Learning malware for fun and profitPresentation Transcript
Learning MALWARE !for fun and profit SRINU firstname.lastname@example.org
What is malware? Types of malwares. How to create your own malware (Educational purpose only) Writing signatures to antiviruses.Evading antiviruses. (Educational purpose only)
What is a malware ? Malware short for malicious software .malware is a piece of software that is designed todisrupt operation , gather information , gainunauthorized access to system resources, and forexploitation purposes. The malware is a general term used by acomputer professionals to mean a variety of forms ofhostile , intrusive, or annoying software orprogramming code. In simply malware is a set of instructionsthat run on your computer and make your system dosomething that an attacker wants it to do.
Types of malwareThere are many types of malwares are there.most common are : Viruses Worms Rootkits Trojans Backdoors Spyware Keylogger Adware Crimeware ScarewareThis list goes on …………………
What is a Virus?A computer virus is a program that can replicateitself and spread from one computer to another. if a computer program is called asa virus it most have the capability to spread fromone file to another file and one computer toanother computer by means of Network or internetor carried it by a removable devices likeCD’s, DVD’s, Floppy disks and USB devices. in simply virus is a program thatcan infect other programs by modifying them toinclude a, possibly evolved, version of itself.
Indications of Virus attackHard drive is accessed even when not usingthe computer.Computer freezes frequently or encounterserrors.Computer slows down when programs starts.Files and Folders are missing (god has to knowwhat happened to files).Unable to load operating system files.Browser window freezes.
When computer get infected by Viruses Don’t having proper antivirus application. Not updating antivirus and operating system and applications. Installing pirated softwares and rouge applications. Opening an infected E-Mail attachments.
How to create your own Virus (Educational purpose only) DEMO
What is a WormA computer worm is a self-replicating malwarewhich uses a computer network to send copies ofitself to another computer. However, a computer worm does notneed to attach itself to a program in your systemlike a computer virus does in order to function. A computer worm generally localizes itsdamage to the computer network by causingincreased bandwidth(only applicable to old wormtypes )
Indications of worm attacks• Unusual network traffic in pc• Not able to visit websites due to bandwidth is flooded by worm.• Unusual files in network shares.• Unable to update antiviruses.
How Worm spreads Peer 2 peer (p2p) Infected USB Network Emailsnetworks like devices. shares. uTorrent.
How to create your own Worm (Educational purpose only) DEMO
Rootkit Rootkit is a stealthy type ofmalware designed to hide its existence fromprocesses viewer and other monitor softwares.
Types of rootkits• There are two different types of rootkits. they are : – User Mode rootkit User Mode – Kernel Mode rootkit Supervisor / Kernel Mode
Backdoors• A Backdoor is a way in to the system that allows an attacker to access the victim machine.• after penetrating the victim machine the attacker installs the backdoor in it.• it used to access the victim machine.• Example: NetCat
Backdoor !!!!Hey got thebackdoor. PWNED
Trojan• Trojan is a piece of software which contains both legitimate code and malicious code.• performs covert and overt actions.• Frequently embedded in applets, games and email attachments.• Examples – Beast – ProRat
Small story about Trojan
How to create your own Trojan (Educational purpose only) DEMO
Best Tips to Defend Against Malware Protect your computer with strong security software and keep updated. Enable Back up your automatic files regularly. Windows updates. Be careful Beware of when engaging spam-based in peer-to-peer phishing (P2P) file- schemes. sharing.
Writing signatures to antiviruses Mostly antivirus signature writers usethree methods to create signatures They are: MD5 hashes Byte code Heuristic