SlideShare a Scribd company logo

Malware & Internet Security Issues

G
G Prachi

This document provides an overview of various internet security threats including malicious webpages, malware, viruses, spyware, and keyloggers. It defines these threats and describes how they infect systems and collect sensitive information without consent. The document also outlines approaches for detecting and preventing these threats, such as using antivirus software, practicing safe browsing habits, and implementing full-featured security solutions.

Technology
1 of 76
Malicious Software and Software Security
List of Topics • Malicious Web • Internet Security Issues • Types of Internet Security Issues • Computer Viruses • Spyware • Key-Loggers • Secure Coding • Electronic and Information Warfare
Malicious Web
Malicious Web • A malicious website is a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device • Requires user action like visiting a website, giving permission to access cookies, etc. • Malicious websites often look like legitimate websites
Malicious Web • they will ask you to install software that your computer appears to need Example: A video website might ask you to install a codec, which is a small piece of information a video player needs to run on a website. You might be used to installing safe codecs, but it only takes one unsafe installation to compromise your machine, and your sensitive information along with it. Similarly, the website might ask for permission to install one program, but install a completely different one
Internet Security Threats
Malicious Software • an internet user can be tricked or forced into downloading software onto a computer that is of malicious intent. • Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.
Malicious Software Malware • Malware short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. • Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.
Malicious Software Botnet • A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet. Virus • Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.
Malicious Software Worms • Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout. Ransomware • Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creators of the malware in order for the restriction to be removed.
Malicious Software Scareware • Scareware is scam software of usually limited or no benefit, containing malicious payloads, that is sold to consumers via certain unethical marketing practices. • The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.
Malicious Software Trojan Horse • A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user willingly allows it to be downloaded onto the computer. Key-Logger • Key-Logger, Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard
Denial of Service Attacks • A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. • Another way of understanding DDoS is seeing it as attacks in cloud computing environment that are growing due to the essential characteristics of cloud computing. • Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
Phishing • Phishing is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information. • Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. • Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media. • Often tactics such as email spoofing are used to make emails appear to be from legitimate senders, or long complex subdomains hide the real website host.
Application Vulnerabilities • Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. • The most severe of these bugs can give network attackers full control over the computer. • Most security applications and suites are incapable of adequate defence against these kinds of attacks.
Computer Virus
Computer Virus • A piece of software that can infect other programs by modifying them • Modification includes injecting the original program with a routine to make copies of the virus program which can then go on to infect other programs • In it’s instructional code, virus carries instructions to make perfect copies of itself • Generally viruses embed themselves into a program
Parts of a Computer Virus • Infection Mechanism: The means by which virus spreads, enabling it to replicate. The mechanism is also referred to as Infection Vector. • Trigger: The event or condition that determines when the payload is activated or delivered. • Payload: What the virus does besides spreading. The payload may involve damage or may involve benign but noticeable activity.
Phases of a Computer Virus • Dormant Phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. • Propagation Phase: The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
General Depiction of a Computer Virus • A virus can be prepended or post-pended to an executable program • In this case, the virus code, V, is prepended to infected programs, and it is assumed that the entry point to the program, when invoked, is the first line of the program.
Compression Virus • Previous virus can be detected easily because virus expands the size of executable file • A way to thwart such a simple means of detecting a virus is to compress the executable file so that both the infected and uninfected versions are of identical length. • We assume that program P1 is infected with the virus CV.
Compression Virus When this program is invoked, control passes to its virus, which performs the following steps 1. For each uninfected file P2 that is found, the virus first compresses that file to produce , which is shorter than the original program by the size of the virus. 2. A copy of the virus is prepended to the compressed program. 3. The compressed version of the original infected program, , is uncompressed. 4. The uncompressed original program is executed.
Classification of Virus by Target • Boot Sector Infector: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. • File Infector: Infects files that the operating system or shell consider to be executable. • Macro Virus: Infects files with macro code that is interpreted by an application.
Classification of Virus by Concealment Strategy • Encrypted Virus: A typical approach is as follows. A portion of the virus creates a random encryption key and encrypts the remainder of the virus. The key is stored with the virus. When an infected program is invoked, the virus uses the stored random key to decrypt the virus. • Stealth Virus: A form of virus explicitly designed to hide itself from detection by antivirus software. Thus, the entire virus, not just a payload is hidden.
Classification of Virus by Concealment Strategy • Polymorphic virus: A virus that mutates with every infection, making detection by the “signature” of the virus impossible. • Metamorphic Virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection. Metamorphic viruses may change their behaviour as well as their appearance.
Virus Toolkits • Virus toolkit enables a relative novice to quickly create a number of different viruses. • Viruses created with toolkits tend to be less sophisticated than viruses designed from scratch. • The sheer number of new viruses that can be generated using a toolkit creates a problem for antivirus schemes.
Virus Countermeasures
Virus Countermeasures Prevention: • Do not allow a virus to get into the system in the first place, or block the ability of a virus to modify any files containing executable code or macros. • But this goal is, in general, impossible to achieve.
Antivirus Approaches • Detection: Once the infection has occurred, determine that it has occurred and locate the virus. • Identification: Once detection has been achieved, identify the specific virus that has infected a program. • Removal: Once the specific virus has been identified, remove all traces of the virus from the infected program and restore it to its original state. Remove the virus from all infected systems so that the virus cannot spread further.
Generations of Antivirus Software • First Generation ( Simple Scanners ) • Second Generation ( Heuristic Scanners ) • Third Generation ( Activity Traps ) • Fourth Generation ( Full-Featured Protection )
First Generation : Simple Scanners • A first-generation scanner requires a virus signature to identify a virus. • The virus may contain “wildcards” but has essentially the same structure and bit pattern in all copies. • Such signature-specific scanners are limited to the detection of known viruses. • Another type of first-generation scanner maintains a record of the length of programs and looks for changes in length.
Second Generation : Heuristic Scanners • A second-generation scanner does not rely on a specific signature. • Rather, the scanner uses heuristic rules to search for probable virus infection. • One class of such scanners looks for fragments of code that are often associated with viruses. • For example, a scanner may look for the beginning of an encryption loop used in a polymorphic virus and discover the encryption key. Once the key is discovered, the scanner can decrypt the virus to identify it, then remove the infection and return the program to service.
Third Generation : Activity Traps • Third-generation programs are memory-resident programs that identify a virus by its actions rather than its structure in an infected program. • Such programs have the advantage that it is not necessary to develop signatures and heuristics for a wide array of viruses. • Rather, it is necessary only to identify the small set of actions that indicate an infection is being attempted and then to intervene.
Fourth Generation : Full-Featured Protection • Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. • These include scanning and activity trap components. • In addition, such a package includes access control capability, which limits the ability of viruses to penetrate a system and then limits the ability of a virus to update files in order to pass on the infection.
Fourth Generation : Full-Featured Protection • Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. • These include scanning and activity trap components. • In addition, such a package includes access control capability, which limits the ability of viruses to penetrate a system and then limits the ability of a virus to update files in order to pass on the infection.
Spyware
Spyware • Spyware is software that aims to gather information about a person or organization sometimes without their knowledge, that may send such information to another entity without the consumer's consent. • That asserts control over a device without the consumer's knowledge, or it may send such information to another entity with the consumer's consent, through cookies.
Types of Spyware • Adware • System Monitors • Tracking Cookies • Trojans • Root-Kits • Web Beacons
Routes of Infection • Spyware does not necessarily spread in the same way as a virus or worm because infected systems generally do not attempt to transmit or copy the software to other computers. • Spyware installs itself on a system by deceiving the user or by exploiting software vulnerabilities. • Spyware is installed without knowledge, or by using deceptive tactics. • Spyware may try to deceive users by bundling itself with desirable software.
Effects and Behaviours • A spyware program rarely operates alone on a computer; an affected machine usually has multiple infections. • A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. • Some spyware disables or even removes competing spyware programs, on the grounds that more spyware-related annoyances increase the likelihood that users will take action to remove the programs.
Remedies and Prevention • As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as various user practices which reduce the chance of getting spyware on a system. • When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system. • For example, some spyware cannot be completely removed by Symantec, Microsoft, PC Tools.
Anti-Spyware Software Anti-Spyware Software works in two ways: 1. They can provide real-time protection in a manner similar to that of anti-virus protection. They scan all incoming network data for spyware and blocks any threats it detects. 2. Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed into the computer. This kind of anti-spyware can often be set to scan on a regular schedule.
Applications • Identity theft and Fraud • Digital Rights Management • Browser Cookies • Personal Relationships
Key-Loggers
Key-Loggers • A key-logger (short for keystroke logger) is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don’t know that your actions are being monitored. • This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.
Legitimate uses of Key-Loggers • Parents can monitor their children’s online activity • Law enforcement may use it to analyse and track incidents linked to the use of personal computers • Employers can make sure their employees are working instead of surfing the web all day.
Types of Key-Loggers • Key-Loggers This version of Key-Loggers records each and every key strokes and send it to the attacker. • Screen-Loggers This version of Key-Loggers take pictures of your screen after specific time intervals and sends it to attackers. Because of this you cannot be safe even in case if you’re using onscreen keyboard
Key-Loggers (Classification) • Hypervisor-based: The key-logger can theoretically reside in a malware hypervisor running underneath the operating system, which thus remains untouched. It effectively becomes a virtual machine. • Kernel-based: A program on the machine obtains root access to hide itself in the OS and intercepts keystrokes that pass through the kernel. This method is difficult both to write and to combat. • API-based: These keyloggers hook keyboard APIs inside a running application. The keylogger registers keystroke events, as if it was a normal piece of the application instead of malware. The keylogger receives an event each time the user presses or releases a key.
Key-Loggers (Classification) • Form grabbing based: Form grabbing-based key-loggers log web form submissions by recording the web browsing on submit events. This happens when the user completes a form and submits it, usually by clicking a button or hitting enter. • Javascript-based: A malicious script tag is injected into a targeted web page, and listens for key events such as onKeyUp(). • Memory-injection-based: Memory Injection based key-loggers perform their logging function by altering the memory tables associated with the browser and other system functions. By patching the memory tables or injecting directly into memory, this technique can be used by malware authors to bypass Windows UAC (User Account Control). The Zeus and SpyEye trojans use this method exclusively.
How Key-Loggers get installed • Key-loggers spread in much the same way that other malicious programs spread. • Key-loggers are installed on your system when you open a file attachment that you received via email, text message, P2P networks, instant message or social networks. • Key-loggers can also be installed just by you visiting a website if that site is infected.
How to detect Key-loggers • Key-loggers are tricky to detect. • Some signs that you may have a key-logger on your device include: slower performance when web browsing, your mouse or keystrokes pause or don’t show up onscreen as what you are actually typing or if you receive error screens when loading graphics or web pages.
How to prevent Key-loggers • Use caution when opening attachments • Watch your passwords • Try an alternative keyboard layout • Use a comprehensive security solution • Protect all your devices • PCs, Macs, smartphones and tablets • with a solution like McAfee LiveSafe, that offers antivirus, firewall, as well as identity and data protection.
Secure Coding • Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. • Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. • Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors.
Secure Coding • By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Buffer Overflow Prevention • Buffer overflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. • For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).
Buffer Overflow Prevention An example of a C program prone to a buffer overflow is
Buffer Overflow Prevention If the user input is larger than the destination buffer, a buffer overflow will occur. To fix this unsafe program, use strncpy to prevent a possible buffer overflow.
Buffer Overflow Prevention Another secure alternative is to dynamically allocate memory on the heap using malloc.
Format String Attack Prevention • A Format String Attack is when a malicious user supplies specific inputs that will eventually be entered as an argument to a function that performs formatting, such as printf(). • The attack involves the adversary reading from or writing to the stack. • The C printf function writes output to stdout. If the parameter of the printf function is not properly formatted, several security bugs can be introduced.
Format String Attack Prevention • Below is a program that is vulnerable to a format string attack. • A malicious argument passed to the program could be “%s%s%s%s%s%s%s”, which can crash the program from improper memory reads.
Integer Overflow Prevention • Integer overflow occurs when an arithmetic operation results in an integer too large to be represented within the available space. A program which does not properly check for integer overflow introduces potential software bugs and exploits.
Integer Overflow Prevention • Below is a program which checks for overflow by confirming the sum is greater than or equal to x and y. If the sum did overflow, the sum would be less than x or less than y.
Integer Overflow Prevention • Below is a program which checks for overflow by confirming the sum is greater than or equal to x and y. If the sum did overflow, the sum would be less than x or less than y.
Electronic and Information Warfare
Electronic and Information Warfare "Coming to grips with information warfare...is like the effort of the blind men to discover the nature of the elephant: the one who touched its leg called it a tree, another who touched its tail called it a rope, and so on. Manifestations of information warfare are similarly perceived...Taken together all the respectably held definitions of the elephant suggest that there is little that is not information warfare.“ ~Martin Libicki [Information Warfare Author]
Weapons of Information Warfare • Information Collection • Information Transport • Information Protection • Information Manipulation • Information Disturbance, Degradation and Denial
Information Collection • Information collection is included as part of information warfare because the information revolution implies the rise of a mode of warfare in which the side that knows more will enjoy decisive advantage. • The idea is that the more information one has, the higher is his/her situational awareness, which leads to better battle plans and, hopefully, better outcomes. • In information warfare, information collection is much less dangerous and much more complete because these technologies can be used to infiltrate situations and gather accurate information with minimal loss of fidelity.
Information Transport • Collecting a large amount of comprehensive information is certainly good practice, but collection is of little value if the information sits in a storage facility, unused. • As such, the ability to transport information into the hands of those who need it, in a timely manner, is another essential aspect of information warfare. • The tools used in this domain are not exactly weapons, but rather civilian technologies put to use in military situations. • The most important of these tools is communication infrastructure, composed of networks of computers, routers, telephone lines, fiber optic cable, telephones, televisions, radios, and other data transport technologies and protocols. • Without these technologies, the ability to transport information in the real-time fashion required by today's standards would be impossible.
Information Protection • One of the most broadly agreed upon aspects of information warfare is the need to minimize the amount of information to which your opponent has access. • A large part of this is protecting the information you have from capture by the other side. • The weapons used to protect the security of our information fall into two classes. • First are those technologies that physically protect our vital data storage facilities, computers, and transport mechanisms, including bomb and bullet proof casings and intrusion prevention mechanisms such as locks and fingerprint scans.
Information Protection • Second, and perhaps more important, are technologies that prevent bits from being seen and intercepted by the enemy. • This certainly includes basic computer security technologies such as passwords, as well as more sophisticated technologies like encryption. • By scrambling its own messages and unscrambling those of the other side, each side performs the quintessential act of information warfare, protecting its own view of reality while degrading that of the other side.
Information Manipulation • Information manipulation in the context of information warfare is the alteration of information with intent to distort the opponent's picture of reality. • This can be done using a number of technologies, including computer software for editing text, graphics, video, audio, and other information transport forms. • Design of the manipulated data is usually done manually so those in command have control over what picture is being presented to the enemy, but the aforementioned technologies are commonly used to make the physical manipulation process faster .
Information Disturbance, Degradation and Denial • The final aspects of information warfare, according to our earlier definition, are disturbance, degradation, and denial. • All three techniques are means to the same general end - preventing the enemy from getting complete, correct information. • Because of their similarity, many of the same weapons are used to achieve one or more of the goals. • Some of the more popular weapons used to wage these types of information warfare are spoofing, noise introduction, jamming, and overloading.
Information Disturbance, Degradation and Denial • Spoofing is a technique used to degrade the quality of the information being sent to the enemy. • The enemy's flow of information is disturbed by the introduction of a spoof, or fake message, into that flow. • The technique works because it allows you to provide false information to the targeted competitor's collection systems to induce this organization to make bad decisions based upon this faulty information.
Information Disturbance, Degradation and Denial • Another way to disturb the information being received by one's opponent is to introduce noise into the frequency they are using. Background noise makes it difficult for the enemy to separate the actual message from the noise. This is a particularly useful technique if the enemy is using forms of wireless communication, since those frequencies can be tapped without having to actually link into a physical network of cables.
Information Disturbance, Degradation and Denial • Jamming is a technique used to achieve denial that involves intercepting signals sent between two communications links or between a sensor and a link. • The signal is intercepted, then jammed or stopped from further progress toward its intended destination. • In most cases, that same signal is stored by the captor as intelligence information and used to determine the enemy's view of its own position in the contest.
Information Disturbance, Degradation and Denial • Overloading is technique used to deny information to the enemy in both military and civilian settings. • By sending a volume of data to the enemy's communication system that is too large for it to handle, one causes a crash or severe degradation of the system's ability to deliver information. • The system is so busy dealing with the overload, it is unable to deliver the essential information to those who need it. This tactic is referred to as a "denial of service" attack, and has been proven both easy and effective. • At one point, a college student was even able to bring down the Whitehouse email server simply by sending 8000 copies of an email message at one time!

Recommended

Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Computer Malware and its types
Computer Malware and its typesComputer Malware and its types
Computer Malware and its typesJatin Kumar
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
Malware
MalwareMalware
MalwareTuhin_Das
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 

Recommended

Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Computer Malware and its types
Computer Malware and its typesComputer Malware and its types
Computer Malware and its typesJatin Kumar
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
Malware
MalwareMalware
MalwareTuhin_Das
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
Virus and antivirus
Virus and antivirus Virus and antivirus
Virus and antivirus zain Ul abadin
 
Malware ppt
Malware pptMalware ppt
Malware pptFaiz Khan
 
Types of malware
Types of malwareTypes of malware
Types of malwaretechexpert2345
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virusLeonor Costa
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Antivirus
AntivirusAntivirus
Antivirusava & araf co.
 
Computer Virus
Computer VirusComputer Virus
Computer VirusMiddle East International School
 
Antivirus
AntivirusAntivirus
AntivirusMeti Liona
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRajah Anuragavan
 
Spyware
SpywareSpyware
SpywareIshita Bansal
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3Sam Bowne
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threatsAzri Abdin
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Pranjal Vyas
 
HOW HACKERS CONDUCT CYBER WARFARE
HOW HACKERS CONDUCT CYBER WARFAREHOW HACKERS CONDUCT CYBER WARFARE
HOW HACKERS CONDUCT CYBER WARFAREUK Defence Cyber School
 

More Related Content

What's hot

Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virusLeonor Costa
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3Sam Bowne
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threatsAzri Abdin
 

What's hot (20)

Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
Virus and antivirus
Virus and antivirus Virus and antivirus
Virus and antivirus
 
Malware ppt
Malware pptMalware ppt
Malware ppt
 
Types of malware
Types of malwareTypes of malware
Types of malware
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
Antivirus
AntivirusAntivirus
Antivirus
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Antivirus
AntivirusAntivirus
Antivirus
 
Cyber security
Cyber securityCyber security
Cyber security
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Spyware
SpywareSpyware
Spyware
 
MALWARE
MALWAREMALWARE
MALWARE
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
 

Similar to Malware & Internet Security Issues

Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Pranjal Vyas
 
Network and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumNetwork and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumHassaan Anjum
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentationNeetu Jain
 
Viruses and virus countetmeasures
Viruses and virus countetmeasuresViruses and virus countetmeasures
Viruses and virus countetmeasuresprawinrajanIT
 
Attack on computer
Attack on computerAttack on computer
Attack on computerRabail khan
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
information about virus
information about virusinformation about virus
information about virustoshan badiye
 
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Cimab Butt
 
Computer virus
Computer virusComputer virus
Computer virussajeena81
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 

Similar to Malware & Internet Security Issues (20)

Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
 
HOW HACKERS CONDUCT CYBER WARFARE
HOW HACKERS CONDUCT CYBER WARFAREHOW HACKERS CONDUCT CYBER WARFARE
HOW HACKERS CONDUCT CYBER WARFARE
 
Network and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumNetwork and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan Anjum
 
anti_virus
anti_virusanti_virus
anti_virus
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentation
 
Viruses and virus countetmeasures
Viruses and virus countetmeasuresViruses and virus countetmeasures
Viruses and virus countetmeasures
 
Attack on computer
Attack on computerAttack on computer
Attack on computer
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Malwares
MalwaresMalwares
Malwares
 
information about virus
information about virusinformation about virus
information about virus
 
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 

More from G Prachi

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architectureG Prachi
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02G Prachi
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 
Basic web security model
Basic web security modelBasic web security model
Basic web security modelG Prachi
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Information security introduction
Information security introductionInformation security introduction
Information security introductionG Prachi
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedomG Prachi
 

More from G Prachi (20)

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Administering security
Administering securityAdministering security
Administering security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Program security
Program securityProgram security
Program security
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 

Recently uploaded

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Malware & Internet Security Issues

  • 2. List of Topics • Malicious Web • Internet Security Issues • Types of Internet Security Issues • Computer Viruses • Spyware • Key-Loggers • Secure Coding • Electronic and Information Warfare
  • 4. Malicious Web • A malicious website is a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device • Requires user action like visiting a website, giving permission to access cookies, etc. • Malicious websites often look like legitimate websites
  • 5. Malicious Web • they will ask you to install software that your computer appears to need Example: A video website might ask you to install a codec, which is a small piece of information a video player needs to run on a website. You might be used to installing safe codecs, but it only takes one unsafe installation to compromise your machine, and your sensitive information along with it. Similarly, the website might ask for permission to install one program, but install a completely different one
  • 7. Malicious Software • an internet user can be tricked or forced into downloading software onto a computer that is of malicious intent. • Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.
  • 8. Malicious Software Malware • Malware short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. • Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.
  • 9. Malicious Software Botnet • A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet. Virus • Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.
  • 10. Malicious Software Worms • Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout. Ransomware • Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creators of the malware in order for the restriction to be removed.
  • 11. Malicious Software Scareware • Scareware is scam software of usually limited or no benefit, containing malicious payloads, that is sold to consumers via certain unethical marketing practices. • The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.
  • 12. Malicious Software Trojan Horse • A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user willingly allows it to be downloaded onto the computer. Key-Logger • Key-Logger, Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard
  • 13. Denial of Service Attacks • A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. • Another way of understanding DDoS is seeing it as attacks in cloud computing environment that are growing due to the essential characteristics of cloud computing. • Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
  • 14. Phishing • Phishing is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information. • Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. • Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media. • Often tactics such as email spoofing are used to make emails appear to be from legitimate senders, or long complex subdomains hide the real website host.
  • 15. Application Vulnerabilities • Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. • The most severe of these bugs can give network attackers full control over the computer. • Most security applications and suites are incapable of adequate defence against these kinds of attacks.
  • 17. Computer Virus • A piece of software that can infect other programs by modifying them • Modification includes injecting the original program with a routine to make copies of the virus program which can then go on to infect other programs • In it’s instructional code, virus carries instructions to make perfect copies of itself • Generally viruses embed themselves into a program
  • 18. Parts of a Computer Virus • Infection Mechanism: The means by which virus spreads, enabling it to replicate. The mechanism is also referred to as Infection Vector. • Trigger: The event or condition that determines when the payload is activated or delivered. • Payload: What the virus does besides spreading. The payload may involve damage or may involve benign but noticeable activity.
  • 19. Phases of a Computer Virus • Dormant Phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. • Propagation Phase: The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
  • 20. General Depiction of a Computer Virus • A virus can be prepended or post-pended to an executable program • In this case, the virus code, V, is prepended to infected programs, and it is assumed that the entry point to the program, when invoked, is the first line of the program.
  • 21. Compression Virus • Previous virus can be detected easily because virus expands the size of executable file • A way to thwart such a simple means of detecting a virus is to compress the executable file so that both the infected and uninfected versions are of identical length. • We assume that program P1 is infected with the virus CV.
  • 22. Compression Virus When this program is invoked, control passes to its virus, which performs the following steps 1. For each uninfected file P2 that is found, the virus first compresses that file to produce , which is shorter than the original program by the size of the virus. 2. A copy of the virus is prepended to the compressed program. 3. The compressed version of the original infected program, , is uncompressed. 4. The uncompressed original program is executed.
  • 23. Classification of Virus by Target • Boot Sector Infector: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. • File Infector: Infects files that the operating system or shell consider to be executable. • Macro Virus: Infects files with macro code that is interpreted by an application.
  • 24. Classification of Virus by Concealment Strategy • Encrypted Virus: A typical approach is as follows. A portion of the virus creates a random encryption key and encrypts the remainder of the virus. The key is stored with the virus. When an infected program is invoked, the virus uses the stored random key to decrypt the virus. • Stealth Virus: A form of virus explicitly designed to hide itself from detection by antivirus software. Thus, the entire virus, not just a payload is hidden.
  • 25. Classification of Virus by Concealment Strategy • Polymorphic virus: A virus that mutates with every infection, making detection by the “signature” of the virus impossible. • Metamorphic Virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection. Metamorphic viruses may change their behaviour as well as their appearance.
  • 26. Virus Toolkits • Virus toolkit enables a relative novice to quickly create a number of different viruses. • Viruses created with toolkits tend to be less sophisticated than viruses designed from scratch. • The sheer number of new viruses that can be generated using a toolkit creates a problem for antivirus schemes.
  • 28. Virus Countermeasures Prevention: • Do not allow a virus to get into the system in the first place, or block the ability of a virus to modify any files containing executable code or macros. • But this goal is, in general, impossible to achieve.
  • 29. Antivirus Approaches • Detection: Once the infection has occurred, determine that it has occurred and locate the virus. • Identification: Once detection has been achieved, identify the specific virus that has infected a program. • Removal: Once the specific virus has been identified, remove all traces of the virus from the infected program and restore it to its original state. Remove the virus from all infected systems so that the virus cannot spread further.
  • 30. Generations of Antivirus Software • First Generation ( Simple Scanners ) • Second Generation ( Heuristic Scanners ) • Third Generation ( Activity Traps ) • Fourth Generation ( Full-Featured Protection )
  • 31. First Generation : Simple Scanners • A first-generation scanner requires a virus signature to identify a virus. • The virus may contain “wildcards” but has essentially the same structure and bit pattern in all copies. • Such signature-specific scanners are limited to the detection of known viruses. • Another type of first-generation scanner maintains a record of the length of programs and looks for changes in length.
  • 32. Second Generation : Heuristic Scanners • A second-generation scanner does not rely on a specific signature. • Rather, the scanner uses heuristic rules to search for probable virus infection. • One class of such scanners looks for fragments of code that are often associated with viruses. • For example, a scanner may look for the beginning of an encryption loop used in a polymorphic virus and discover the encryption key. Once the key is discovered, the scanner can decrypt the virus to identify it, then remove the infection and return the program to service.
  • 33. Third Generation : Activity Traps • Third-generation programs are memory-resident programs that identify a virus by its actions rather than its structure in an infected program. • Such programs have the advantage that it is not necessary to develop signatures and heuristics for a wide array of viruses. • Rather, it is necessary only to identify the small set of actions that indicate an infection is being attempted and then to intervene.
  • 34. Fourth Generation : Full-Featured Protection • Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. • These include scanning and activity trap components. • In addition, such a package includes access control capability, which limits the ability of viruses to penetrate a system and then limits the ability of a virus to update files in order to pass on the infection.
  • 35. Fourth Generation : Full-Featured Protection • Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. • These include scanning and activity trap components. • In addition, such a package includes access control capability, which limits the ability of viruses to penetrate a system and then limits the ability of a virus to update files in order to pass on the infection.
  • 37. Spyware • Spyware is software that aims to gather information about a person or organization sometimes without their knowledge, that may send such information to another entity without the consumer's consent. • That asserts control over a device without the consumer's knowledge, or it may send such information to another entity with the consumer's consent, through cookies.
  • 38. Types of Spyware • Adware • System Monitors • Tracking Cookies • Trojans • Root-Kits • Web Beacons
  • 39. Routes of Infection • Spyware does not necessarily spread in the same way as a virus or worm because infected systems generally do not attempt to transmit or copy the software to other computers. • Spyware installs itself on a system by deceiving the user or by exploiting software vulnerabilities. • Spyware is installed without knowledge, or by using deceptive tactics. • Spyware may try to deceive users by bundling itself with desirable software.
  • 40. Effects and Behaviours • A spyware program rarely operates alone on a computer; an affected machine usually has multiple infections. • A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. • Some spyware disables or even removes competing spyware programs, on the grounds that more spyware-related annoyances increase the likelihood that users will take action to remove the programs.
  • 41. Remedies and Prevention • As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as various user practices which reduce the chance of getting spyware on a system. • When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system. • For example, some spyware cannot be completely removed by Symantec, Microsoft, PC Tools.
  • 42. Anti-Spyware Software Anti-Spyware Software works in two ways: 1. They can provide real-time protection in a manner similar to that of anti-virus protection. They scan all incoming network data for spyware and blocks any threats it detects. 2. Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed into the computer. This kind of anti-spyware can often be set to scan on a regular schedule.
  • 43. Applications • Identity theft and Fraud • Digital Rights Management • Browser Cookies • Personal Relationships
  • 45. Key-Loggers • A key-logger (short for keystroke logger) is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don’t know that your actions are being monitored. • This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.
  • 46. Legitimate uses of Key-Loggers • Parents can monitor their children’s online activity • Law enforcement may use it to analyse and track incidents linked to the use of personal computers • Employers can make sure their employees are working instead of surfing the web all day.
  • 47. Types of Key-Loggers • Key-Loggers This version of Key-Loggers records each and every key strokes and send it to the attacker. • Screen-Loggers This version of Key-Loggers take pictures of your screen after specific time intervals and sends it to attackers. Because of this you cannot be safe even in case if you’re using onscreen keyboard
  • 48. Key-Loggers (Classification) • Hypervisor-based: The key-logger can theoretically reside in a malware hypervisor running underneath the operating system, which thus remains untouched. It effectively becomes a virtual machine. • Kernel-based: A program on the machine obtains root access to hide itself in the OS and intercepts keystrokes that pass through the kernel. This method is difficult both to write and to combat. • API-based: These keyloggers hook keyboard APIs inside a running application. The keylogger registers keystroke events, as if it was a normal piece of the application instead of malware. The keylogger receives an event each time the user presses or releases a key.
  • 49. Key-Loggers (Classification) • Form grabbing based: Form grabbing-based key-loggers log web form submissions by recording the web browsing on submit events. This happens when the user completes a form and submits it, usually by clicking a button or hitting enter. • Javascript-based: A malicious script tag is injected into a targeted web page, and listens for key events such as onKeyUp(). • Memory-injection-based: Memory Injection based key-loggers perform their logging function by altering the memory tables associated with the browser and other system functions. By patching the memory tables or injecting directly into memory, this technique can be used by malware authors to bypass Windows UAC (User Account Control). The Zeus and SpyEye trojans use this method exclusively.
  • 50. How Key-Loggers get installed • Key-loggers spread in much the same way that other malicious programs spread. • Key-loggers are installed on your system when you open a file attachment that you received via email, text message, P2P networks, instant message or social networks. • Key-loggers can also be installed just by you visiting a website if that site is infected.
  • 51. How to detect Key-loggers • Key-loggers are tricky to detect. • Some signs that you may have a key-logger on your device include: slower performance when web browsing, your mouse or keystrokes pause or don’t show up onscreen as what you are actually typing or if you receive error screens when loading graphics or web pages.
  • 52. How to prevent Key-loggers • Use caution when opening attachments • Watch your passwords • Try an alternative keyboard layout • Use a comprehensive security solution • Protect all your devices • PCs, Macs, smartphones and tablets • with a solution like McAfee LiveSafe, that offers antivirus, firewall, as well as identity and data protection.
  • 53. Secure Coding • Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. • Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. • Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors.
  • 54. Secure Coding • By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
  • 55. Buffer Overflow Prevention • Buffer overflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. • For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflowed data may overwrite data in the next location which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).
  • 56. Buffer Overflow Prevention An example of a C program prone to a buffer overflow is
  • 57. Buffer Overflow Prevention If the user input is larger than the destination buffer, a buffer overflow will occur. To fix this unsafe program, use strncpy to prevent a possible buffer overflow.
  • 58. Buffer Overflow Prevention Another secure alternative is to dynamically allocate memory on the heap using malloc.
  • 59. Format String Attack Prevention • A Format String Attack is when a malicious user supplies specific inputs that will eventually be entered as an argument to a function that performs formatting, such as printf(). • The attack involves the adversary reading from or writing to the stack. • The C printf function writes output to stdout. If the parameter of the printf function is not properly formatted, several security bugs can be introduced.
  • 60. Format String Attack Prevention • Below is a program that is vulnerable to a format string attack. • A malicious argument passed to the program could be “%s%s%s%s%s%s%s”, which can crash the program from improper memory reads.
  • 61. Integer Overflow Prevention • Integer overflow occurs when an arithmetic operation results in an integer too large to be represented within the available space. A program which does not properly check for integer overflow introduces potential software bugs and exploits.
  • 62. Integer Overflow Prevention • Below is a program which checks for overflow by confirming the sum is greater than or equal to x and y. If the sum did overflow, the sum would be less than x or less than y.
  • 63. Integer Overflow Prevention • Below is a program which checks for overflow by confirming the sum is greater than or equal to x and y. If the sum did overflow, the sum would be less than x or less than y.
  • 65. Electronic and Information Warfare "Coming to grips with information warfare...is like the effort of the blind men to discover the nature of the elephant: the one who touched its leg called it a tree, another who touched its tail called it a rope, and so on. Manifestations of information warfare are similarly perceived...Taken together all the respectably held definitions of the elephant suggest that there is little that is not information warfare.“ ~Martin Libicki [Information Warfare Author]
  • 66. Weapons of Information Warfare • Information Collection • Information Transport • Information Protection • Information Manipulation • Information Disturbance, Degradation and Denial
  • 67. Information Collection • Information collection is included as part of information warfare because the information revolution implies the rise of a mode of warfare in which the side that knows more will enjoy decisive advantage. • The idea is that the more information one has, the higher is his/her situational awareness, which leads to better battle plans and, hopefully, better outcomes. • In information warfare, information collection is much less dangerous and much more complete because these technologies can be used to infiltrate situations and gather accurate information with minimal loss of fidelity.
  • 68. Information Transport • Collecting a large amount of comprehensive information is certainly good practice, but collection is of little value if the information sits in a storage facility, unused. • As such, the ability to transport information into the hands of those who need it, in a timely manner, is another essential aspect of information warfare. • The tools used in this domain are not exactly weapons, but rather civilian technologies put to use in military situations. • The most important of these tools is communication infrastructure, composed of networks of computers, routers, telephone lines, fiber optic cable, telephones, televisions, radios, and other data transport technologies and protocols. • Without these technologies, the ability to transport information in the real-time fashion required by today's standards would be impossible.
  • 69. Information Protection • One of the most broadly agreed upon aspects of information warfare is the need to minimize the amount of information to which your opponent has access. • A large part of this is protecting the information you have from capture by the other side. • The weapons used to protect the security of our information fall into two classes. • First are those technologies that physically protect our vital data storage facilities, computers, and transport mechanisms, including bomb and bullet proof casings and intrusion prevention mechanisms such as locks and fingerprint scans.
  • 70. Information Protection • Second, and perhaps more important, are technologies that prevent bits from being seen and intercepted by the enemy. • This certainly includes basic computer security technologies such as passwords, as well as more sophisticated technologies like encryption. • By scrambling its own messages and unscrambling those of the other side, each side performs the quintessential act of information warfare, protecting its own view of reality while degrading that of the other side.
  • 71. Information Manipulation • Information manipulation in the context of information warfare is the alteration of information with intent to distort the opponent's picture of reality. • This can be done using a number of technologies, including computer software for editing text, graphics, video, audio, and other information transport forms. • Design of the manipulated data is usually done manually so those in command have control over what picture is being presented to the enemy, but the aforementioned technologies are commonly used to make the physical manipulation process faster .
  • 72. Information Disturbance, Degradation and Denial • The final aspects of information warfare, according to our earlier definition, are disturbance, degradation, and denial. • All three techniques are means to the same general end - preventing the enemy from getting complete, correct information. • Because of their similarity, many of the same weapons are used to achieve one or more of the goals. • Some of the more popular weapons used to wage these types of information warfare are spoofing, noise introduction, jamming, and overloading.
  • 73. Information Disturbance, Degradation and Denial • Spoofing is a technique used to degrade the quality of the information being sent to the enemy. • The enemy's flow of information is disturbed by the introduction of a spoof, or fake message, into that flow. • The technique works because it allows you to provide false information to the targeted competitor's collection systems to induce this organization to make bad decisions based upon this faulty information.
  • 74. Information Disturbance, Degradation and Denial • Another way to disturb the information being received by one's opponent is to introduce noise into the frequency they are using. Background noise makes it difficult for the enemy to separate the actual message from the noise. This is a particularly useful technique if the enemy is using forms of wireless communication, since those frequencies can be tapped without having to actually link into a physical network of cables.
  • 75. Information Disturbance, Degradation and Denial • Jamming is a technique used to achieve denial that involves intercepting signals sent between two communications links or between a sensor and a link. • The signal is intercepted, then jammed or stopped from further progress toward its intended destination. • In most cases, that same signal is stored by the captor as intelligence information and used to determine the enemy's view of its own position in the contest.
  • 76. Information Disturbance, Degradation and Denial • Overloading is technique used to deny information to the enemy in both military and civilian settings. • By sending a volume of data to the enemy's communication system that is too large for it to handle, one causes a crash or severe degradation of the system's ability to deliver information. • The system is so busy dealing with the overload, it is unable to deliver the essential information to those who need it. This tactic is referred to as a "denial of service" attack, and has been proven both easy and effective. • At one point, a college student was even able to bring down the Whitehouse email server simply by sending 8000 copies of an email message at one time!

Editor's Notes

  1. P1- eg includes virus, spyware, worm, etc P2- fake transaction site, fake facebook, etc P3- Similar to Phishing site but difference being that here data which is downloaded on device is harmful eg: Drive by Download attacks
  2. The example is explanation of how Trojan horse works
  3. P1- The user is unaware of such files mostly because lack of knowledge of existence of such attacks
  4. If there is a bug in chrome which lets web page admin access data of other cookies when the url is opened then this is not a malware but a vulnerability. As the data which is stolen is not collected by chrome but by the malicious admin. Thus malware in this case can be the data which the website is downloading on your device
  5. Bot net examples are Storm, Conficker, Zeus, Flashback, Windigo, etc. these are zombie botnets A zombie is a machine which has been infected by some sort of remotely controlled malware Virus can spread through script files, documents,XSS vulnerability, etc
  6. Worms Worms cause ham to the host network by eating up bandwidth and overloading web servers Worms can also contain payloads that damage host machines Worms can also be classifies as a computer virus but with a major difference Difference is that worms can self replicate independently whereas virus depends on human activity for the same Ransomware The malware restricts the user from accessing the computer files by either encrypting files on harddrive or locking the system Ransomware spreads like a worm either by a downloadable file or by through some other vulnerability in the network
  7. Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software It generates popup similar to windows system messages and usually purpots to be a antivirus or antispyware software, a firewall or a registery cleaner The message typically says large number of problems such as infected files are found on the system and user is prompted to purchase software to solve the so called issue
  8. Trojan Horse The create backdoor in the system giving access of your system to the malicious user Unlike virus and worms they do not reproduce by infecting other files and do not self replicate Keylogger Keylogger spreads like virus or worms and often causes financial loss because of stealing sensitive data like net banking passwords
  9. In major cases botnets are used to cause denial of service attacks Famous example include Estonia and Russia war of 2007-2008
  10. Eg of Phishing attacks Deactivation scares: your purchase is about to expire Lookalike sites: Copy of facebook Nigerian fee scams: advances fee to perform some tasks which are never done Go directly to jail: Fake messages to pay tax via the link provided or we’ll send your tax stealing data to the Income Tax Department
  11. Infection mechanism generally targets files and infects those which are most likely to be used by user: E.g. My compute shortcut on desktop Trigger is mostly user clicking on files, sometimes it can be things like when a specific process is executed , when the time is xyz, etc. Payload: This is the actual virus packet. Payload contains harmful instruction which may cause temporary or permanent loss to the user
  12. Dormant phase is when the virus waits for user to trigger and does no harm to the system Propagation Phase: Here the virus begins to spread and gets attached to more and more files
  13. Adware: Generally is not very harmful but causes ads to popup on the system and can often be a front for viruses to execute which requires command line access. Depending on ads which you close and their response time, analysis about user can be made System Monitors: they generally log user activities based on the programs which user uses and their duration Tracking cookies: they track user footprints on web and send reports to the attacker