Q42015 SolarWinds Federal SE Webinar - Best Practices for IT Asset Discovery:...
introtomalware
1.
2. WARNING: DEFINITIONS ARE NOT CLEAN
• SIMPLIFICATIONS OF DEFINITIONS INTRODUCE ERRORS
• SEMANTICS WASTE TIME
3. UNDERSTANDING RISK
• SECURE COMPUTER === PICKY COMPUTER
• CAN YOUR SYSTEM SPARE THE RESOURCES?
• DO YOU REALLY NEED THIS LEVEL OF PROTECTION?
• IS YOUR PROTECTION DUMB?
6. TERMINOLOGY
• VIRUSES
• ATTACHES ITSELF TO A PROGRAM AND PROPAGATES ITSELFTHROUGHOUT THE SYSTEM
• WORMS
• STANDALONE PROGRAM THAT CAN PROPAGATEITSELF TO OTHERSYSTEMS OVER A NETWORK
• TROJAN HORSE
• MASQUERADESAS LEGITIMATE SOFTWARE OR BUNDLES ITSELFWITH LEGITIMATESOFTWARE.
• POTENTIALLY UNDESIRABLE PROCESSES (PUPS)
• RUNSAS HIDDEN PROCESSES
• COMMAND AND CONTROL (C&C, C2)
• A SERVER THE ATTACKUSESTO ISSUE COMMANDS TO INFECTEDSYSTEMS
7. TERMINOLOGY PT. 2
• “IN THE WILD”
• WHEN MALWAREOR ATTACKSARE FOUNDON THE OPENNET INSTEAD OF A LAB ENVIRONMENT
• ZERO DAY (0DAY, “OH-DAY”)
• SECURITYBUG IN A PROGRAM THATIS UNKNOWNAT TIME OF USE
• VULNERABILITY
• FEATURESOR BUGSIN PROGRAMMING THATCAN HAVEUNINTENDED USES
• EXPLOIT
• THE RESULTS OF A VULNERABILITY
• SCRIPT KIDDIES (SKIDDIES)
• WANNABEHACKERSUSING PREMADETOOLS INSTEAD OF LEARNING
• INSULT
8.
9. TYPES OF ATTACKS
• ADWARE
• DELIVERS ADVERTISEMENTS TO THE USER
• SPYWARE
• SOFTWARETHAT COLLECTS INFORMATIONABOUT THE USER.(KEY LOGGING, RAM SCRAPING)
• BOTS
• SOFTWARETHAT AUTOMATICALLY PERFORMSA TASK
• RANSOMWARE
• REMOVES USERACCESSTO FILES AND DISPLAYS INSTRUCTIONS ON HOW THE USER CAN GET ACCESS BACK
• ROOTKITS
• PROVIDES REMOTEACCESS TO A SYSTEMAND AVOIDS ANTIVIRUSDETECTION
• SECURITYBUGS/EXPLOITS
• UNINTENDED ERRORS IN PROGRAMMING THAT ALLOW FORMALICIOUS EXPLOITATION
10. TYPES OF ATTACKS PT. 2
• BACKDOORS
• LEAVES AN ENTRY POINT FOR ATTACKERSTO REGAIN ACCESSTO THE SYSTEM
• DOS/DDOS
• OVERLOAD SERVERSWITH REQUESTS TO PREVENT USABILITY
• PHISHING
• SOCIAL ENGINEERING TRICKUSER INTO INSTALLING MALWARE
• MACROS
• SCRIPTS ATTACHEDTO DOCUMENTS THAT ARE OPENED BY THE DOCUMENT VIEWER
• DROPPERS
• TOOL USED TO UPLOAD MALWARE TO A USER
13. RED FLAGS
• SYSTEM IS SLOWER THAN USUAL
• MAGICAL POPUPS
• SMALL TRAFFIC PULSES
• UNKNOWN PROCESSES RUNNING
14. RED FLAGS PT. 2
• INVOLUNTARY SETTING CHANGES
• BROWSER HOMEPAGE
• STARTUP PROGRAMS
• MAGICAL CMD PROMPTS
• MAGICAL WEBCAM ON
• MAGICAL SHORTCUTS
• YOUR COMPUTER WON’T LET YOU DOWNLOAD AN ANTIVIRUS