Malware Fall 2006
Overview <ul><li>Malware </li></ul><ul><li>Specific problems </li></ul><ul><ul><li>Computer virus, worms, trojan horses </...
What’s Malware? <ul><li>Mal icious soft ware </li></ul><ul><li>Software with malicious intent </li></ul><ul><ul><li>Differ...
Viruses <ul><li>Programs that attach themselves to another program to gain access to your machine </li></ul><ul><ul><li>Ma...
Worms <ul><li>Like a virus but they are self-contained programs (they don’t need a host)  </li></ul><ul><li>Copy themselve...
Adware <ul><li>Some programs are “free” but they support their costs by sending ads to your machine </li></ul><ul><ul><li>...
Spyware <ul><li>You download a music player </li></ul><ul><li>The music player includes an additional program that is inst...
How Bad is The Threat? (Bad!) <ul><li>2006 Internet Security Emerging Threat List (2/15/06)  (http://www.safetyonline.org)...
What You Can (and Should) Do <ul><li>Install and run antivirus software </li></ul><ul><ul><li>Update virus definitions wee...
E-mail spoofing <ul><li>You receive e-mail appearing to be from one source….  But it's actually from another source </li><...
What enables spoofing? <ul><li>Life was simpler once upon a time… </li></ul><ul><ul><li>Expensive and difficult to put a m...
The Email
Where The Link Takes Me
The Real Bank’s Page
They Want Info!
Phishing <ul><li>A attempt to gain personal information for purposes of identity theft, etc. </li></ul><ul><li>Faked e-mai...
Examples Bank of America scam
E-mail Lessons <ul><li>Do not open attachments unless you know what they are </li></ul><ul><ul><li>Antivirus software chec...
Virus through a Link in an Email <ul><li>Link  seems  to be to CS dept. (www.cs.virginia.edu) </li></ul><ul><li>That’s the...
What Is a Cookie? <ul><li>A small piece of information stored by your web-browser on your PC when you visit a site </li></...
Cookies: Web-servers Store Some Info on your PC <ul><li>When sending back a page, server also sends a cookie </li></ul><ul...
Cookies Can Be Beneficial <ul><li>Shopping Carts </li></ul><ul><ul><li>Server creates a cart, stored on server </li></ul><...
What’s a Web Bug? <ul><li>Graphic image on a Web page or in an Email message </li></ul><ul><li>Links to an external site, ...
How Does This Work? <ul><li>Web bug: on some other server </li></ul><ul><li>Remember: when a server delivers a HTML file o...
Examples (in HTML) <ul><li><img src=&quot;http://ad.doubleclick.net/ad/pixel.quicken/NEW&quot; width=1 height=1 border=0> ...
What Info Can Be Gathered? <ul><li>Again, the server where the bug lives will log: </li></ul><ul><ul><li>The IP address of...
Web Bugs: What Can You Do? <ul><li>Not easy to identify web bugs </li></ul><ul><li>New email clients disable image display...
Browser Hijack <ul><li>An extremely nasty adware </li></ul><ul><li>Resets homepage to a particular site </li></ul><ul><ul>...
Protecting Your Computer <ul><li>Practice the core three protections  </li></ul><ul><ul><li>Install </li></ul></ul><ul><ul...
Passwords <ul><li>Use strong passwords </li></ul><ul><ul><li>At least 8 characters with numbers and symbols </li></ul></ul...
Resources <ul><li>Top 8 Cyber Security Practices  http:// www.staysafeonline.info/practices/index.html </li></ul>
Review <ul><li>Midterm next Wednesday </li></ul><ul><li>Another review session Tuesday 11AM </li></ul><ul><li>Short answer...
Outline <ul><li>Ethics: no ethics on exam </li></ul><ul><li>Internet history:  </li></ul><ul><ul><li>what’s the difference...
Outline II <ul><li>JavaScript: no JavaScript code </li></ul><ul><ul><li>Difference between dynamic and static pages </li><...
Outline III <ul><li>Digital audio </li></ul><ul><ul><li>What is sampling?  Compression? </li></ul></ul><ul><li>Malware </l...
Upcoming SlideShare
Loading in...5
×

Introduction to Malware

7,021

Published on

Introduction to Malware - Matthew Cettei

Published in: Technology
1 Comment
12 Likes
Statistics
Notes
No Downloads
Views
Total Views
7,021
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
0
Comments
1
Likes
12
Embeds 0
No embeds

No notes for slide
  • Introduction to Malware

    1. 1. Malware Fall 2006
    2. 2. Overview <ul><li>Malware </li></ul><ul><li>Specific problems </li></ul><ul><ul><li>Computer virus, worms, trojan horses </li></ul></ul><ul><ul><li>Adware, spyware </li></ul></ul><ul><ul><li>Web bugs </li></ul></ul><ul><ul><li>Cookies </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><li>Email spoofing </li></ul></ul><ul><li>Solutions/Precautions </li></ul>
    3. 3. What’s Malware? <ul><li>Mal icious soft ware </li></ul><ul><li>Software with malicious intent </li></ul><ul><ul><li>Different from software with bugs </li></ul></ul>
    4. 4. Viruses <ul><li>Programs that attach themselves to another program to gain access to your machine </li></ul><ul><ul><li>May do nothing on your machine or may destroy all your files </li></ul></ul><ul><ul><li>Seek to use your machine as a launching point to infect other machines </li></ul></ul><ul><ul><li>Expand exponentially through recursion </li></ul></ul>
    5. 5. Worms <ul><li>Like a virus but they are self-contained programs (they don’t need a host) </li></ul><ul><li>Copy themselves from machine-to-machine </li></ul><ul><li>Scan for other vulnerable machines </li></ul>
    6. 6. Adware <ul><li>Some programs are “free” but they support their costs by sending ads to your machine </li></ul><ul><ul><li>i.e. Kazaa </li></ul></ul>
    7. 7. Spyware <ul><li>You download a music player </li></ul><ul><li>The music player includes an additional program that is installed and runs continuously </li></ul><ul><li>This program records the websites you visit and sends them to a database </li></ul>
    8. 8. How Bad is The Threat? (Bad!) <ul><li>2006 Internet Security Emerging Threat List (2/15/06) (http://www.safetyonline.org) </li></ul><ul><ul><li>Hackers use Instant Messaging to spread viruses and worms </li></ul></ul><ul><ul><li>Phishing fraud becomes more prevalent and sophisticated </li></ul></ul><ul><ul><li>Viruses attack cell phones and PDAs </li></ul></ul><ul><ul><li>Hackers target online brokerage accounts </li></ul></ul><ul><ul><li>Internet crimes go unreported </li></ul></ul>
    9. 9. What You Can (and Should) Do <ul><li>Install and run antivirus software </li></ul><ul><ul><li>Update virus definitions weekly </li></ul></ul><ul><ul><li>UVA: free Norton Anti-virus </li></ul></ul><ul><li>Keep your computer’s operating system and programs updated </li></ul><ul><ul><li>Example: MS Windows, run Windows Update, weekly </li></ul></ul><ul><li>Run anti-spyware software </li></ul><ul><ul><li>Run regular sweeps/scans </li></ul></ul><ul><ul><li>UVA: free SpySweeper </li></ul></ul>
    10. 10. E-mail spoofing <ul><li>You receive e-mail appearing to be from one source…. But it's actually from another source </li></ul><ul><li>Sender’s goal? To trick you into: </li></ul><ul><ul><li>Sending secure info (password, account number) </li></ul></ul><ul><ul><li>Running an attachment </li></ul></ul><ul><ul><li>Clicking on a link that runs a program </li></ul></ul>
    11. 11. What enables spoofing? <ul><li>Life was simpler once upon a time… </li></ul><ul><ul><li>Expensive and difficult to put a mail-server on the net (and have administrator privileges on it) </li></ul></ul><ul><ul><li>Managed by responsible admins: business, government, universities </li></ul></ul><ul><ul><li>Open standards </li></ul></ul><ul><li>Today: </li></ul><ul><ul><li>Easy, cheap, well-understood by everyone </li></ul></ul>
    12. 12. The Email
    13. 13. Where The Link Takes Me
    14. 14. The Real Bank’s Page
    15. 15. They Want Info!
    16. 16. Phishing <ul><li>A attempt to gain personal information for purposes of identity theft, etc. </li></ul><ul><li>Faked e-mail messages appear to come from legitimate, official source </li></ul><ul><li>Fool you into divulging personal data such as </li></ul><ul><ul><li>account numbers </li></ul></ul><ul><ul><li>passwords </li></ul></ul><ul><ul><li>credit card numbers </li></ul></ul><ul><ul><li>Social Security numbers </li></ul></ul><ul><li>No company will ever ask you for such info by e-mail. If in doubt, call them or contact them directly (not by replying) </li></ul>
    17. 17. Examples Bank of America scam
    18. 18. E-mail Lessons <ul><li>Do not open attachments unless you know what they are </li></ul><ul><ul><li>Antivirus software checks attachments as you open them! </li></ul></ul><ul><li>Suspect spoofing </li></ul><ul><ul><li>Look for anything odd in the message </li></ul></ul><ul><ul><li>Double-check with sender </li></ul></ul><ul><li>Phishing: don’t get caught </li></ul><ul><ul><li>Be suspicious. Look for your name, account number, etc. in an e-mail </li></ul></ul><ul><ul><li>Don’t click on links, go directly to the site. </li></ul></ul>
    19. 19. Virus through a Link in an Email <ul><li>Link seems to be to CS dept. (www.cs.virginia.edu) </li></ul><ul><li>That’s the text of the link </li></ul><ul><ul><li>It links to someplace else </li></ul></ul><ul><ul><li>An attachment that is disguised so it doesn’t appear </li></ul></ul><ul><ul><li>The small box is the only clue </li></ul></ul>
    20. 20. What Is a Cookie? <ul><li>A small piece of information stored by your web-browser on your PC when you visit a site </li></ul><ul><li>What’s stored: </li></ul><ul><ul><li>A URL related to the site you visited </li></ul></ul><ul><ul><li>A name/value pair (the information content) </li></ul></ul><ul><ul><li>(Optional) An expiration date </li></ul></ul><ul><li>Why is it a “cookie”? </li></ul><ul><ul><li>An old CS term for a chunk of data used obscurely </li></ul></ul>
    21. 21. Cookies: Web-servers Store Some Info on your PC <ul><li>When sending back a page, server also sends a cookie </li></ul><ul><li>Your browser stores it on your PC </li></ul><ul><li>Later, visit same site </li></ul><ul><li>You request a page and your browser has a cookie matching that URL on your PC </li></ul><ul><li>Browser sends URL and cookie to web-server </li></ul><ul><li>Web-server processes cookie </li></ul><ul><li>May return updated cookies with page </li></ul>
    22. 22. Cookies Can Be Beneficial <ul><li>Shopping Carts </li></ul><ul><ul><li>Server creates a cart, stored on server </li></ul></ul><ul><ul><li>You visit other pages, but a cookie lets the server know you’re the person who created that cart </li></ul></ul><ul><li>Other personalization </li></ul><ul><ul><li>“Welcome back, Jane User!” </li></ul></ul><ul><ul><li>“Items you viewed recently are…” </li></ul></ul><ul><li>Recognizing legitimate users for a site </li></ul><ul><ul><li>Register and log-in, but then a cookie means you don’t have to log-in every time </li></ul></ul>
    23. 23. What’s a Web Bug? <ul><li>Graphic image on a Web page or in an Email message </li></ul><ul><li>Links to an external site, not an image embedded in your message </li></ul><ul><li>Designed to monitor who is reading the Web page or Email message </li></ul><ul><li>May be invisible (size 1 pixel by 1 pixel) or not </li></ul><ul><li>Sometimes knowns as a &quot;clear GIFs&quot;, &quot;1-by-1 GIFs&quot; or &quot;invisible GIFs“ </li></ul><ul><li>(More info: http:// www.eff.org/Privacy/Marketing/web_bug.html ) </li></ul>
    24. 24. How Does This Work? <ul><li>Web bug: on some other server </li></ul><ul><li>Remember: when a server delivers a HTML file or an image file, it logs this </li></ul><ul><ul><li>A page or an email can have an image that’s stored on some external site </li></ul></ul><ul><ul><li>Thus the server there logs delivery of that image (even if it’s invisible to you) </li></ul></ul>
    25. 25. Examples (in HTML) <ul><li><img src=&quot;http://ad.doubleclick.net/ad/pixel.quicken/NEW&quot; width=1 height=1 border=0> </li></ul><ul><li><img width='1' height='1' src=&quot;http://www.m0.net/m/logopen02.asp? vid=3&catid=370153037&email=SMITHS%40tiac.net&quot; alt=&quot; &quot;> </li></ul>
    26. 26. What Info Can Be Gathered? <ul><li>Again, the server where the bug lives will log: </li></ul><ul><ul><li>The IP address of your computer </li></ul></ul><ul><ul><li>The URL of the page that the Web Bug is located on </li></ul></ul><ul><ul><li>The URL of the Web Bug image </li></ul></ul><ul><ul><li>The time the Web Bug was viewed </li></ul></ul><ul><ul><li>The type of browser that fetched the Web Bug image </li></ul></ul><ul><li>Also possible: Info from any cookie that's on your machine </li></ul>
    27. 27. Web Bugs: What Can You Do? <ul><li>Not easy to identify web bugs </li></ul><ul><li>New email clients disable image display </li></ul>
    28. 28. Browser Hijack <ul><li>An extremely nasty adware </li></ul><ul><li>Resets homepage to a particular site </li></ul><ul><ul><li>Ads, porn – something you don’t want </li></ul></ul><ul><ul><li>Any change you make doesn’t affect it </li></ul></ul><ul><li>Software running on your machine </li></ul><ul><ul><li>Does the usual adware/spyware stuff </li></ul></ul><ul><ul><li>Also changes your browser settings </li></ul></ul><ul><ul><li>Runs when system starts – changes the settings back </li></ul></ul>
    29. 29. Protecting Your Computer <ul><li>Practice the core three protections </li></ul><ul><ul><li>Install </li></ul></ul><ul><ul><li>Configure </li></ul></ul><ul><ul><li>Regularly update </li></ul></ul><ul><li>Do not open unexpected emails </li></ul><ul><li>Do not download attachments in unsolicited emails </li></ul><ul><li>Take precautions to protect your mobile devices </li></ul><ul><li>Reporter Internet crimes to proper authorities </li></ul>
    30. 30. Passwords <ul><li>Use strong passwords </li></ul><ul><ul><li>At least 8 characters with numbers and symbols </li></ul></ul><ul><ul><li>Don’t use real words </li></ul></ul><ul><ul><li>Don’t use the same password for every online account </li></ul></ul><ul><ul><li>Vary your passwords for each site, and use a password profiler tool </li></ul></ul>
    31. 31. Resources <ul><li>Top 8 Cyber Security Practices http:// www.staysafeonline.info/practices/index.html </li></ul>
    32. 32. Review <ul><li>Midterm next Wednesday </li></ul><ul><li>Another review session Tuesday 11AM </li></ul><ul><li>Short answer and multiple choice. </li></ul>
    33. 33. Outline <ul><li>Ethics: no ethics on exam </li></ul><ul><li>Internet history: </li></ul><ul><ul><li>what’s the difference between the web and the Internet </li></ul></ul><ul><ul><li>Packet switching </li></ul></ul><ul><li>HTML </li></ul><ul><ul><li>Be able to translate some basic HTML into output (formatting, links, images) </li></ul></ul><ul><ul><li>CSS: what is the purpose </li></ul></ul>
    34. 34. Outline II <ul><li>JavaScript: no JavaScript code </li></ul><ul><ul><li>Difference between dynamic and static pages </li></ul></ul><ul><li>Spreadsheets </li></ul><ul><ul><li>Why use them? Why use referencing? Produce output from sample formulas </li></ul></ul><ul><li>PowerPoint </li></ul><ul><ul><li>Terms </li></ul></ul><ul><li>Search Engines </li></ul><ul><ul><li>What do spiders do? MetaTags? </li></ul></ul>
    35. 35. Outline III <ul><li>Digital audio </li></ul><ul><ul><li>What is sampling? Compression? </li></ul></ul><ul><li>Malware </li></ul><ul><ul><li>Know types and some good practices </li></ul></ul><ul><li>Not on midterm: </li></ul><ul><ul><li>Ethics, binary & hex, JavaScript code </li></ul></ul>

    ×