SlideShare a Scribd company logo

malwareanti-malware-160630191004 (1).pdf

I
itsamuamit11

Anti malware

Engineering
1 of 41
Download to read offline
MALWARE & ANTI-MALWARE BY: ARPIT MITTAL
CONTENTS MALWARE PURPOSE OF MALWARES TYPES OF MALWARE VIRUSES, WORMS, TROJANS HOW MALWARE SPREADS
What is Malware?  Program or code • Made up of two words “Malicious” + “Software”. • 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including • viruses, worms, trojan horses, spyware, adware etc.
The purpose of Malware • To subject the user to advertising
The purpose of Malware • To launch DDoS on another service
The purpose of Malware • To spread spam. • To commit fraud, such as identity theft • For kicks (vandalism), and to spread FUD (fear, uncertainty, doubt) • . . . and perhaps other reasons
Types of Malware
But we willbediscussing…. MALWARE WORMS VIRUSES TROJAN HORSES
What exactly is a Virus? Virus propagates by infecting other programs • It attaches itself to other programs or file. • But to propagate a human has to run an infected program. • A term mistakenly applied to trojans and worms. • Self-propagating viruses are often called worms
• Many propagation methods • Insert a copy into every executable (.COM, .EXE) • Insert a copy into boot sectors of disks • Infect common OS routines, stay in memory
First Virus: Creeper  Written in 1971  Infected DEC PDP-10  machines running TENEX OS  Jumped from machine to machine over ARPANET  copied its state over, tried to delete old copy  Payload: displayed a message  “I’m the creeper, catch me if you can!”  Later, Reaper was written to hunt down Creeper
Types of Viruses  Parasitic Virus - attaches itself to executable files as part of their code. Runs whenever the host program runs.  Memory-resident Virus - Lodges in main memory as part of the residual operating system. Boot Sector Virus - infects the boot sector of a disk, and spreads when the operating system boots up (original DOS viruses). Stealth Virus - explicitly designed to hide from Virus Scanning programs. Polymorphic - Virus - mutates with every new host to prevent signature detection.
Virus Phases Dormant - waits for a trigger to start replicating Propagation - copies itself into other programs of the same type on a computer. Spreads when the user shares a file with another computer. Usually searches a file for it’s own signature before infecting. Triggering - starts delivering payload. Sometimes triggered on a certain date, or after a certain time after infection. Execution - payload function is done. Perhaps it put a funny message on the screen, or wiped the hard disk clean. It may become start the first phase over again.
Okay, So Then What’s a Worm? Similar to a virus, but propagates itself without human interaction.
Six Components of Worms 1) Reconnaissance 2) Specific Attacks 3) Command Interface 4) Communication Mechanisms 5) Intelligence Capabilities 6) Unused and Non-attack Capabilities
Reconnaissance • Target identification • Active methods • scanning • Passive methods • OS fingerprinting • traffic analysis
Specific Attacks • Exploits • buffer overflows, cgi-bin, etc. • Trojan horse injections • Limited in targets • Two components • local, remote
Command Interface • Interface to compromised system • administrative shell • network client • Accepts instructions • person • other worm node
communications  Information transfer  Protocols  Stealth concerns
Intelligence Database  Knowledge of other nodes  Concrete vs. abstract  Complete vs. incomplete
Worm Propagation Back-Chaining Propagation The Cheese worm is an example of this type of propagation where the attacking computer initiates a file transfer to the victim computer. After initiation, the attacking computer can then send files and any payload over to the victim without intervention. Then the victim becomes the attacking computer in the next cycle with a new victim. This method of propagation is more reliable then central source because central source data can be cut off.
Worm Propagation Central Source Propagation This type of propagation involves a central location where after a computer is infected it locates a source where it can get code to copy into the compromised computer then after it infects the current computer it finds the next computer and then everything starts over again. And example of the this kind of worm is the 1i0n worm.
Worm Propagation Autonomous Propagation Autonomous worms attack the victim computer and insert the attack instructions directly into the processing space of the victim computer which results in the next attack cycle to initiate without any additional file transfer. Code Red is an example of this type of worm. The original Morris worm of 1988 was of this nature as well.
Yeah, but what’s a Trojan? A small program that is designed to appear desirable but is in fact malicious Must be run by the user Do not replicate themselves Used to take over a computer, or steal/delete data Good Trojans will not: alert the user alter the way their computer works
TROJANS  Trojan Horses can install backdoors, perform malicious scanning, monitor system logins and other malicious activities.  Majority of modern trojan horses are backdoor utilities  Sub Seven  Netbus  Back Orifice  Feature set usually includes remote control, desktop viewing, http/ftp server, file sharing, password collecting, port redirection  Some of these trojan horses can be used as legitimate remote administration tools  Other trojans are mostly programs that steal/delete data or can drop viruses
HOW MALWARE SPREADS… Just by visiting seemingly harmless website. DRIVE BY DOWNLOAD. By mails, attachments, links. By physical media. Software vulnerabilities or bugs.
Anti-MALWARE
ANTI-MALWARE Softwares developed to combat all types of Malwares. Are they different from Anti-Viruses?  Viruses were extremely “popular” in the ‘90s, which is when the term “Antivirus” became common.  but today viruses are the minority when it comes to malware.  So, nearly all anti-virus provides security from most of the malwares.
So the difference… ANTI-VIRUS  usually deals with the older, more established threats, such as Trojans, viruses, and worms  protects users from lingering, predictable-yet-still-dangerous malware.  best at crushing malware you might contract from a traditional source, like a USB or an email attachment ANTI-MALWARE  typically focuses on newer stuff, such as polymorphic malware and malware delivered by zero-day exploits  protects users from the latest, currently in the wild, and even more dangerous threats.  updates its rules faster than antivirus, meaning that it's the best protection against new malware you might encounter while surfing the net
Effective Anti-Malware Strategy Core Product Research Team Update infrastructure
Anti-Malware Engine Scanning • Monitor and examines various locations on computer like hard disk, registry. • If change has been made to a critical component, it could be sign of infection  Detection • Matching with the definition list. • Classifying as appropriate type such as virus, spyware or Trojans.  Removal
Common challenges… RootKits • Program that can hide files, registry entries, network traffic, or other information. • Kernel mode rootkit could tamper with operating system at lowest level.  Blended Threats • Combined characteristics of viruses, worms and spyware.  Performance • Maintaining high level performance on machine is critical.  Classification • Understand the nature of threat. • Wide variety of nature and context make it difficult to manage.
Two Approaches of Scanning 1.Specific Scanning • signature detection • the application scans files to look for known viruses matching definitions in a “dictionary”. • after recognizing the malicious software the antivirus software can take one of the following actions: 1. attempt to repair the file by removing the virus itself from the file. 2. quarantine the file. 3. or delete the file completely.
Generic Scanning  Generic scanning is also referred to as the suspicious behavior approach.  Used when new malware appear.  In this method the software does not look for a specific signature but instead monitors the behavior of all applications.  if anything questionable is found by the software the application is quarantined and a warning is broadcasted to the user about what the program may be trying to do.
Generic Scanning  if the software is found to be a virus the user can send it to a virus vendor  researchers examine it, determine its signature, name and catalogue it and release antivirus software to stop its spread.
Two Other Approaches  Heuristic analysis  another form of generic scanning  The sandbox method
Heuristic Analysis  software tries to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable.  if the program attempts to use self-modifying code or appears to be a virus, it’s assumed the virus has infected the executable.  there are many false positives in this approach.
Sandboxing  in this approach an antivirus program will take suspicious code and run it in a “virtual machine” to see the purpose of the code and exactly how the code works.  after the program is terminated the software analyzes the sandbox for any changes, which might indicate a virus.
malwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdf

Recommended

Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxitsamuamit11
 
Virus
VirusVirus
Virusdddaou
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
virus
virusvirus
virusVinod siragaon
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18Muhammad Ramzan
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 

Recommended

Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxitsamuamit11
 
Virus
VirusVirus
Virusdddaou
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
virus
virusvirus
virusVinod siragaon
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18Muhammad Ramzan
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo MaliciosoJose Manuel Acosta
 
Viruses notes
Viruses notesViruses notes
Viruses notesDara Corporates
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Pratimesh Pathak
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfKakai Catalan
 
Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1Dara Corporates
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Computervirus
Computervirus Computervirus
Computervirus Dushyant Shekhawat
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdfSitamarhi Institute of Technology
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.MalwareSitamarhi Institute of Technology
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9Ali Habeeb
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and DefenseMd.Tanvir Ul Haque
 
Computer virus
Computer virusComputer virus
Computer virusKaushik Vemani Venkata
 
11 virus vs. antivirus
11 virus vs. antivirus11 virus vs. antivirus
11 virus vs. antivirussinghhp10699
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfTagore Institute of Engineering And Technology
 

More Related Content

Similar to malwareanti-malware-160630191004 (1).pdf

(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Pratimesh Pathak
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfKakai Catalan
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
11 virus vs. antivirus
11 virus vs. antivirus11 virus vs. antivirus
11 virus vs. antivirussinghhp10699
 

Similar to malwareanti-malware-160630191004 (1).pdf (20)

Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Viruses notes
Viruses notesViruses notes
Viruses notes
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdf
 
Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Computervirus
Computervirus Computervirus
Computervirus
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Computer virus
Computer virusComputer virus
Computer virus
 
11 virus vs. antivirus
11 virus vs. antivirus11 virus vs. antivirus
11 virus vs. antivirus
 

Recently uploaded

Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 

Recently uploaded (20)

Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 

malwareanti-malware-160630191004 (1).pdf

  • 2. CONTENTS MALWARE PURPOSE OF MALWARES TYPES OF MALWARE VIRUSES, WORMS, TROJANS HOW MALWARE SPREADS
  • 3. What is Malware?  Program or code • Made up of two words “Malicious” + “Software”. • 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including • viruses, worms, trojan horses, spyware, adware etc.
  • 4. The purpose of Malware • To subject the user to advertising
  • 5. The purpose of Malware • To launch DDoS on another service
  • 6. The purpose of Malware • To spread spam. • To commit fraud, such as identity theft • For kicks (vandalism), and to spread FUD (fear, uncertainty, doubt) • . . . and perhaps other reasons
  • 9. What exactly is a Virus? Virus propagates by infecting other programs • It attaches itself to other programs or file. • But to propagate a human has to run an infected program. • A term mistakenly applied to trojans and worms. • Self-propagating viruses are often called worms
  • 10. • Many propagation methods • Insert a copy into every executable (.COM, .EXE) • Insert a copy into boot sectors of disks • Infect common OS routines, stay in memory
  • 11. First Virus: Creeper  Written in 1971  Infected DEC PDP-10  machines running TENEX OS  Jumped from machine to machine over ARPANET  copied its state over, tried to delete old copy  Payload: displayed a message  “I’m the creeper, catch me if you can!”  Later, Reaper was written to hunt down Creeper
  • 12. Types of Viruses  Parasitic Virus - attaches itself to executable files as part of their code. Runs whenever the host program runs.  Memory-resident Virus - Lodges in main memory as part of the residual operating system. Boot Sector Virus - infects the boot sector of a disk, and spreads when the operating system boots up (original DOS viruses). Stealth Virus - explicitly designed to hide from Virus Scanning programs. Polymorphic - Virus - mutates with every new host to prevent signature detection.
  • 13. Virus Phases Dormant - waits for a trigger to start replicating Propagation - copies itself into other programs of the same type on a computer. Spreads when the user shares a file with another computer. Usually searches a file for it’s own signature before infecting. Triggering - starts delivering payload. Sometimes triggered on a certain date, or after a certain time after infection. Execution - payload function is done. Perhaps it put a funny message on the screen, or wiped the hard disk clean. It may become start the first phase over again.
  • 14. Okay, So Then What’s a Worm? Similar to a virus, but propagates itself without human interaction.
  • 15. Six Components of Worms 1) Reconnaissance 2) Specific Attacks 3) Command Interface 4) Communication Mechanisms 5) Intelligence Capabilities 6) Unused and Non-attack Capabilities
  • 16. Reconnaissance • Target identification • Active methods • scanning • Passive methods • OS fingerprinting • traffic analysis
  • 17. Specific Attacks • Exploits • buffer overflows, cgi-bin, etc. • Trojan horse injections • Limited in targets • Two components • local, remote
  • 18. Command Interface • Interface to compromised system • administrative shell • network client • Accepts instructions • person • other worm node
  • 19. communications  Information transfer  Protocols  Stealth concerns
  • 20. Intelligence Database  Knowledge of other nodes  Concrete vs. abstract  Complete vs. incomplete
  • 21. Worm Propagation Back-Chaining Propagation The Cheese worm is an example of this type of propagation where the attacking computer initiates a file transfer to the victim computer. After initiation, the attacking computer can then send files and any payload over to the victim without intervention. Then the victim becomes the attacking computer in the next cycle with a new victim. This method of propagation is more reliable then central source because central source data can be cut off.
  • 22. Worm Propagation Central Source Propagation This type of propagation involves a central location where after a computer is infected it locates a source where it can get code to copy into the compromised computer then after it infects the current computer it finds the next computer and then everything starts over again. And example of the this kind of worm is the 1i0n worm.
  • 23. Worm Propagation Autonomous Propagation Autonomous worms attack the victim computer and insert the attack instructions directly into the processing space of the victim computer which results in the next attack cycle to initiate without any additional file transfer. Code Red is an example of this type of worm. The original Morris worm of 1988 was of this nature as well.
  • 24. Yeah, but what’s a Trojan? A small program that is designed to appear desirable but is in fact malicious Must be run by the user Do not replicate themselves Used to take over a computer, or steal/delete data Good Trojans will not: alert the user alter the way their computer works
  • 25. TROJANS  Trojan Horses can install backdoors, perform malicious scanning, monitor system logins and other malicious activities.  Majority of modern trojan horses are backdoor utilities  Sub Seven  Netbus  Back Orifice  Feature set usually includes remote control, desktop viewing, http/ftp server, file sharing, password collecting, port redirection  Some of these trojan horses can be used as legitimate remote administration tools  Other trojans are mostly programs that steal/delete data or can drop viruses
  • 26. HOW MALWARE SPREADS… Just by visiting seemingly harmless website. DRIVE BY DOWNLOAD. By mails, attachments, links. By physical media. Software vulnerabilities or bugs.
  • 28. ANTI-MALWARE Softwares developed to combat all types of Malwares. Are they different from Anti-Viruses?  Viruses were extremely “popular” in the ‘90s, which is when the term “Antivirus” became common.  but today viruses are the minority when it comes to malware.  So, nearly all anti-virus provides security from most of the malwares.
  • 29. So the difference… ANTI-VIRUS  usually deals with the older, more established threats, such as Trojans, viruses, and worms  protects users from lingering, predictable-yet-still-dangerous malware.  best at crushing malware you might contract from a traditional source, like a USB or an email attachment ANTI-MALWARE  typically focuses on newer stuff, such as polymorphic malware and malware delivered by zero-day exploits  protects users from the latest, currently in the wild, and even more dangerous threats.  updates its rules faster than antivirus, meaning that it's the best protection against new malware you might encounter while surfing the net
  • 30. Effective Anti-Malware Strategy Core Product Research Team Update infrastructure
  • 31. Anti-Malware Engine Scanning • Monitor and examines various locations on computer like hard disk, registry. • If change has been made to a critical component, it could be sign of infection  Detection • Matching with the definition list. • Classifying as appropriate type such as virus, spyware or Trojans.  Removal
  • 32.
  • 33. Common challenges… RootKits • Program that can hide files, registry entries, network traffic, or other information. • Kernel mode rootkit could tamper with operating system at lowest level.  Blended Threats • Combined characteristics of viruses, worms and spyware.  Performance • Maintaining high level performance on machine is critical.  Classification • Understand the nature of threat. • Wide variety of nature and context make it difficult to manage.
  • 34. Two Approaches of Scanning 1.Specific Scanning • signature detection • the application scans files to look for known viruses matching definitions in a “dictionary”. • after recognizing the malicious software the antivirus software can take one of the following actions: 1. attempt to repair the file by removing the virus itself from the file. 2. quarantine the file. 3. or delete the file completely.
  • 35. Generic Scanning  Generic scanning is also referred to as the suspicious behavior approach.  Used when new malware appear.  In this method the software does not look for a specific signature but instead monitors the behavior of all applications.  if anything questionable is found by the software the application is quarantined and a warning is broadcasted to the user about what the program may be trying to do.
  • 36. Generic Scanning  if the software is found to be a virus the user can send it to a virus vendor  researchers examine it, determine its signature, name and catalogue it and release antivirus software to stop its spread.
  • 37. Two Other Approaches  Heuristic analysis  another form of generic scanning  The sandbox method
  • 38. Heuristic Analysis  software tries to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable.  if the program attempts to use self-modifying code or appears to be a virus, it’s assumed the virus has infected the executable.  there are many false positives in this approach.
  • 39. Sandboxing  in this approach an antivirus program will take suspicious code and run it in a “virtual machine” to see the purpose of the code and exactly how the code works.  after the program is terminated the software analyzes the sandbox for any changes, which might indicate a virus.