malware fundamentals politehnica university of bucharest 14 th of january 2015 ionuţ – daniel...

of 12 /12
Malware Fundamentals POLITEHNICA University of Bucharest 14 th of January 2015 Ionuţ – Daniel BARBU

Author: bethany-gardner

Post on 23-Dec-2015




2 download

Embed Size (px)


  • Slide 1
  • Malware Fundamentals POLITEHNICA University of Bucharest 14 th of January 2015 Ionu Daniel BARBU
  • Slide 2
  • Agenda Evolution Security implementations in Operating Systems Historical facts Malware types Source of the information:
  • Slide 3
  • Source: Evolution
  • Slide 4
  • Operating Systems Designed for security but not for the INTERNET Windows NT Offered the option of multi profiles but not of multi users Partial memory protection No Access Privileges Concept Windows 9x XP limited accounts Vista User Account Control The first user was administrator by default Removed 7 BitLocker Drive Encryption and Biometrics Improved Windows Firewall, Microsoft Security Essentials & Windows Defender 8 New authentication methods Newer Versions Consumer versions of Windows were originally designed for ease-of-use on a single-user PC without a network connection, and did not have security features built in from the outset., Wikipedia Windows Patch Tuesday
  • Slide 5
  • Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Regin Reversed in November 2014 Samples date from 2003 Customized SpyingStealthySteal Information Stuxnet Worm discovered in 2010 Attacked industrial programmable logic controllers Ruined 20% of Irans nuclear centrifuges Cause harmSabotage CryptoLocker Ransomware Trojan Discovered by Dell SecureWorks Propagated via e-mail attachments or botnets Encrypts Money Extortion - Bitcoin
  • Slide 6
  • History 1949 John von Neumann introduces the theory of self replicating programs 1972 Veith RISAK writes an article describing a fully functional virus for SIEMENS 4004/35 1980 - Jrgen KRAUS: computer programs can behave in a way similar to biological viruses Early Stages 1971 Creeper Virus ARPANET Im the creeper, catch me if you can! The Reaper worm was design to catch it it did! 1982 ELK Cloner first personal computer virus displayed a poem 1992 first Windows Virus - WinVir First Computer Viruses Source:
  • Slide 7
  • Viruses When infected: Steals hard disk space of CPU time Access private information, corrupts data Keystroke logging the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent. Motivation: Seek profit Message Conveying Sabotage Denial of Service Anti - virus Open Source Proprietary Often use of complex anti- detection/stealth strategies to evade antivirus software. Keep the same last modification date, file size or try to kill detection tasks Read requests intercept, self modification, encrypted viruses, polymorphic vs metamorphic code Methods: Social Engineering Security Vulnerabilities Replication Techniques: Resident (after installation it remains in RAM) vs. non-resident (scans for targets, infects and exits) Macro virus (embedded in macro containing documents) Boot sector When executed, it replicates by inserting copies of self in other programs etc.
  • Slide 8
  • Worms Unlike a virus, it does not need to attach itself to an existing program. At least some harm is caused due to bandwidth consumption. The payload is usually designed to delete files, encrypt or send docs via mail. Patching Firewall Many of them are payload free, however even these cause major disruption: Morris Worm 1988 (first distributed worm via Internet from MIT) Backdoors represent a known payload and they usually lead to Zombie computers and further to botnets Packet filters ACL standalone malware computer program that replicates itself in order to spread to other computers
  • Slide 9
  • Trojan Horse Zeus / Zbot Microsoft Windows OS Steal banking information Man-in-the-browser Keystroke logging Distributes also CryptoLocker carries out actions determined by its nature remote access hack Interesting use: anonymizer proxy! data theft or loss Beasts 2.07 system harm can act as a backdoor Protection: IPS IDS Content Filtering .is a generally non-self- replicating type of malware program containing malicious code Source:
  • Slide 10
  • Others Backdoor Method of bypassing normal authentication Basic example of backdoor: default password Rootkit Hide existence of certain processes or programs Enables continued privileges to a computer Spyware & Adware Aids in gathering information about a person or organization without their knowledge Automatically renders advertisements in order to generate revenue for its author
  • Slide 11
  • Zero - Day Antivirus software signatures are not yet available Behavior signatures Zero Day Vulnerability & Exploit Sandbox
  • Slide 12
  • Thank you! If you think technology can solve your security problems, then you dont understand the problems and you dont understand the technology. Bruce Schneier