT IS GOOD FOR ?  Steal personal information  Steal valuable data  Destroy data  Denial of Service  Use your computer as relay
  • 5. VIRUSES  A malicious piece of code that spreads itself from file to file  A virus needs a host file  Requires user interaction ď‚— Like opening a file  Different types of viruses ď‚— Program viruses ď‚— Boot viruses ď‚— Macro viruses Infected File Virus as payload
  • 6. WORMS  A malicious piece of code that spreads itself from computer to computer by exploiting vulnerabilities ď‚— A worm needs no host file ď‚— Spreads without user interaction  Can spread via ď‚— e-mail attachments ď‚— LAN or Internet  2nd generation of worms automatically search for vulnerable computers and infect them ď‚— Whole Internet can be infected in less than 20 minutes
  • 7. TROJANS  “Trojan Horse”  Programs with hidden malicious functionalities  Appear to be screen savers, games, or other “useful” programs ď‚— “There’s an app for that!”  IPhone and Android apps
  • 8. LOGICAL BOMBS  Malicious code programmed to be activated on a specific date, time or circumstances  Action could be everything from formatting hard drive to display a silly message on the user’s screen  Often combined with a virus/worm (e.g, Chernobyl virus)
  • 9. BLENDED THREATS  Advanced malicious software that combines the characteristics of viruses, worms, trojans and malicious scripts are sometimes called “Blended Threats” ď‚— It’s hard to know where to draw the line  Exploits one or many vulnerabilities in programs or operating system *Mick Douglas, PaulDotCom Podcast https://twitter.com/#!/haxorthematrix/statuses/242108
  • 10. VIRUSES  4 phases: ď‚— Dormant phase: It is idle, waiting for some event ď‚— Triggering phase: activated to perform some intended actions ď‚— Propagation phase: Copy itself into other programs ď‚— Execution phase: execute the payload
  • 11. MACRO VIRUSES  Macro: an executable program embedded in a document to automate repetitive tasks. (save keystrokes)  Application-dependent, e.g., MS office  Cross the O.S. platform  Why virus writers like macro viruses? ď‚— Easy to learn ď‚— Easy to write ď‚— Popularity of MS office
  • 12. HOW MACRO VIRUS WORKS  Every word document is based on a template  When an existing or new document is opened, the template setting are applied first  A global template: NORMAL.DOT
  • 13. WORM  Worm: self-replicating over networks, but not infecting program and files  Example: Morris worm, blaster worm
  • 14. THE STRUCTURE OF WORMS  Target locator (find the target) ď‚— Email address collector ď‚— IP/port scanner  Warhead ď‚— Break into remote machines  Propagation ď‚— Automatically sending emails ď‚— Automatically attack remote hosts  Remote control and update ď‚— Download updates from a web server ď‚— Join a IRC channel  Lifecycle management ď‚— Commit suicide ď‚— Avoid repeatedly infecting the same host  Payload
  • 15. STATE OF WORM TECHNOLOGY  Multiplatform: Windows, unix, mac, …  Multiexploit: web server, browser, email,…  Ultrafast spreading: host/port scanning  Polymorphic: Each copy has new code generated by equivalent instructions and encryption techniques.  Metamorphic: different behavior patterns  Transport vehicles: for the payloads (spread attacking tools and zombies)  Zero-day exploit: self-updated
  • 16. DISCUSSION  Is it a good idea to spread worms with system patches?
  • 17. TROJAN  A program with hidden side-effects that are not specified in the program documentation and are not intended by the user executing the program
  • 18. WHAT A TROJAN CAN DO  Remote administration trojans: attackers get the complete control of a PC  Backdoor: steal data and files  Distributed attacks: zombie network  Password stealers: capture stored passwords  Audio, video capturing: control devices  Keyloggers: capture inputting passwords  Adware: popup advertisements  Logic bomb: only executed when a specific trigger condition is met
  • 19. FAMILIAR WITH YOUR PC  Startup programs/services  Frequently used IP ports ď‚—20/21 FTP ď‚—23 Telnet ď‚—25 SMTP ď‚—80 WWW  Netstat
  • 20. MALWARE PAYLOADS  No payload  Payload without damage ď‚—Only display some information  Payload with little impact ď‚—Modify documents (wazzu virus)  Payload with heavy impact ď‚—Remove files, format storage ď‚—Encrypting data (blackmail) ď‚—Destroy hardware (W95.CIH): rewrite flash bios  DDoS attacks  Steal data for profit
  • 21. MALWARE NAMING  CARO (computer antivirus researchers organization)  CARO naming convention (1991)  <family_name>.<group_name>.<Infective_length >.<variant>.<modifier> ď‚— e.g., cascade.1701.A.  Platform prefix ď‚— win32.nimda.A@mm
  • 22. MALWARE DEFENSES (1)  Detection: once the infection has occurred, determine that it has occurred and locate the virus  Identification: once detection has been achieved, identify the specific virus that has infected a program  Removal: once the specific virus has been identified, remove the virus from the infected program and restore it to its original state
  • 23. MALWARE DEFENSES (2)  The first generation scanner ď‚—Virus signature (bit pattern) ď‚—Maintains a record of the length of programs  The second generation scanner ď‚—Looks for fragments of code (neglect unnecessary code) ď‚—Checksum of files (integrity checking)  Virus-specific detection algorithm ď‚—Deciphering (W95.Mad, xor encrypting) ď‚—Filtering
  • 24. MALWARE DEFENSES (3)  The third generation scanner ď‚— Identify a virus by its actions  The fourth generation scanner ď‚— Include a variety of anti-virus techniques  Collection method ď‚— Using honeypots
  • 25. MALWARE IN MOBILE PHONES  Mobile phones are computers with great connectivity ď‚— Internet ď‚— WLAN ď‚— Bluetooth ď‚— Regular phone network (SMS, MMS) ď‚— RFID
  • 26. IN THE FUTURE…  New spreading methods: e.g., RFID Infected! Infected! Infected!

Editor's Notes

  • #6: Wax borad, egg, invisible ink...
  • #7: Wax borad, egg, invisible ink...
  • #8: Wax borad, egg, invisible ink...
  • #9: Wax borad, egg, invisible ink...
  • #10: Wax borad, egg, invisible ink...
  • #26: Wax borad, egg, invisible ink...