SlideShare a Scribd company logo

"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexandru Balan @ eLiberatica 2007

eLiberatica
eLiberatica

This is a presentation held at eLiberatica 2007. http://www.eliberatica.ro/2007/ One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions. The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.

Technology
1 of 16
Download to read offline
http://www.bitdefender.ro Viruses, exploits, rootkits the inside view from an AV producer (based on real facts)
Short summary Intro Hello :) Malware Types of threats So... what does AV cover ? What’s next ?
Common terminology ? (from dict.org) virus: a program or segment of program code that may make copies of itself (replicate), attach itself to other programs, and perform unwanted actions within a computer; also called {computer virus} or {virus program}. Such programs are almost always introduced into a computer without the knowledge or assent of its owner, and are often malicious, causing destructive actions such as erasing data on disk, but sometime only annoying, causing peculiar objects to appear on the display. The form of sociopathic mental disease that causes a programmer to write such a program has not yet been given a name.
Common terminology ? (from wikipedia) virus: a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an "infection", and the infected file, or executable code that is not part of a file, is called a "host". Viruses are one of the several types of malicious software or malware. In common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware; viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware
Common terminology ? Exploit: a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to gain control of a computer system or allow privilege escalation or a denial of service attack. Rootkit: a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer
Backdoors HackerDefender
Backdoors  HackerDefender executable morphing tools process hiding tools small remote shell (including connectback) if combined with a sniffer and keylogger, you won't even feel your private data and conversations being delivered on daily basis to a remote attacker
Backdoors  Trojan.Ardamax.A “Hi man, I finnaly found some time to give you the program i kept telling you about. I'll give you the IP addresses you have to put in. Give me a buzz whenever you get online and we'll talk. http://[REMOVED]/vladutz2006/client.zip” pretends to be a hacking tool but actually is a commonly known keylogger steals icq, skype, msn, gtalk, ym, miranda and qip passwords and delivers them to an e-mail address defined by the attacker
Backdoors The mighty adore by team-teso  Known to be the most advanced rootkit in the wild  LKM based (hint! load it as a NIC driver)  One of the releases managed to defeat all known AV engines and rootkit hunters
Backdoors SucKIT by sd & devik  Description also available in Phrack issue 58, article 0x07 ("Linux on-the-fly kernel patching without LKM")  Loaded through /dev/kmem  Provides a password protected remote access connect- back shell initiated by a spoofed packet (bypassing most of firewall configurations), and can hide processes, files and connections.
Exploits  Tools that usually don't do any harm to your system but can be used to intrude into others  Target vulnerable services (web servers, php flaws, windows RPC, etc.. )  Very popular and easy to find in the wild  Main reason why every teenager with a computer and a need to prove himself can become a l33t h4x0r
Viruses  Win32.Polip.A File infector Loads and resides in volatile memory when an infected file is executed Encrypted Includes polymorphic combined with junk code generator to fool debuggers and emulators
Most dangerous malware  It's a combination of all mentioned so far and more  Almost impossible to detect and disinfect  Can disable ANY antivirus or security solution  Mostly targeted through social engineering  Creates holes in any firewall  Ignores and gets by any company security policy  Eventually delivers one way or the other, any confidential or private data to a remote attacker...
Most dangerous malware The User
The dilema  When it comes to security, windows people have all the “fun” AV industry provides them with protection from rootkits, viruses, and almost all known threats AV industry provides them with firewalls Some AV vendors even provide “Intrusion Detection Systems”  For UNIX based systems, administrators have to rely on other tools or software IDS/IPS File Alteration Monitors etc..
The dilema (the Q/A part)  Should the security industry be divided between Linux – Windows ? Viruses – rootkits – other hacking tools – IDS ?  Should AV companies provide firewalls for Linux servers like they do for windows desktops ?  Should AV companies provide signatures for Linux rootkits like they do for windows ?  OT: Do you feel that a kernel module for on-access AV scanning would be intrusive ?

Recommended

Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowTyler Shields
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcampGregory Hanis
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 

Recommended

Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowTyler Shields
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcampGregory Hanis
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
TIC
TICTIC
TICDickMaster1
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajaliwebhostingguy
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Mitppt
MitpptMitppt
MitpptAarti Prakash
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2Nishant Reshwal
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux SecurityGeo Marian
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirusHarshal Joshi
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Malware
MalwareMalware
MalwareNikola Milosevic
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionn|u - The Open Security Community
 
Malware freak show
Malware freak showMalware freak show
Malware freak showsr1nu
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
O p
O pO p
O psaman Iftikhar
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
Safe Computing At Home And Work
Safe Computing At Home And WorkSafe Computing At Home And Work
Safe Computing At Home And WorkJohn Steensen, MBA/TM, CISA, CRISC
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 

More Related Content

What's hot

Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajaliwebhostingguy
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux SecurityGeo Marian
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Malware freak show
Malware freak showMalware freak show
Malware freak showsr1nu
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 

What's hot (20)

TIC
TICTIC
TIC
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
 
Malicious
MaliciousMalicious
Malicious
 
Mitppt
MitpptMitppt
Mitppt
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux Security
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirus
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Malware
MalwareMalware
Malware
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
 
Malware freak show
Malware freak showMalware freak show
Malware freak show
 
Backdoor
BackdoorBackdoor
Backdoor
 
O p
O pO p
O p
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
 

Similar to "Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexandru Balan @ eLiberatica 2007

RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Introduction to computer lec (4)
Introduction to computer lec (4)Introduction to computer lec (4)
Introduction to computer lec (4)Samiullah Khan
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antivirusesSanguine_Eva
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 

Similar to "Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexandru Balan @ eLiberatica 2007 (20)

Safe Computing At Home And Work
Safe Computing At Home And WorkSafe Computing At Home And Work
Safe Computing At Home And Work
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
 
Malicious
MaliciousMalicious
Malicious
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
Malwares
MalwaresMalwares
Malwares
 
Ch19
Ch19Ch19
Ch19
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Dickmaster
DickmasterDickmaster
Dickmaster
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Introduction to computer lec (4)
Introduction to computer lec (4)Introduction to computer lec (4)
Introduction to computer lec (4)
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antiviruses
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
viruses
virusesviruses
viruses
 
It ppt new
It ppt newIt ppt new
It ppt new
 

More from eLiberatica

"Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe...
"Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe..."Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe...
"Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe...eLiberatica
 
"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008
"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008
"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008eLiberatica
 
"Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL...
"Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL..."Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL...
"Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL...eLiberatica
 
"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008
"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008
"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008eLiberatica
 
"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008
"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008
"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008eLiberatica
 
"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008
"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008
"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008eLiberatica
 
"HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic...
"HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic..."HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic...
"HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic...eLiberatica
 
"Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott...
"Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott..."Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott...
"Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott...eLiberatica
 
"Open Source Software Middleware for The Internet of Things - Project ASPIRE"...
"Open Source Software Middleware for The Internet of Things - Project ASPIRE"..."Open Source Software Middleware for The Internet of Things - Project ASPIRE"...
"Open Source Software Middleware for The Internet of Things - Project ASPIRE"...eLiberatica
 
"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008
"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008
"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008eLiberatica
 
"Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati...
"Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati..."Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati...
"Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati...eLiberatica
 
"For the first time in Europe Digital ID providers and OpenID service for Rom...
"For the first time in Europe Digital ID providers and OpenID service for Rom..."For the first time in Europe Digital ID providers and OpenID service for Rom...
"For the first time in Europe Digital ID providers and OpenID service for Rom...eLiberatica
 
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008eLiberatica
 
"Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e...
"Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e..."Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e...
"Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e...eLiberatica
 
"OSS in Public Administrations - A short Report from the European Level" by B...
"OSS in Public Administrations - A short Report from the European Level" by B..."OSS in Public Administrations - A short Report from the European Level" by B...
"OSS in Public Administrations - A short Report from the European Level" by B...eLiberatica
 
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008eLiberatica
 
"The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera...
"The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera..."The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera...
"The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera...eLiberatica
 
"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008
"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008
"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008eLiberatica
 
"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008
"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008
"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008eLiberatica
 
"The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe...
"The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe..."The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe...
"The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe...eLiberatica
 

More from eLiberatica (20)

"Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe...
"Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe..."Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe...
"Understanding Free Software and Open Source Licensing" by Zak Greant @ eLibe...
 
"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008
"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008
"Sun Open Source Universe" by Vassilis Boulogiorgos @ eLiberatica 2008
 
"Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL...
"Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL..."Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL...
"Komodo - Why we chose to make our product open source" by Shane Caraveo @ eL...
 
"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008
"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008
"Dell and Open Source" by Serban Zirnovan @ eLiberatica 2008
 
"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008
"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008
"SocrateOpen after two years" by Remus Cazacu @ eLiberatica 2008
 
"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008
"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008
"Introducing Red Hat Training Center" by Radu Radulescu @ eLiberatica 2008
 
"HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic...
"HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic..."HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic...
"HP vision Governing the use of open source" by Martin Michlmayr @ eLiberatic...
 
"Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott...
"Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott..."Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott...
"Write the Future Open Standards Open Source OpenOffice" by Louis Suarez-Pott...
 
"Open Source Software Middleware for The Internet of Things - Project ASPIRE"...
"Open Source Software Middleware for The Internet of Things - Project ASPIRE"..."Open Source Software Middleware for The Internet of Things - Project ASPIRE"...
"Open Source Software Middleware for The Internet of Things - Project ASPIRE"...
 
"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008
"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008
"Introducing eConference" by Eugen Rotariu @ eLiberatica 2008
 
"Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati...
"Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati..."Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati...
"Mozilla Messaging and Thunderbird - why and how" by David Ascher @ eLiberati...
 
"For the first time in Europe Digital ID providers and OpenID service for Rom...
"For the first time in Europe Digital ID providers and OpenID service for Rom..."For the first time in Europe Digital ID providers and OpenID service for Rom...
"For the first time in Europe Digital ID providers and OpenID service for Rom...
 
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
 
"Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e...
"Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e..."Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e...
"Legal aspects related to a FLOSS based model business" by Bogdan Manolea @ e...
 
"OSS in Public Administrations - A short Report from the European Level" by B...
"OSS in Public Administrations - A short Report from the European Level" by B..."OSS in Public Administrations - A short Report from the European Level" by B...
"OSS in Public Administrations - A short Report from the European Level" by B...
 
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008
 
"The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera...
"The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera..."The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera...
"The Future of Enterprise Content Management" by Aleksander Farstad @ eLibera...
 
"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008
"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008
"Integrating Open Source into Your Business" by Adam Jollans @ eLiberatica 2008
 
"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008
"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008
"Open Source at Microsoft" by Zoli Herczeg @ eLiberatica 2008
 
"The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe...
"The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe..."The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe...
"The Past Present and Future of the Mozilla Foundation" by Zak Greant @ eLibe...
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexandru Balan @ eLiberatica 2007

  • 1. http://www.bitdefender.ro Viruses, exploits, rootkits the inside view from an AV producer (based on real facts)
  • 2. Short summary Intro Hello :) Malware Types of threats So... what does AV cover ? What’s next ?
  • 3. Common terminology ? (from dict.org) virus: a program or segment of program code that may make copies of itself (replicate), attach itself to other programs, and perform unwanted actions within a computer; also called {computer virus} or {virus program}. Such programs are almost always introduced into a computer without the knowledge or assent of its owner, and are often malicious, causing destructive actions such as erasing data on disk, but sometime only annoying, causing peculiar objects to appear on the display. The form of sociopathic mental disease that causes a programmer to write such a program has not yet been given a name.
  • 4. Common terminology ? (from wikipedia) virus: a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an "infection", and the infected file, or executable code that is not part of a file, is called a "host". Viruses are one of the several types of malicious software or malware. In common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware; viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware
  • 5. Common terminology ? Exploit: a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to gain control of a computer system or allow privilege escalation or a denial of service attack. Rootkit: a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer
  • 7. Backdoors  HackerDefender executable morphing tools process hiding tools small remote shell (including connectback) if combined with a sniffer and keylogger, you won't even feel your private data and conversations being delivered on daily basis to a remote attacker
  • 8. Backdoors  Trojan.Ardamax.A “Hi man, I finnaly found some time to give you the program i kept telling you about. I'll give you the IP addresses you have to put in. Give me a buzz whenever you get online and we'll talk. http://[REMOVED]/vladutz2006/client.zip” pretends to be a hacking tool but actually is a commonly known keylogger steals icq, skype, msn, gtalk, ym, miranda and qip passwords and delivers them to an e-mail address defined by the attacker
  • 9. Backdoors The mighty adore by team-teso  Known to be the most advanced rootkit in the wild  LKM based (hint! load it as a NIC driver)  One of the releases managed to defeat all known AV engines and rootkit hunters
  • 10. Backdoors SucKIT by sd & devik  Description also available in Phrack issue 58, article 0x07 ("Linux on-the-fly kernel patching without LKM")  Loaded through /dev/kmem  Provides a password protected remote access connect- back shell initiated by a spoofed packet (bypassing most of firewall configurations), and can hide processes, files and connections.
  • 11. Exploits  Tools that usually don't do any harm to your system but can be used to intrude into others  Target vulnerable services (web servers, php flaws, windows RPC, etc.. )  Very popular and easy to find in the wild  Main reason why every teenager with a computer and a need to prove himself can become a l33t h4x0r
  • 12. Viruses  Win32.Polip.A File infector Loads and resides in volatile memory when an infected file is executed Encrypted Includes polymorphic combined with junk code generator to fool debuggers and emulators
  • 13. Most dangerous malware  It's a combination of all mentioned so far and more  Almost impossible to detect and disinfect  Can disable ANY antivirus or security solution  Mostly targeted through social engineering  Creates holes in any firewall  Ignores and gets by any company security policy  Eventually delivers one way or the other, any confidential or private data to a remote attacker...
  • 15. The dilema  When it comes to security, windows people have all the “fun” AV industry provides them with protection from rootkits, viruses, and almost all known threats AV industry provides them with firewalls Some AV vendors even provide “Intrusion Detection Systems”  For UNIX based systems, administrators have to rely on other tools or software IDS/IPS File Alteration Monitors etc..
  • 16. The dilema (the Q/A part)  Should the security industry be divided between Linux – Windows ? Viruses – rootkits – other hacking tools – IDS ?  Should AV companies provide firewalls for Linux servers like they do for windows desktops ?  Should AV companies provide signatures for Linux rootkits like they do for windows ?  OT: Do you feel that a kernel module for on-access AV scanning would be intrusive ?