Introduction to Malware


Published on

Introduction to Malware - Matthew Cettei

Published in: Technology
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Introduction to Malware

    1. 1. Malware Fall 2006
    2. 2. Overview <ul><li>Malware </li></ul><ul><li>Specific problems </li></ul><ul><ul><li>Computer virus, worms, trojan horses </li></ul></ul><ul><ul><li>Adware, spyware </li></ul></ul><ul><ul><li>Web bugs </li></ul></ul><ul><ul><li>Cookies </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><li>Email spoofing </li></ul></ul><ul><li>Solutions/Precautions </li></ul>
    3. 3. What’s Malware? <ul><li>Mal icious soft ware </li></ul><ul><li>Software with malicious intent </li></ul><ul><ul><li>Different from software with bugs </li></ul></ul>
    4. 4. Viruses <ul><li>Programs that attach themselves to another program to gain access to your machine </li></ul><ul><ul><li>May do nothing on your machine or may destroy all your files </li></ul></ul><ul><ul><li>Seek to use your machine as a launching point to infect other machines </li></ul></ul><ul><ul><li>Expand exponentially through recursion </li></ul></ul>
    5. 5. Worms <ul><li>Like a virus but they are self-contained programs (they don’t need a host) </li></ul><ul><li>Copy themselves from machine-to-machine </li></ul><ul><li>Scan for other vulnerable machines </li></ul>
    6. 6. Adware <ul><li>Some programs are “free” but they support their costs by sending ads to your machine </li></ul><ul><ul><li>i.e. Kazaa </li></ul></ul>
    7. 7. Spyware <ul><li>You download a music player </li></ul><ul><li>The music player includes an additional program that is installed and runs continuously </li></ul><ul><li>This program records the websites you visit and sends them to a database </li></ul>
    8. 8. How Bad is The Threat? (Bad!) <ul><li>2006 Internet Security Emerging Threat List (2/15/06) ( </li></ul><ul><ul><li>Hackers use Instant Messaging to spread viruses and worms </li></ul></ul><ul><ul><li>Phishing fraud becomes more prevalent and sophisticated </li></ul></ul><ul><ul><li>Viruses attack cell phones and PDAs </li></ul></ul><ul><ul><li>Hackers target online brokerage accounts </li></ul></ul><ul><ul><li>Internet crimes go unreported </li></ul></ul>
    9. 9. What You Can (and Should) Do <ul><li>Install and run antivirus software </li></ul><ul><ul><li>Update virus definitions weekly </li></ul></ul><ul><ul><li>UVA: free Norton Anti-virus </li></ul></ul><ul><li>Keep your computer’s operating system and programs updated </li></ul><ul><ul><li>Example: MS Windows, run Windows Update, weekly </li></ul></ul><ul><li>Run anti-spyware software </li></ul><ul><ul><li>Run regular sweeps/scans </li></ul></ul><ul><ul><li>UVA: free SpySweeper </li></ul></ul>
    10. 10. E-mail spoofing <ul><li>You receive e-mail appearing to be from one source…. But it's actually from another source </li></ul><ul><li>Sender’s goal? To trick you into: </li></ul><ul><ul><li>Sending secure info (password, account number) </li></ul></ul><ul><ul><li>Running an attachment </li></ul></ul><ul><ul><li>Clicking on a link that runs a program </li></ul></ul>
    11. 11. What enables spoofing? <ul><li>Life was simpler once upon a time… </li></ul><ul><ul><li>Expensive and difficult to put a mail-server on the net (and have administrator privileges on it) </li></ul></ul><ul><ul><li>Managed by responsible admins: business, government, universities </li></ul></ul><ul><ul><li>Open standards </li></ul></ul><ul><li>Today: </li></ul><ul><ul><li>Easy, cheap, well-understood by everyone </li></ul></ul>
    12. 12. The Email
    13. 13. Where The Link Takes Me
    14. 14. The Real Bank’s Page
    15. 15. They Want Info!
    16. 16. Phishing <ul><li>A attempt to gain personal information for purposes of identity theft, etc. </li></ul><ul><li>Faked e-mail messages appear to come from legitimate, official source </li></ul><ul><li>Fool you into divulging personal data such as </li></ul><ul><ul><li>account numbers </li></ul></ul><ul><ul><li>passwords </li></ul></ul><ul><ul><li>credit card numbers </li></ul></ul><ul><ul><li>Social Security numbers </li></ul></ul><ul><li>No company will ever ask you for such info by e-mail. If in doubt, call them or contact them directly (not by replying) </li></ul>
    17. 17. Examples Bank of America scam
    18. 18. E-mail Lessons <ul><li>Do not open attachments unless you know what they are </li></ul><ul><ul><li>Antivirus software checks attachments as you open them! </li></ul></ul><ul><li>Suspect spoofing </li></ul><ul><ul><li>Look for anything odd in the message </li></ul></ul><ul><ul><li>Double-check with sender </li></ul></ul><ul><li>Phishing: don’t get caught </li></ul><ul><ul><li>Be suspicious. Look for your name, account number, etc. in an e-mail </li></ul></ul><ul><ul><li>Don’t click on links, go directly to the site. </li></ul></ul>
    19. 19. Virus through a Link in an Email <ul><li>Link seems to be to CS dept. ( </li></ul><ul><li>That’s the text of the link </li></ul><ul><ul><li>It links to someplace else </li></ul></ul><ul><ul><li>An attachment that is disguised so it doesn’t appear </li></ul></ul><ul><ul><li>The small box is the only clue </li></ul></ul>
    20. 20. What Is a Cookie? <ul><li>A small piece of information stored by your web-browser on your PC when you visit a site </li></ul><ul><li>What’s stored: </li></ul><ul><ul><li>A URL related to the site you visited </li></ul></ul><ul><ul><li>A name/value pair (the information content) </li></ul></ul><ul><ul><li>(Optional) An expiration date </li></ul></ul><ul><li>Why is it a “cookie”? </li></ul><ul><ul><li>An old CS term for a chunk of data used obscurely </li></ul></ul>
    21. 21. Cookies: Web-servers Store Some Info on your PC <ul><li>When sending back a page, server also sends a cookie </li></ul><ul><li>Your browser stores it on your PC </li></ul><ul><li>Later, visit same site </li></ul><ul><li>You request a page and your browser has a cookie matching that URL on your PC </li></ul><ul><li>Browser sends URL and cookie to web-server </li></ul><ul><li>Web-server processes cookie </li></ul><ul><li>May return updated cookies with page </li></ul>
    22. 22. Cookies Can Be Beneficial <ul><li>Shopping Carts </li></ul><ul><ul><li>Server creates a cart, stored on server </li></ul></ul><ul><ul><li>You visit other pages, but a cookie lets the server know you’re the person who created that cart </li></ul></ul><ul><li>Other personalization </li></ul><ul><ul><li>“Welcome back, Jane User!” </li></ul></ul><ul><ul><li>“Items you viewed recently are…” </li></ul></ul><ul><li>Recognizing legitimate users for a site </li></ul><ul><ul><li>Register and log-in, but then a cookie means you don’t have to log-in every time </li></ul></ul>
    23. 23. What’s a Web Bug? <ul><li>Graphic image on a Web page or in an Email message </li></ul><ul><li>Links to an external site, not an image embedded in your message </li></ul><ul><li>Designed to monitor who is reading the Web page or Email message </li></ul><ul><li>May be invisible (size 1 pixel by 1 pixel) or not </li></ul><ul><li>Sometimes knowns as a &quot;clear GIFs&quot;, &quot;1-by-1 GIFs&quot; or &quot;invisible GIFs“ </li></ul><ul><li>(More info: http:// ) </li></ul>
    24. 24. How Does This Work? <ul><li>Web bug: on some other server </li></ul><ul><li>Remember: when a server delivers a HTML file or an image file, it logs this </li></ul><ul><ul><li>A page or an email can have an image that’s stored on some external site </li></ul></ul><ul><ul><li>Thus the server there logs delivery of that image (even if it’s invisible to you) </li></ul></ul>
    25. 25. Examples (in HTML) <ul><li><img src=&quot;; width=1 height=1 border=0> </li></ul><ul><li><img width='1' height='1' src=&quot; vid=3&catid=370153037&; alt=&quot; &quot;> </li></ul>
    26. 26. What Info Can Be Gathered? <ul><li>Again, the server where the bug lives will log: </li></ul><ul><ul><li>The IP address of your computer </li></ul></ul><ul><ul><li>The URL of the page that the Web Bug is located on </li></ul></ul><ul><ul><li>The URL of the Web Bug image </li></ul></ul><ul><ul><li>The time the Web Bug was viewed </li></ul></ul><ul><ul><li>The type of browser that fetched the Web Bug image </li></ul></ul><ul><li>Also possible: Info from any cookie that's on your machine </li></ul>
    27. 27. Web Bugs: What Can You Do? <ul><li>Not easy to identify web bugs </li></ul><ul><li>New email clients disable image display </li></ul>
    28. 28. Browser Hijack <ul><li>An extremely nasty adware </li></ul><ul><li>Resets homepage to a particular site </li></ul><ul><ul><li>Ads, porn – something you don’t want </li></ul></ul><ul><ul><li>Any change you make doesn’t affect it </li></ul></ul><ul><li>Software running on your machine </li></ul><ul><ul><li>Does the usual adware/spyware stuff </li></ul></ul><ul><ul><li>Also changes your browser settings </li></ul></ul><ul><ul><li>Runs when system starts – changes the settings back </li></ul></ul>
    29. 29. Protecting Your Computer <ul><li>Practice the core three protections </li></ul><ul><ul><li>Install </li></ul></ul><ul><ul><li>Configure </li></ul></ul><ul><ul><li>Regularly update </li></ul></ul><ul><li>Do not open unexpected emails </li></ul><ul><li>Do not download attachments in unsolicited emails </li></ul><ul><li>Take precautions to protect your mobile devices </li></ul><ul><li>Reporter Internet crimes to proper authorities </li></ul>
    30. 30. Passwords <ul><li>Use strong passwords </li></ul><ul><ul><li>At least 8 characters with numbers and symbols </li></ul></ul><ul><ul><li>Don’t use real words </li></ul></ul><ul><ul><li>Don’t use the same password for every online account </li></ul></ul><ul><ul><li>Vary your passwords for each site, and use a password profiler tool </li></ul></ul>
    31. 31. Resources <ul><li>Top 8 Cyber Security Practices http:// </li></ul>
    32. 32. Review <ul><li>Midterm next Wednesday </li></ul><ul><li>Another review session Tuesday 11AM </li></ul><ul><li>Short answer and multiple choice. </li></ul>
    33. 33. Outline <ul><li>Ethics: no ethics on exam </li></ul><ul><li>Internet history: </li></ul><ul><ul><li>what’s the difference between the web and the Internet </li></ul></ul><ul><ul><li>Packet switching </li></ul></ul><ul><li>HTML </li></ul><ul><ul><li>Be able to translate some basic HTML into output (formatting, links, images) </li></ul></ul><ul><ul><li>CSS: what is the purpose </li></ul></ul>
    34. 34. Outline II <ul><li>JavaScript: no JavaScript code </li></ul><ul><ul><li>Difference between dynamic and static pages </li></ul></ul><ul><li>Spreadsheets </li></ul><ul><ul><li>Why use them? Why use referencing? Produce output from sample formulas </li></ul></ul><ul><li>PowerPoint </li></ul><ul><ul><li>Terms </li></ul></ul><ul><li>Search Engines </li></ul><ul><ul><li>What do spiders do? MetaTags? </li></ul></ul>
    35. 35. Outline III <ul><li>Digital audio </li></ul><ul><ul><li>What is sampling? Compression? </li></ul></ul><ul><li>Malware </li></ul><ul><ul><li>Know types and some good practices </li></ul></ul><ul><li>Not on midterm: </li></ul><ul><ul><li>Ethics, binary & hex, JavaScript code </li></ul></ul>