SlideShare a Scribd company logo

Malware & Anti-Malware

Download as PPTX, PDF
A
Arpit Mittal

Malware refers to malicious software like viruses, worms, and trojans. Viruses propagate by infecting other programs and spread when an infected program is run. Worms propagate without human interaction by exploiting vulnerabilities. Trojans appear desirable but are malicious, and must be run by the user. Malware spreads through websites, email attachments, links, and removable media. Anti-malware software uses signatures and behavior analysis to detect and remove malware through scanning, detection, and removal.

Engineering
1 of 41
MALWARE & ANTI-MALWARE BY: ARPIT MITTAL
CONTENTS MALWARE PURPOSE OF MALWARES TYPES OF MALWARE VIRUSES, WORMS, TROJANS HOW MALWARE SPREADS
What is Malware?  Program or code • Made up of two words “Malicious” + “Software”. • 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including • viruses, worms, trojan horses, spyware, adware etc.
The purpose of Malware • To subject the user to advertising
The purpose of Malware • To launch DDoS on another service
The purpose of Malware • To spread spam. • To commit fraud, such as identity theft • For kicks (vandalism), and to spread FUD (fear, uncertainty, doubt) • . . . and perhaps other reasons
Types of Malware
But we willbediscussing…. MALWARE WORMSVIRUSES TROJAN HORSES
What exactly is a Virus? Virus propagates by infecting other programs • It attaches itself to other programs or file. • But to propagate a human has to run an infected program. • A term mistakenly applied to trojans and worms. • Self-propagating viruses are often called worms
• Many propagation methods • Insert a copy into every executable (.COM, .EXE) • Insert a copy into boot sectors of disks • Infect common OS routines, stay in memory
First Virus: Creeper  Written in 1971  Infected DEC PDP-10  machines running TENEX OS  Jumped from machine to machine over ARPANET  copied its state over, tried to delete old copy  Payload: displayed a message  “I’m the creeper, catch me if you can!”  Later, Reaper was written to hunt down Creeper
Types of Viruses  Parasitic Virus - attaches itself to executable files as part of their code. Runs whenever the host program runs.  Memory-resident Virus - Lodges in main memory as part of the residual operating system. Boot Sector Virus - infects the boot sector of a disk, and spreads when the operating system boots up (original DOS viruses). Stealth Virus - explicitly designed to hide from Virus Scanning programs. Polymorphic - Virus - mutates with every new host to prevent signature detection.
Virus Phases Dormant - waits for a trigger to start replicating Propagation - copies itself into other programs of the same type on a computer. Spreads when the user shares a file with another computer. Usually searches a file for it’s own signature before infecting. Triggering - starts delivering payload. Sometimes triggered on a certain date, or after a certain time after infection. Execution - payload function is done. Perhaps it put a funny message on the screen, or wiped the hard disk clean. It may become start the first phase over again.
Okay, So Then What’s a Worm? Similar to a virus, but propagates itself without human interaction.
Six Components of Worms 1) Reconnaissance 2) Specific Attacks 3) Command Interface 4) Communication Mechanisms 5) Intelligence Capabilities 6) Unused and Non-attack Capabilities
Reconnaissance • Target identification • Active methods • scanning • Passive methods • OS fingerprinting • traffic analysis
Specific Attacks • Exploits • buffer overflows, cgi-bin, etc. • Trojan horse injections • Limited in targets • Two components • local, remote
Command Interface • Interface to compromised system • administrative shell • network client • Accepts instructions • person • other worm node
communications  Information transfer  Protocols  Stealth concerns
Intelligence Database  Knowledge of other nodes  Concrete vs. abstract  Complete vs. incomplete
Worm Propagation Back-Chaining Propagation The Cheese worm is an example of this type of propagation where the attacking computer initiates a file transfer to the victim computer. After initiation, the attacking computer can then send files and any payload over to the victim without intervention. Then the victim becomes the attacking computer in the next cycle with a new victim. This method of propagation is more reliable then central source because central source data can be cut off.
Worm Propagation Central Source Propagation This type of propagation involves a central location where after a computer is infected it locates a source where it can get code to copy into the compromised computer then after it infects the current computer it finds the next computer and then everything starts over again. And example of the this kind of worm is the 1i0n worm.
Worm Propagation Autonomous Propagation Autonomous worms attack the victim computer and insert the attack instructions directly into the processing space of the victim computer which results in the next attack cycle to initiate without any additional file transfer. Code Red is an example of this type of worm. The original Morris worm of 1988 was of this nature as well.
Yeah, but what’s a Trojan? A small program that is designed to appear desirable but is in fact malicious Must be run by the user Do not replicate themselves Used to take over a computer, or steal/delete data Good Trojans will not: alert the user alter the way their computer works
TROJANS  Trojan Horses can install backdoors, perform malicious scanning, monitor system logins and other malicious activities.  Majority of modern trojan horses are backdoor utilities  Sub Seven  Netbus  Back Orifice  Feature set usually includes remote control, desktop viewing, http/ftp server, file sharing, password collecting, port redirection  Some of these trojan horses can be used as legitimate remote administration tools  Other trojans are mostly programs that steal/delete data or can drop viruses
HOW MALWARE SPREADS… Just by visiting seemingly harmless website. DRIVE BY DOWNLOAD. By mails, attachments, links. By physical media. Software vulnerabilities or bugs.
Anti-MALWARE
ANTI-MALWARE Softwares developed to combat all types of Malwares. Are they different from Anti-Viruses?  Viruses were extremely “popular” in the ‘90s, which is when the term “Antivirus” became common.  but today viruses are the minority when it comes to malware.  So, nearly all anti-virus provides security from most of the malwares.
So the difference… ANTI-VIRUS  usually deals with the older, more established threats, such as Trojans, viruses, and worms  protects users from lingering, predictable-yet-still-dangerous malware.  best at crushing malware you might contract from a traditional source, like a USB or an email attachment ANTI-MALWARE  typically focuses on newer stuff, such as polymorphic malware and malware delivered by zero-day exploits  protects users from the latest, currently in the wild, and even more dangerous threats.  updates its rules faster than antivirus, meaning that it's the best protection against new malware you might encounter while surfing the net
Effective Anti-Malware Strategy Core Product Research Team Update infrastructure
Anti-Malware Engine Scanning • Monitor and examines various locations on computer like hard disk, registry. • If change has been made to a critical component, it could be sign of infection  Detection • Matching with the definition list. • Classifying as appropriate type such as virus, spyware or Trojans.  Removal
Common challenges… RootKits • Program that can hide files, registry entries, network traffic, or other information. • Kernel mode rootkit could tamper with operating system at lowest level.  Blended Threats • Combined characteristics of viruses, worms and spyware.  Performance • Maintaining high level performance on machine is critical.  Classification • Understand the nature of threat. • Wide variety of nature and context make it difficult to manage.
Two Approaches of Scanning 1.Specific Scanning • signature detection • the application scans files to look for known viruses matching definitions in a “dictionary”. • after recognizing the malicious software the antivirus software can take one of the following actions: 1. attempt to repair the file by removing the virus itself from the file. 2. quarantine the file. 3. or delete the file completely.
Generic Scanning  Generic scanning is also referred to as the suspicious behavior approach.  Used when new malware appear.  In this method the software does not look for a specific signature but instead monitors the behavior of all applications.  if anything questionable is found by the software the application is quarantined and a warning is broadcasted to the user about what the program may be trying to do.
Generic Scanning  if the software is found to be a virus the user can send it to a virus vendor  researchers examine it, determine its signature, name and catalogue it and release antivirus software to stop its spread.
Two Other Approaches  Heuristic analysis  another form of generic scanning  The sandbox method
Heuristic Analysis  software tries to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable.  if the program attempts to use self-modifying code or appears to be a virus, it’s assumed the virus has infected the executable.  there are many false positives in this approach.
Sandboxing  in this approach an antivirus program will take suspicious code and run it in a “virtual machine” to see the purpose of the code and exactly how the code works.  after the program is terminated the software analyzes the sandbox for any changes, which might indicate a virus.
Malware & Anti-Malware
Malware & Anti-Malware

Recommended

Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 

Recommended

Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
Email threats
Email threatsEmail threats
Email threats
Shivam Tomar
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Dos attack
Dos attackDos attack
Dos attack
Manjushree Mashal
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
sadhana21297
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPESdaniyalqureshi712
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 

More Related Content

What's hot

Email threats
Email threatsEmail threats
Email threats
Shivam Tomar
 
Malware ppt
Malware pptMalware ppt
Malware ppt
Faiz Khan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Dos attack
Dos attackDos attack
Dos attack
Manjushree Mashal
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
sadhana21297
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 

What's hot (20)

Email threats
Email threatsEmail threats
Email threats
 
Malware ppt
Malware pptMalware ppt
Malware ppt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
Malware
MalwareMalware
Malware
 
Spoofing
SpoofingSpoofing
Spoofing
 
Network Security
Network SecurityNetwork Security
Network Security
 
Dos attack
Dos attackDos attack
Dos attack
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
Application Security
Application SecurityApplication Security
Application Security
 
Botnets
BotnetsBotnets
Botnets
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 

Viewers also liked

PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
OPSWAT
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
INFONAUTICS GmbH
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
MarketingArrowECS_CZ
 
Tips to remove malwares
Tips to remove malwaresTips to remove malwares
Tips to remove malwares
anthnyq
 
Malware
MalwareMalware
Malware
fovi96
 
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Digiday
 
How to protect pc against Malware
How to protect pc against MalwareHow to protect pc against Malware
How to protect pc against Malware
jackadision
 
How to protect business from malware
How to protect business from malware How to protect business from malware
How to protect business from malware Sanyog Chandra
 
Study Skills, Notetaking and Technology
Study Skills, Notetaking and TechnologyStudy Skills, Notetaking and Technology
Study Skills, Notetaking and Technology
aaberra
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malware
aaberra
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
karanwayne
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
Brent Muir
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Wordpress malware - What is it and how to protect your website.
Wordpress malware - What is it and how to protect your website.Wordpress malware - What is it and how to protect your website.
Wordpress malware - What is it and how to protect your website.
Owen Cutajar
 
Are you a host to malware
Are you a host to malwareAre you a host to malware
Are you a host to malware
Venkateswara Reddy Yeruva
 

Viewers also liked (20)

MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
 
Tips to remove malwares
Tips to remove malwaresTips to remove malwares
Tips to remove malwares
 
Malware
MalwareMalware
Malware
 
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
 
How to protect pc against Malware
How to protect pc against MalwareHow to protect pc against Malware
How to protect pc against Malware
 
How to protect business from malware
How to protect business from malware How to protect business from malware
How to protect business from malware
 
Study Skills, Notetaking and Technology
Study Skills, Notetaking and TechnologyStudy Skills, Notetaking and Technology
Study Skills, Notetaking and Technology
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malware
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Wordpress malware - What is it and how to protect your website.
Wordpress malware - What is it and how to protect your website.Wordpress malware - What is it and how to protect your website.
Wordpress malware - What is it and how to protect your website.
 
Are you a host to malware
Are you a host to malwareAre you a host to malware
Are you a host to malware
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 

Similar to Malware & Anti-Malware

Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptx
itsamuamit11
 
Virus
VirusVirus
Virus
dddaou
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
Saud G
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
Vikas Chandwani
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
Jose Manuel Acosta
 
Viruses notes
Viruses notesViruses notes
Viruses notes
Dara Corporates
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention
Pratimesh Pathak
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdf
Kakai Catalan
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
 
Computervirus
Computervirus Computervirus
Computervirus
Dushyant Shekhawat
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
Sitamarhi Institute of Technology
 

Similar to Malware & Anti-Malware (20)

Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptx
 
Virus
VirusVirus
Virus
 
Presentation2
Presentation2Presentation2
Presentation2
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
virus
virusvirus
virus
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Viruses notes
Viruses notesViruses notes
Viruses notes
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention Computer warms viruses trojans and its prevention
Computer warms viruses trojans and its prevention
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdf
 
Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Computervirus
Computervirus Computervirus
Computervirus
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 

Recently uploaded

在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
JoytuBarua2
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
seandesed
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 

Recently uploaded (20)

在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 

Malware & Anti-Malware

  • 2. CONTENTS MALWARE PURPOSE OF MALWARES TYPES OF MALWARE VIRUSES, WORMS, TROJANS HOW MALWARE SPREADS
  • 3. What is Malware?  Program or code • Made up of two words “Malicious” + “Software”. • 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including • viruses, worms, trojan horses, spyware, adware etc.
  • 4. The purpose of Malware • To subject the user to advertising
  • 5. The purpose of Malware • To launch DDoS on another service
  • 6. The purpose of Malware • To spread spam. • To commit fraud, such as identity theft • For kicks (vandalism), and to spread FUD (fear, uncertainty, doubt) • . . . and perhaps other reasons
  • 9. What exactly is a Virus? Virus propagates by infecting other programs • It attaches itself to other programs or file. • But to propagate a human has to run an infected program. • A term mistakenly applied to trojans and worms. • Self-propagating viruses are often called worms
  • 10. • Many propagation methods • Insert a copy into every executable (.COM, .EXE) • Insert a copy into boot sectors of disks • Infect common OS routines, stay in memory
  • 11. First Virus: Creeper  Written in 1971  Infected DEC PDP-10  machines running TENEX OS  Jumped from machine to machine over ARPANET  copied its state over, tried to delete old copy  Payload: displayed a message  “I’m the creeper, catch me if you can!”  Later, Reaper was written to hunt down Creeper
  • 12. Types of Viruses  Parasitic Virus - attaches itself to executable files as part of their code. Runs whenever the host program runs.  Memory-resident Virus - Lodges in main memory as part of the residual operating system. Boot Sector Virus - infects the boot sector of a disk, and spreads when the operating system boots up (original DOS viruses). Stealth Virus - explicitly designed to hide from Virus Scanning programs. Polymorphic - Virus - mutates with every new host to prevent signature detection.
  • 13. Virus Phases Dormant - waits for a trigger to start replicating Propagation - copies itself into other programs of the same type on a computer. Spreads when the user shares a file with another computer. Usually searches a file for it’s own signature before infecting. Triggering - starts delivering payload. Sometimes triggered on a certain date, or after a certain time after infection. Execution - payload function is done. Perhaps it put a funny message on the screen, or wiped the hard disk clean. It may become start the first phase over again.
  • 14. Okay, So Then What’s a Worm? Similar to a virus, but propagates itself without human interaction.
  • 15. Six Components of Worms 1) Reconnaissance 2) Specific Attacks 3) Command Interface 4) Communication Mechanisms 5) Intelligence Capabilities 6) Unused and Non-attack Capabilities
  • 16. Reconnaissance • Target identification • Active methods • scanning • Passive methods • OS fingerprinting • traffic analysis
  • 17. Specific Attacks • Exploits • buffer overflows, cgi-bin, etc. • Trojan horse injections • Limited in targets • Two components • local, remote
  • 18. Command Interface • Interface to compromised system • administrative shell • network client • Accepts instructions • person • other worm node
  • 19. communications  Information transfer  Protocols  Stealth concerns
  • 20. Intelligence Database  Knowledge of other nodes  Concrete vs. abstract  Complete vs. incomplete
  • 21. Worm Propagation Back-Chaining Propagation The Cheese worm is an example of this type of propagation where the attacking computer initiates a file transfer to the victim computer. After initiation, the attacking computer can then send files and any payload over to the victim without intervention. Then the victim becomes the attacking computer in the next cycle with a new victim. This method of propagation is more reliable then central source because central source data can be cut off.
  • 22. Worm Propagation Central Source Propagation This type of propagation involves a central location where after a computer is infected it locates a source where it can get code to copy into the compromised computer then after it infects the current computer it finds the next computer and then everything starts over again. And example of the this kind of worm is the 1i0n worm.
  • 23. Worm Propagation Autonomous Propagation Autonomous worms attack the victim computer and insert the attack instructions directly into the processing space of the victim computer which results in the next attack cycle to initiate without any additional file transfer. Code Red is an example of this type of worm. The original Morris worm of 1988 was of this nature as well.
  • 24. Yeah, but what’s a Trojan? A small program that is designed to appear desirable but is in fact malicious Must be run by the user Do not replicate themselves Used to take over a computer, or steal/delete data Good Trojans will not: alert the user alter the way their computer works
  • 25. TROJANS  Trojan Horses can install backdoors, perform malicious scanning, monitor system logins and other malicious activities.  Majority of modern trojan horses are backdoor utilities  Sub Seven  Netbus  Back Orifice  Feature set usually includes remote control, desktop viewing, http/ftp server, file sharing, password collecting, port redirection  Some of these trojan horses can be used as legitimate remote administration tools  Other trojans are mostly programs that steal/delete data or can drop viruses
  • 26. HOW MALWARE SPREADS… Just by visiting seemingly harmless website. DRIVE BY DOWNLOAD. By mails, attachments, links. By physical media. Software vulnerabilities or bugs.
  • 28. ANTI-MALWARE Softwares developed to combat all types of Malwares. Are they different from Anti-Viruses?  Viruses were extremely “popular” in the ‘90s, which is when the term “Antivirus” became common.  but today viruses are the minority when it comes to malware.  So, nearly all anti-virus provides security from most of the malwares.
  • 29. So the difference… ANTI-VIRUS  usually deals with the older, more established threats, such as Trojans, viruses, and worms  protects users from lingering, predictable-yet-still-dangerous malware.  best at crushing malware you might contract from a traditional source, like a USB or an email attachment ANTI-MALWARE  typically focuses on newer stuff, such as polymorphic malware and malware delivered by zero-day exploits  protects users from the latest, currently in the wild, and even more dangerous threats.  updates its rules faster than antivirus, meaning that it's the best protection against new malware you might encounter while surfing the net
  • 30. Effective Anti-Malware Strategy Core Product Research Team Update infrastructure
  • 31. Anti-Malware Engine Scanning • Monitor and examines various locations on computer like hard disk, registry. • If change has been made to a critical component, it could be sign of infection  Detection • Matching with the definition list. • Classifying as appropriate type such as virus, spyware or Trojans.  Removal
  • 32.
  • 33. Common challenges… RootKits • Program that can hide files, registry entries, network traffic, or other information. • Kernel mode rootkit could tamper with operating system at lowest level.  Blended Threats • Combined characteristics of viruses, worms and spyware.  Performance • Maintaining high level performance on machine is critical.  Classification • Understand the nature of threat. • Wide variety of nature and context make it difficult to manage.
  • 34. Two Approaches of Scanning 1.Specific Scanning • signature detection • the application scans files to look for known viruses matching definitions in a “dictionary”. • after recognizing the malicious software the antivirus software can take one of the following actions: 1. attempt to repair the file by removing the virus itself from the file. 2. quarantine the file. 3. or delete the file completely.
  • 35. Generic Scanning  Generic scanning is also referred to as the suspicious behavior approach.  Used when new malware appear.  In this method the software does not look for a specific signature but instead monitors the behavior of all applications.  if anything questionable is found by the software the application is quarantined and a warning is broadcasted to the user about what the program may be trying to do.
  • 36. Generic Scanning  if the software is found to be a virus the user can send it to a virus vendor  researchers examine it, determine its signature, name and catalogue it and release antivirus software to stop its spread.
  • 37. Two Other Approaches  Heuristic analysis  another form of generic scanning  The sandbox method
  • 38. Heuristic Analysis  software tries to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable.  if the program attempts to use self-modifying code or appears to be a virus, it’s assumed the virus has infected the executable.  there are many false positives in this approach.
  • 39. Sandboxing  in this approach an antivirus program will take suspicious code and run it in a “virtual machine” to see the purpose of the code and exactly how the code works.  after the program is terminated the software analyzes the sandbox for any changes, which might indicate a virus.