SlideShare a Scribd company logo

Viruses & Malware: Effects On Enterprise Networks

Download as DOCX, PDF
Diane M. Metcalf
Diane M. Metcalf

Viruses & Malware: Effects On Enterprise Networks

Technology
1 of 15
Viruses & Malware: Effects on Enterprise Networks Diane M. Duhé July 5, 2011
Abstract Malware poses a significant threat to computer networks of all sizes. This paper will provide a summarization of three of the key components of malware infection as it pertains to enterprise networks: Detection, Disinfection and Related Costs. The “Detection” element comprises a synopsis of two types of malware, metamorphic and polymorphic, and discusses three popular models of heuristic, behavioral malware detection: signature-based, file emulation, and file analysis. Two new emerging models of detection, “traffic aggregation” (communication), and network vulnerability scanning are also discussed. The papers “Disinfection” component includes an overview of the two types of system infection (memory-file- registry infectors, and memory-only infectors) and the current methods of disinfection, including malware-specific removal tools, real time scanners, cloud-based technologies, and pro’s and con’s of each. Methods for quantifying costs of direct and indirect malware attacks, the importance of utilizing “value calculators” and creating/implementing security budgets are outlined in “The Related Costs of Malware”.
Introduction Malware, simply defined, is software that is not beneficial, and may in fact be harmful, to a computer. It poses a significant threat to all computer networks, whether large or small, public or private. Some forms of malware; such as botnets, trojans, root kits, and spyware, are often difficult to detect and/or isolate, because they’re non-disruptive in their course of action. This paper will provide a summarization of three of the key components of malware infection as it pertains to enterprise networks: Detection, Disinfection and Related Costs. The term “Malware” once referred to viruses and worms, but current malware has evolved into a very selective type of tool. Malware is no longer written using amateur scripts, or using “copy and paste” methods, by “script kiddies.” Instead, highly trained programmers are authoring today’s malware, being covertly trained and supported, via political syndicates, organized crime, government sanctioned- unacknowledged (“dark”) ops, and some nation-states. [1] What was once considered to be rebellious behavior or pranks has progressed into serious criminal activity. Malware is now used for crimes such as industrial espionage: “transmitting digital copies of trade secrets” [2] such as customer names, business plans, contracts…virtually any and all private or personal information. As cell phones are increasingly used as mobile computing devices, and are attached to networks, they are also at risk for malware infection. They are included in this discussion as well. In order to discuss current and emerging detection and disinfection techniques, it is necessary to have a basic understanding of how malware infection occurs and how it avoids detection in order to carry out its’ functions.
Popular Methods of Infection Exploits and “Drive-by downloads” Although not a well-known fact, an extensive, highly developed “malware distribution network” is in existence on the internet. Its structure is tree-like, with the outer branches being the web pages that serve as “landing sites” which move users further into a trunk system of web servers, which are actually malware “distribution sites”. The Distribution Sites install malware by exploiting security holes in the machines browsers or in applications such as Adobe and JavaScript. When this type of exploit is successful, the hacker has complete control of the machine at the system level. By using the same exploits, programs called “file droppers” can be installed. A file dropper is “a program that will continue to install malicious code”. Since it is not itself an infected file-it simply carries code- it is not detected by virus-scanning software [3]. Some droppers install applications that are able to record keystrokes, easily stealing passwords, banking information, etc. Some droppers install software that will add the PC to a larger group of exploited machines that are used as a group, for carrying out malicious actions. The ways to increase the number of these landing sites is continuously growing. Utilizing security patches in order to prevent infection should be used whenever possible, rather than “workarounds.” The ideal solution to this type of infection would include identifying software vulnerabilities, developing and issuing patches, implementing them, and educating users. Social engineering A very common, and very old, but successful way of introducing infection is by using “Social Engineering” techniques. Social Engineering is defined in many ways- from “The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional” to “con games performed by con artists.” [4] Social Engineering is basically a psychological, manipulative tool that is dependent upon and takes advantage of a person’s natural predisposition to be trusting. Social engineering techniques persuade unwary users to perform actions, such as clicking on links, which result in malware being downloaded and installed on their computer.
. Rogue Infection Rogue infections are “fake” virus pop-up alerts, that are installed via a compromised web page that exploits security holes, much like “drive-by” infections. Rogues “notify” users that their computer is “infected” or that it has “critical errors”. These are realistic looking alerts and usually appear as if generated by the installed operating system. Whether the user closes the pop-up window, or clicks “cancel” or “OK”, the result is always the same: malware is installed (usually trojans). The user then continues to be prompted, via pop-ups, to purchase anti-virus software that will remove the malware. With these types of infections, network settings are often changed, proxies are installed, or homepages are redirected (“hijacked”). Peer-to-peer (P2P), torrent and file sharing programs When using file sharing programs, it is difficult to verify that the source of the files is trustworthy, because the users that are sharing their files remain anonymous. Many times, file sharing applications are used to pass on malicious code, such as spyware, viruses, trojans, or worms, via the shared files. E-mail Two common ways that email is used to deliver malware, are the use of attachments as well as the use of links within the body of the email. The attachment may contain embedded malware. Opening the attachment will launch the malware program. Clicking on a link contained in an email could exploit security holes in the web browser, or use exploits to activate a malware program that’s embedded in the e- mail message. Or, the link may open an infected web page that holds embedded malware. USB devices There were an estimated 3.75 million malware attacks via USB devices in the first quarter of 2010.[5] “ USB devices, which include portable gaming units, digital camera memory cards, cell phones, MP3 players, portable USB CD/DVD drives, FireWire and eSATA devices, and digital picture frames, are extremely susceptible to becoming carriers of malware, and reinfecting other machines.
USB malware transmission begins by inserting the device into an infected machine, whereby the malicious software copies itself to all storage locations and devices - network shares, local drives, and removable media such as USB drives. By altering the autorun.inf file and copying hidden malware files to the drive, the autorun.inf file will launch and execute the malware when the portable drive is inserted into a different machine. The malware copies itself into Windows operating system files and are able to replicate every time the computer is booted. Disabling the “auto run” feature in Windows operating system, to prevent the autorun.ini file from automatically launching ,seems like good preventative measure, but in reality, even just browsing to the root folder of an infected USB stick can still trigger the infection by taking advantage of Windows processes.[6] Malware Types and Subsequent Detection Malware detection has been accomplished, until very recently, mainly by using “signatures”. Signature based malware detection requires malware to be identified by way of analysis of it’s’ code; searching for and finding code that is unique to that specific malware program. The discovered code is then used to create anti- malware software that is based on recognizing that code. Once created, the anti-malware software must then be installed onto the computer system, and allowed to scan, detect and remove the malware. This entire process must be repeated anew for every novel instance or variant of malware. [7] As malware continues to evolve in ways that avoid detection, it is simply not practical to continue detection in this manner, even when a single signature is constant within a large proportion of malware. The main way that malware avoids detection by signature based antivirus scanners is by using “obfuscation”[8] which is a technique which changes malware into new and different versions of itself, all while maintaining functionality. “Obfuscation” actually uses encryption in the main body of the malware program. Once the malware is launched, a built-in decryptor recoups the main body. Because the decryptor itself remains constant, it can be detected by antivirus scanners that have been developed to detect decryptor patterns. In this “reverse” way, the presence of the obfuscated malware is detected. Polymorphic malware was created in response to this decryptor constancy problem. Polymorphic malware is able to create limitless encryptors, thereby increasing the difficulty for signature based scanners to detect it. There is a variation of
Polymorphic malware called “Metamorphic” malware, which takes this a step further. Metamorphic malware can recognize, parse and mutate itself as it spreads, and it does not utilize encryption at all. In response to these types of malware adaptations, proactive, heuristic, dynamic, anti-malware scanning has been developed. Heuristic scanning compares the source code of a file to the source code of known malware. If the detected code matches a certain percentage of the known malware code, it is labeled as a possible threat. Dynamic scanning is real-time scanning that allows code to be run in a virtual environment, or “sand-box” while it is observed. “File Emulation” is a type of dynamic scanning that analyzes the characteristics and behavior of code in this virtual environment, and if the code behaves like malware, it is considered to actually be malware [9] and is treated as such. “File Analysis” is a scanning method that works in real-time, (dynamic) and utilizes behavioral analysis of files in order to determine their intent (heuristic). Both of these methods (File Emulation and File Analysis) assess the effects of a particular application. They monitor for activities like replication and file overwriting. In this manner, many types of Polymorphic and Metamorphic malware can be detected with a sole behavioral specification. Malware that infects mobile phones is usually spread through SMS/MMS messaging and Bluetooth. Because cell phones are limited in CPU capacity as well as memory capacity and battery power, detection methods for these devices need to carry a small footprint. [10] Dynamic, heuristic scanning methods as outlined above, work best for these types of devices. “Traffic aggregation” detection is based on the idea that malware usually infects multiple systems on a network, and that the malware communicates with external networks, (to export data, or receive commands). By analyzing network flow, identifying communications that share common characteristics (aggregates) including payload, flow to a common external network, or identifying internal hosts that share similar software platforms [11], malware infections can be detected.
The final type of detection to be discussed is “Network Vulnerability Scanning.” This type of scanning is an event-driven approach that looks at network context. Network activity is monitored and triggers/alerts result from particular changes in network activity. [12] Disinfection The purpose of “Disinfection” is to restore the system to its’ previous state of functionality, prior to infection, ideally, without having to reinstall software. To understand the concept of Disinfection, this section includes an overview of the two types of system infection: memory-file-registry infectors, and memory-only infectors. The disinfection method utilized will depend upon the type of malware that is infecting the system. 1. Memory-File- Registry Infectors Memory-File- Registry Infectors use any combination of the memory, file and /or Registry in order to control the system. These infections can reside in memory as a process or service, add or modify registry entries, or modify an existing or dropped file. If the modified file resides in memory, then that complicates the process, because operating systems will not allow the deletion of a file as long as an associated process or service is residing in memory. Memory scanners, file scanners and registry scanners are all used to detect this type of infection. 2. Memory Only Infectors Memory only infectors don’t use files, or the registry. They exist as either a process or a service and because of that, are more difficult to detect. Memory resident malware is the most damaging type of malware because it becomes active when a malware application, or infected program, is launched, or at system boot. It remains active until the machine is rebooted, turned off, or power to the machine is otherwise disrupted.
As mentioned above, operating systems will not allow the deletion of a file as long as an associated process or service is residing in memory, so any memory resident processes associated with the malware must first be killed and/or the associated resident services stopped. Doing this takes control away from the malware, and prevents the malware from reinfecting the machine, or restoring its physical counterpart. (That is, unless the malware has started another process or service, or replicated itself before the process or service has been stopped. [13] Disinfection Methods Removal Tools “Removal Tools” are popular solutions during large outbreaks of infection. They have advantages, such as being small, quickly downloadable, and that they are executed separately from other scans. Removal Tools are malware-specific, which is a disadvantage. Each tool will only disinfect a system of specific malware or family of malware. Another disadvantage is that often they cannot be deployed from a central location, making it nearly impossible to use them in large organizations. Real time scanners Real time scanners (also called resident scanners) provide automatic protection by Monitoring for suspicious activity while data is flowing into the computer or when a file is opened. It runs in active (resident) memory.[14] Because monitoring is done is real time, malware is able to be detected before it installs or propagates on the machine. When the scanner identifies a potential malware infection, it takes appropriate action by quarantining or deleting the program and alerting the user. On-Demand Scanners On-Demand Scanners examine the contents of the hard drive. The user can choose to examine a portion of the drive, certain types of files, for example “documents” only, or the entire drive. This type of scan is relatively slow, since every file on the machine is examined, and it tends to utilize computer resources such as memory. Once the scan is finished, additional scans will not be performed unless they have been auto-scheduled or the scanner is launched manually.
“Cloud Based” Scanners Online scanners provide an additional option for malware detection and disinfection. Many times, when a computer is infected with malware, the existing protection is disabled, or because the network settings have been reconfigured, the anti-malware software cannot update. By utilizing an online scanner, an infected machine can be diagnosed and disinfected quickly, on-the-fly. They typically have user-friendly interfaces, do not require scheduling, updating or configuring [15]. They use very few system resources because they are running via powerful servers. They have up-to- date databases and the latest file definitions. The Related Costs of Malware Determining and balancing the cost of malware is actually an exercise in risk analysis. The first step to determining this expense, is assigning values to all information assets. The second step is to estimate the potential loss The assigned asset and loss values are then used to determine the single loss expectancy (SLE), which is defined as the expense of recovering from a single malware attack. Calculating the SLE includes a summation of the following costs: [16] The cost of purchasing/maintaining anti-malware products The ongoing cost for maintaining anti-malware ie: subscriptions for updates/other related services Assigning a value to the company's data (calculated by determining how much it would cost to restore or re-create different types of lost information, such as sales records, tax information, contact information, emails) Lost revenue Potential cost of fines and penalties for violating confidentiality/privacy agreements Loss of employee productivity Cost of repairing damaged systems Hardware overhead (all anti-malware products consume resources such as processing power, memory and disk space) Determine the annual loss expectancy (ALE) of a single malware attack based on average number of previous attacks per year
Multiply the SLE by the ALE to determine the annual cost of malware for the business. [17] Setting a Security Budget After determining the annual cost of malware, it is crucial to plan an anti- malware budget accordingly. The figures from the above calculations will provide a rough estimation for the planned yearly expenditure for anti- malware protection. Assess the amount of risk that the company is willing to take. For example, some companies might choose to accept a higher level of risk of infection, because it’s been determined that the actual probability of attack is very low, or because the organization has lowered some risks in other ways, such as by purchasing insurance, or the use of offsite backup solutions. These calculations can be used in creating a security budget, and /or for calculating the value of the particular anti-malware tools already in place. [18] Calculators There are many risk calculators available online as shareware. They are easy to use, and will generate an estimate of various risks, using several of the variables mentioned above. One such calculator was used to estimate the financial risk for a fictitious organization of 1,000 employees. The calculator located at http://www.cmsconnect.com/Marketing/viruscalc.htm, analyzed the organizations’ workplace and email environment, (using number of employees with email access, number of minutes of email usage per employee per day, and average employee salary) along with the number of IT staff, and average salary The effects of an email malware attack in regards to salary and productivity are found as follows: It was determined that a fictitious organization of 1,000 employees earning an average e of $25/hr, and using email for approximately 30 minutes per day, would cost the company 524 hours, which translates into $13,700.00 in lost salaries per day (or $570.83 per hour)
Conclusion: Malware is comprised of several types of harmful applications. It affects networks of all sizes, and is installed via various means, many times without a users consent or knowledge. It is costly to businesses in regard to prevention as well as recovery. Malware is no longer viewed as a prank created by script kiddies. Malware is now developed by professional programmers who are paid for their work, and is used to steal information of all kinds. New types of malware are continuously being developed in order to avoid detection. Malware is installed on systems via several methods, some of which require user interaction and some of which do not. Educating users about means such as social engineering, and phishing is a pro-active way to help carry out prevention. Disinfection methods have for the most part, been reactive, although new, proactive methods of detection and disinfection are being developed. Detection and disinfection can be costly. Risk analysis and assessment must be performed and are a necessary element in assessing the necessary expenditures that a business should prepare to incur. Creating and implementing a security budget are essential in order to protect information assets, privacy, confidentiality, and the network infrastructure.
References 1. George Ledin, Jr, ( (February 2011 vol. 54 - 2)The Growing Harm of Not Teaching Malware, Communications of the ACM 2. Steve Lohr, January 17, 2010, Companies Fight Endless War Against Computer Attacks, NYTimes.com, retrieved 05/27/2011 from: http://www.nytimes.com/2010/01/18/technology/internet/18defend.html 3. Ilsun You, Kangbin Yim, (2010) Malware Obfuscation Techniques: A Brief Survey, ACM Digital Library, retrieved on June 07, 2011 from: https://connect.spsu.edu/plugins/dl/pdf/proceedings/bwcca/2010/4236/00/,DanaInfo=.ao skjmsE345Jn0z399v9S8A2+4236a297.pdf?template=1&loginState=2&userData=South ern%2BPolytechnic%2BState%2BUniversity%253ASouthern%2BPolytechnic%2BState %2BUniversity%253AAddress%253A%2B168.28.177.10%252C%2B%255B140.98.196 .192%252C%2B168.28.177.10%255D 4 Jerri Ledford, Social Engineering, Identity Theft, About.com retrieved on 06/30/11 from: http://idtheft.about.com/od/glossary/g/Social_Engineer.htm 5. Prague, Czech Republic (2010) Auto Run for malware: One out of every eight attacks comes via a USB device, Avast retrieved on 06/21/11 from: http://www.avast.com/pr-autorun-for-malware-one-out-of-every-eight-attacks- come-via-a-usb-device 6. Lumension Security Inc, Unruly USB: Devices Expose Networks to Malware, lumension.com 7.Ellen Messmer, (2008) Security vendors leaving 'old school' malware detection methods behind, NetworkWorld, retrieved on 06/06/11 from: http://www.networkworld.com/news/2008/121208-crystal-ball-antivirus.html 8. http://www.webopedia.com/TERM/D/dropper.html
9. Karl, (2010) USB Top Method for Spreading Malware, Computer TLC, retrieved on 06/21/11 from: http://computertlc.net/whats-hot/usb-top-method-for-spreading-malware 10. Abhijit Bose, Xin Hu ,Kang G. Shin,Taejoon Park, (2008) Behavioral Detection of Malware on Mobile Handsets, ACM Digital Library, retrieved on 06/16/11 from: https://connect.spsu.edu/10.1145/1380000/1378626/,DanaInfo=.adfnlzjx5HjmxL15v+p2 25- bose.pdf?ip=168.28.177.10&CFID=29653738&CFTOKEN=77369117&__acm__=13085 79214_d19c9d6878a170ad7496e95dd6796ec9 11. Ting-fang Yen, Michael K. Reiter, Traffic Aggregation for Malware Detection, ACM Digital Library, retrieved on 06/03/11 from: http://portal.acm.org/citation.cfm?id=1428337 12. Yunjing Xu, Michael Bailey, Eric Vander Weele, Farnam Jahanian CANVuS: context-aware network vulnerability scanning (2010) ACM Digital Library, retrieved on 06/18/2011 from: https://connect.spsu.edu/,DanaInfo=.apptweqFhkvJz3t+citation.cfm?id=1894166.18941 77&coll=DL&dl=GUIDE&CFID=29653738&CFTOKEN=77369117&preflayout=flat#sourc e 13. Jong Purisima and Vincent Tiu, System Disinfection, GovernmentSecurity.Org,Network Security Resources retrieved on 06/18/2011 from: htttp://www.governmentsecurity.org/forum/index.php?showtopic=276 14 http://support.kasperskyamericas.com/ 15. Pros and Cons of Free Online Virus Scanners , ProductivtyPortfolio, retrieved on 07/02/11 from: http://www.timeatlas.com/web_sites/general/pros_and_cons_of_free_online_virus_scan ners
16. John Edwards, April 30, 2009, Money for Nothing: The Real Cost of Malware, Focus, retrieved 06/028/11 from: http://www.focus.com/briefs/it-security/money-nothing- real-cost-malware/ 17. John Edwards, (2008) The Malware Burden, Network Security Journal,retrieved on June 28, 2011 from: http://www.networksecurityjournal.com/features/malware-burden- 012208/ 18. Balancing the cost and benefits of countermeasures, SearchSecurity.com, retrieved on June29 2011 from: http://searchsecurity.techtarget.com/feature/Balancing-the-cost- and-benefits-of-countermeasures Other References: Vinod P, V.Laxmi, M.S.Gaur, Survey on Malware Detection Methods,retrieved 06/02/11 from: http://www.security.iitk.ac.in/contents/events/workshops/iitkhack09/papers/vinod.pdf Aubrey-Derrick Schmidt · Frank Peters · Florian Lamour · Christian Scheel · Seyit Ahmet Çamtepe · ¸ Sahin Albayrak, (November 2008) Monitoring Smartphone’s for Anomaly Detection, ACM Digital Library , retrieved on 06/18/11 from: https://connect.spsu.edu/,DanaInfo=.apptweqFhkvJz3t+citation.cfm?id=1503496.15035 04&coll=DL&dl=GUIDE&CFID=29700256&CFTOKEN=40903672 Linda Musthaler, Google says the scope of drive-by malware is 'Significant' (Mar 3, 2008) Networkworld, retrieved on 06/5/2011 from: http://www.networkworld.com/newsletters/2008/0303techexec1.html

Recommended

Malware
MalwareMalware
Malwarezelkan19
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 

Recommended

Malware
MalwareMalware
Malwarezelkan19
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile MalwareMartin Holovský
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 
Antivirus
AntivirusAntivirus
AntivirusPankaj Kumawat
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and ThreatsMarketingArrowECS_CZ
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet securityRahul Sah
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attackBhavesh soni
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Malware forensic
Malware forensicMalware forensic
Malware forensicSumeraHangi
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPESdaniyalqureshi712
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18Muhammad Ramzan
 
Product brochure-print-spread
Product brochure-print-spreadProduct brochure-print-spread
Product brochure-print-spreadTran Thi Thuy Tuyet
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 

More Related Content

What's hot

Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet securityRahul Sah
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attackBhavesh soni
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Malware forensic
Malware forensicMalware forensic
Malware forensicSumeraHangi
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 

What's hot (20)

Antivirus
AntivirusAntivirus
Antivirus
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet security
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
Malware
MalwareMalware
Malware
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attack
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File Inclusion
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18
 
Product brochure-print-spread
Product brochure-print-spreadProduct brochure-print-spread
Product brochure-print-spread
 

Viewers also liked

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 
Network virus
Network virusNetwork virus
Network virusA M
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 

Viewers also liked (6)

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
 
Network virus
Network virusNetwork virus
Network virus
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1
 

Similar to Viruses & Malware: Effects On Enterprise Networks

Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementMuhammad FAHAD
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
The process of computer security
The process of computer securityThe process of computer security
The process of computer securityWritingHubUK
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The InternetHeidi Maestas
 

Similar to Viruses & Malware: Effects On Enterprise Networks (20)

Presentation2
Presentation2Presentation2
Presentation2
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
Computer virus
Computer virusComputer virus
Computer virus
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
The process of computer security
The process of computer securityThe process of computer security
The process of computer security
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
Malware
MalwareMalware
Malware
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The Internet
 
Dickmaster
DickmasterDickmaster
Dickmaster
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Viruses & Malware: Effects On Enterprise Networks

  • 1. Viruses & Malware: Effects on Enterprise Networks Diane M. Duhé July 5, 2011
  • 2. Abstract Malware poses a significant threat to computer networks of all sizes. This paper will provide a summarization of three of the key components of malware infection as it pertains to enterprise networks: Detection, Disinfection and Related Costs. The “Detection” element comprises a synopsis of two types of malware, metamorphic and polymorphic, and discusses three popular models of heuristic, behavioral malware detection: signature-based, file emulation, and file analysis. Two new emerging models of detection, “traffic aggregation” (communication), and network vulnerability scanning are also discussed. The papers “Disinfection” component includes an overview of the two types of system infection (memory-file- registry infectors, and memory-only infectors) and the current methods of disinfection, including malware-specific removal tools, real time scanners, cloud-based technologies, and pro’s and con’s of each. Methods for quantifying costs of direct and indirect malware attacks, the importance of utilizing “value calculators” and creating/implementing security budgets are outlined in “The Related Costs of Malware”.
  • 3. Introduction Malware, simply defined, is software that is not beneficial, and may in fact be harmful, to a computer. It poses a significant threat to all computer networks, whether large or small, public or private. Some forms of malware; such as botnets, trojans, root kits, and spyware, are often difficult to detect and/or isolate, because they’re non-disruptive in their course of action. This paper will provide a summarization of three of the key components of malware infection as it pertains to enterprise networks: Detection, Disinfection and Related Costs. The term “Malware” once referred to viruses and worms, but current malware has evolved into a very selective type of tool. Malware is no longer written using amateur scripts, or using “copy and paste” methods, by “script kiddies.” Instead, highly trained programmers are authoring today’s malware, being covertly trained and supported, via political syndicates, organized crime, government sanctioned- unacknowledged (“dark”) ops, and some nation-states. [1] What was once considered to be rebellious behavior or pranks has progressed into serious criminal activity. Malware is now used for crimes such as industrial espionage: “transmitting digital copies of trade secrets” [2] such as customer names, business plans, contracts…virtually any and all private or personal information. As cell phones are increasingly used as mobile computing devices, and are attached to networks, they are also at risk for malware infection. They are included in this discussion as well. In order to discuss current and emerging detection and disinfection techniques, it is necessary to have a basic understanding of how malware infection occurs and how it avoids detection in order to carry out its’ functions.
  • 4. Popular Methods of Infection Exploits and “Drive-by downloads” Although not a well-known fact, an extensive, highly developed “malware distribution network” is in existence on the internet. Its structure is tree-like, with the outer branches being the web pages that serve as “landing sites” which move users further into a trunk system of web servers, which are actually malware “distribution sites”. The Distribution Sites install malware by exploiting security holes in the machines browsers or in applications such as Adobe and JavaScript. When this type of exploit is successful, the hacker has complete control of the machine at the system level. By using the same exploits, programs called “file droppers” can be installed. A file dropper is “a program that will continue to install malicious code”. Since it is not itself an infected file-it simply carries code- it is not detected by virus-scanning software [3]. Some droppers install applications that are able to record keystrokes, easily stealing passwords, banking information, etc. Some droppers install software that will add the PC to a larger group of exploited machines that are used as a group, for carrying out malicious actions. The ways to increase the number of these landing sites is continuously growing. Utilizing security patches in order to prevent infection should be used whenever possible, rather than “workarounds.” The ideal solution to this type of infection would include identifying software vulnerabilities, developing and issuing patches, implementing them, and educating users. Social engineering A very common, and very old, but successful way of introducing infection is by using “Social Engineering” techniques. Social Engineering is defined in many ways- from “The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional” to “con games performed by con artists.” [4] Social Engineering is basically a psychological, manipulative tool that is dependent upon and takes advantage of a person’s natural predisposition to be trusting. Social engineering techniques persuade unwary users to perform actions, such as clicking on links, which result in malware being downloaded and installed on their computer.
  • 5. . Rogue Infection Rogue infections are “fake” virus pop-up alerts, that are installed via a compromised web page that exploits security holes, much like “drive-by” infections. Rogues “notify” users that their computer is “infected” or that it has “critical errors”. These are realistic looking alerts and usually appear as if generated by the installed operating system. Whether the user closes the pop-up window, or clicks “cancel” or “OK”, the result is always the same: malware is installed (usually trojans). The user then continues to be prompted, via pop-ups, to purchase anti-virus software that will remove the malware. With these types of infections, network settings are often changed, proxies are installed, or homepages are redirected (“hijacked”). Peer-to-peer (P2P), torrent and file sharing programs When using file sharing programs, it is difficult to verify that the source of the files is trustworthy, because the users that are sharing their files remain anonymous. Many times, file sharing applications are used to pass on malicious code, such as spyware, viruses, trojans, or worms, via the shared files. E-mail Two common ways that email is used to deliver malware, are the use of attachments as well as the use of links within the body of the email. The attachment may contain embedded malware. Opening the attachment will launch the malware program. Clicking on a link contained in an email could exploit security holes in the web browser, or use exploits to activate a malware program that’s embedded in the e- mail message. Or, the link may open an infected web page that holds embedded malware. USB devices There were an estimated 3.75 million malware attacks via USB devices in the first quarter of 2010.[5] “ USB devices, which include portable gaming units, digital camera memory cards, cell phones, MP3 players, portable USB CD/DVD drives, FireWire and eSATA devices, and digital picture frames, are extremely susceptible to becoming carriers of malware, and reinfecting other machines.
  • 6. USB malware transmission begins by inserting the device into an infected machine, whereby the malicious software copies itself to all storage locations and devices - network shares, local drives, and removable media such as USB drives. By altering the autorun.inf file and copying hidden malware files to the drive, the autorun.inf file will launch and execute the malware when the portable drive is inserted into a different machine. The malware copies itself into Windows operating system files and are able to replicate every time the computer is booted. Disabling the “auto run” feature in Windows operating system, to prevent the autorun.ini file from automatically launching ,seems like good preventative measure, but in reality, even just browsing to the root folder of an infected USB stick can still trigger the infection by taking advantage of Windows processes.[6] Malware Types and Subsequent Detection Malware detection has been accomplished, until very recently, mainly by using “signatures”. Signature based malware detection requires malware to be identified by way of analysis of it’s’ code; searching for and finding code that is unique to that specific malware program. The discovered code is then used to create anti- malware software that is based on recognizing that code. Once created, the anti-malware software must then be installed onto the computer system, and allowed to scan, detect and remove the malware. This entire process must be repeated anew for every novel instance or variant of malware. [7] As malware continues to evolve in ways that avoid detection, it is simply not practical to continue detection in this manner, even when a single signature is constant within a large proportion of malware. The main way that malware avoids detection by signature based antivirus scanners is by using “obfuscation”[8] which is a technique which changes malware into new and different versions of itself, all while maintaining functionality. “Obfuscation” actually uses encryption in the main body of the malware program. Once the malware is launched, a built-in decryptor recoups the main body. Because the decryptor itself remains constant, it can be detected by antivirus scanners that have been developed to detect decryptor patterns. In this “reverse” way, the presence of the obfuscated malware is detected. Polymorphic malware was created in response to this decryptor constancy problem. Polymorphic malware is able to create limitless encryptors, thereby increasing the difficulty for signature based scanners to detect it. There is a variation of
  • 7. Polymorphic malware called “Metamorphic” malware, which takes this a step further. Metamorphic malware can recognize, parse and mutate itself as it spreads, and it does not utilize encryption at all. In response to these types of malware adaptations, proactive, heuristic, dynamic, anti-malware scanning has been developed. Heuristic scanning compares the source code of a file to the source code of known malware. If the detected code matches a certain percentage of the known malware code, it is labeled as a possible threat. Dynamic scanning is real-time scanning that allows code to be run in a virtual environment, or “sand-box” while it is observed. “File Emulation” is a type of dynamic scanning that analyzes the characteristics and behavior of code in this virtual environment, and if the code behaves like malware, it is considered to actually be malware [9] and is treated as such. “File Analysis” is a scanning method that works in real-time, (dynamic) and utilizes behavioral analysis of files in order to determine their intent (heuristic). Both of these methods (File Emulation and File Analysis) assess the effects of a particular application. They monitor for activities like replication and file overwriting. In this manner, many types of Polymorphic and Metamorphic malware can be detected with a sole behavioral specification. Malware that infects mobile phones is usually spread through SMS/MMS messaging and Bluetooth. Because cell phones are limited in CPU capacity as well as memory capacity and battery power, detection methods for these devices need to carry a small footprint. [10] Dynamic, heuristic scanning methods as outlined above, work best for these types of devices. “Traffic aggregation” detection is based on the idea that malware usually infects multiple systems on a network, and that the malware communicates with external networks, (to export data, or receive commands). By analyzing network flow, identifying communications that share common characteristics (aggregates) including payload, flow to a common external network, or identifying internal hosts that share similar software platforms [11], malware infections can be detected.
  • 8. The final type of detection to be discussed is “Network Vulnerability Scanning.” This type of scanning is an event-driven approach that looks at network context. Network activity is monitored and triggers/alerts result from particular changes in network activity. [12] Disinfection The purpose of “Disinfection” is to restore the system to its’ previous state of functionality, prior to infection, ideally, without having to reinstall software. To understand the concept of Disinfection, this section includes an overview of the two types of system infection: memory-file-registry infectors, and memory-only infectors. The disinfection method utilized will depend upon the type of malware that is infecting the system. 1. Memory-File- Registry Infectors Memory-File- Registry Infectors use any combination of the memory, file and /or Registry in order to control the system. These infections can reside in memory as a process or service, add or modify registry entries, or modify an existing or dropped file. If the modified file resides in memory, then that complicates the process, because operating systems will not allow the deletion of a file as long as an associated process or service is residing in memory. Memory scanners, file scanners and registry scanners are all used to detect this type of infection. 2. Memory Only Infectors Memory only infectors don’t use files, or the registry. They exist as either a process or a service and because of that, are more difficult to detect. Memory resident malware is the most damaging type of malware because it becomes active when a malware application, or infected program, is launched, or at system boot. It remains active until the machine is rebooted, turned off, or power to the machine is otherwise disrupted.
  • 9. As mentioned above, operating systems will not allow the deletion of a file as long as an associated process or service is residing in memory, so any memory resident processes associated with the malware must first be killed and/or the associated resident services stopped. Doing this takes control away from the malware, and prevents the malware from reinfecting the machine, or restoring its physical counterpart. (That is, unless the malware has started another process or service, or replicated itself before the process or service has been stopped. [13] Disinfection Methods Removal Tools “Removal Tools” are popular solutions during large outbreaks of infection. They have advantages, such as being small, quickly downloadable, and that they are executed separately from other scans. Removal Tools are malware-specific, which is a disadvantage. Each tool will only disinfect a system of specific malware or family of malware. Another disadvantage is that often they cannot be deployed from a central location, making it nearly impossible to use them in large organizations. Real time scanners Real time scanners (also called resident scanners) provide automatic protection by Monitoring for suspicious activity while data is flowing into the computer or when a file is opened. It runs in active (resident) memory.[14] Because monitoring is done is real time, malware is able to be detected before it installs or propagates on the machine. When the scanner identifies a potential malware infection, it takes appropriate action by quarantining or deleting the program and alerting the user. On-Demand Scanners On-Demand Scanners examine the contents of the hard drive. The user can choose to examine a portion of the drive, certain types of files, for example “documents” only, or the entire drive. This type of scan is relatively slow, since every file on the machine is examined, and it tends to utilize computer resources such as memory. Once the scan is finished, additional scans will not be performed unless they have been auto-scheduled or the scanner is launched manually.
  • 10. “Cloud Based” Scanners Online scanners provide an additional option for malware detection and disinfection. Many times, when a computer is infected with malware, the existing protection is disabled, or because the network settings have been reconfigured, the anti-malware software cannot update. By utilizing an online scanner, an infected machine can be diagnosed and disinfected quickly, on-the-fly. They typically have user-friendly interfaces, do not require scheduling, updating or configuring [15]. They use very few system resources because they are running via powerful servers. They have up-to- date databases and the latest file definitions. The Related Costs of Malware Determining and balancing the cost of malware is actually an exercise in risk analysis. The first step to determining this expense, is assigning values to all information assets. The second step is to estimate the potential loss The assigned asset and loss values are then used to determine the single loss expectancy (SLE), which is defined as the expense of recovering from a single malware attack. Calculating the SLE includes a summation of the following costs: [16] The cost of purchasing/maintaining anti-malware products The ongoing cost for maintaining anti-malware ie: subscriptions for updates/other related services Assigning a value to the company's data (calculated by determining how much it would cost to restore or re-create different types of lost information, such as sales records, tax information, contact information, emails) Lost revenue Potential cost of fines and penalties for violating confidentiality/privacy agreements Loss of employee productivity Cost of repairing damaged systems Hardware overhead (all anti-malware products consume resources such as processing power, memory and disk space) Determine the annual loss expectancy (ALE) of a single malware attack based on average number of previous attacks per year
  • 11. Multiply the SLE by the ALE to determine the annual cost of malware for the business. [17] Setting a Security Budget After determining the annual cost of malware, it is crucial to plan an anti- malware budget accordingly. The figures from the above calculations will provide a rough estimation for the planned yearly expenditure for anti- malware protection. Assess the amount of risk that the company is willing to take. For example, some companies might choose to accept a higher level of risk of infection, because it’s been determined that the actual probability of attack is very low, or because the organization has lowered some risks in other ways, such as by purchasing insurance, or the use of offsite backup solutions. These calculations can be used in creating a security budget, and /or for calculating the value of the particular anti-malware tools already in place. [18] Calculators There are many risk calculators available online as shareware. They are easy to use, and will generate an estimate of various risks, using several of the variables mentioned above. One such calculator was used to estimate the financial risk for a fictitious organization of 1,000 employees. The calculator located at http://www.cmsconnect.com/Marketing/viruscalc.htm, analyzed the organizations’ workplace and email environment, (using number of employees with email access, number of minutes of email usage per employee per day, and average employee salary) along with the number of IT staff, and average salary The effects of an email malware attack in regards to salary and productivity are found as follows: It was determined that a fictitious organization of 1,000 employees earning an average e of $25/hr, and using email for approximately 30 minutes per day, would cost the company 524 hours, which translates into $13,700.00 in lost salaries per day (or $570.83 per hour)
  • 12. Conclusion: Malware is comprised of several types of harmful applications. It affects networks of all sizes, and is installed via various means, many times without a users consent or knowledge. It is costly to businesses in regard to prevention as well as recovery. Malware is no longer viewed as a prank created by script kiddies. Malware is now developed by professional programmers who are paid for their work, and is used to steal information of all kinds. New types of malware are continuously being developed in order to avoid detection. Malware is installed on systems via several methods, some of which require user interaction and some of which do not. Educating users about means such as social engineering, and phishing is a pro-active way to help carry out prevention. Disinfection methods have for the most part, been reactive, although new, proactive methods of detection and disinfection are being developed. Detection and disinfection can be costly. Risk analysis and assessment must be performed and are a necessary element in assessing the necessary expenditures that a business should prepare to incur. Creating and implementing a security budget are essential in order to protect information assets, privacy, confidentiality, and the network infrastructure.
  • 13. References 1. George Ledin, Jr, ( (February 2011 vol. 54 - 2)The Growing Harm of Not Teaching Malware, Communications of the ACM 2. Steve Lohr, January 17, 2010, Companies Fight Endless War Against Computer Attacks, NYTimes.com, retrieved 05/27/2011 from: http://www.nytimes.com/2010/01/18/technology/internet/18defend.html 3. Ilsun You, Kangbin Yim, (2010) Malware Obfuscation Techniques: A Brief Survey, ACM Digital Library, retrieved on June 07, 2011 from: https://connect.spsu.edu/plugins/dl/pdf/proceedings/bwcca/2010/4236/00/,DanaInfo=.ao skjmsE345Jn0z399v9S8A2+4236a297.pdf?template=1&loginState=2&userData=South ern%2BPolytechnic%2BState%2BUniversity%253ASouthern%2BPolytechnic%2BState %2BUniversity%253AAddress%253A%2B168.28.177.10%252C%2B%255B140.98.196 .192%252C%2B168.28.177.10%255D 4 Jerri Ledford, Social Engineering, Identity Theft, About.com retrieved on 06/30/11 from: http://idtheft.about.com/od/glossary/g/Social_Engineer.htm 5. Prague, Czech Republic (2010) Auto Run for malware: One out of every eight attacks comes via a USB device, Avast retrieved on 06/21/11 from: http://www.avast.com/pr-autorun-for-malware-one-out-of-every-eight-attacks- come-via-a-usb-device 6. Lumension Security Inc, Unruly USB: Devices Expose Networks to Malware, lumension.com 7.Ellen Messmer, (2008) Security vendors leaving 'old school' malware detection methods behind, NetworkWorld, retrieved on 06/06/11 from: http://www.networkworld.com/news/2008/121208-crystal-ball-antivirus.html 8. http://www.webopedia.com/TERM/D/dropper.html
  • 14. 9. Karl, (2010) USB Top Method for Spreading Malware, Computer TLC, retrieved on 06/21/11 from: http://computertlc.net/whats-hot/usb-top-method-for-spreading-malware 10. Abhijit Bose, Xin Hu ,Kang G. Shin,Taejoon Park, (2008) Behavioral Detection of Malware on Mobile Handsets, ACM Digital Library, retrieved on 06/16/11 from: https://connect.spsu.edu/10.1145/1380000/1378626/,DanaInfo=.adfnlzjx5HjmxL15v+p2 25- bose.pdf?ip=168.28.177.10&CFID=29653738&CFTOKEN=77369117&__acm__=13085 79214_d19c9d6878a170ad7496e95dd6796ec9 11. Ting-fang Yen, Michael K. Reiter, Traffic Aggregation for Malware Detection, ACM Digital Library, retrieved on 06/03/11 from: http://portal.acm.org/citation.cfm?id=1428337 12. Yunjing Xu, Michael Bailey, Eric Vander Weele, Farnam Jahanian CANVuS: context-aware network vulnerability scanning (2010) ACM Digital Library, retrieved on 06/18/2011 from: https://connect.spsu.edu/,DanaInfo=.apptweqFhkvJz3t+citation.cfm?id=1894166.18941 77&coll=DL&dl=GUIDE&CFID=29653738&CFTOKEN=77369117&preflayout=flat#sourc e 13. Jong Purisima and Vincent Tiu, System Disinfection, GovernmentSecurity.Org,Network Security Resources retrieved on 06/18/2011 from: htttp://www.governmentsecurity.org/forum/index.php?showtopic=276 14 http://support.kasperskyamericas.com/ 15. Pros and Cons of Free Online Virus Scanners , ProductivtyPortfolio, retrieved on 07/02/11 from: http://www.timeatlas.com/web_sites/general/pros_and_cons_of_free_online_virus_scan ners
  • 15. 16. John Edwards, April 30, 2009, Money for Nothing: The Real Cost of Malware, Focus, retrieved 06/028/11 from: http://www.focus.com/briefs/it-security/money-nothing- real-cost-malware/ 17. John Edwards, (2008) The Malware Burden, Network Security Journal,retrieved on June 28, 2011 from: http://www.networksecurityjournal.com/features/malware-burden- 012208/ 18. Balancing the cost and benefits of countermeasures, SearchSecurity.com, retrieved on June29 2011 from: http://searchsecurity.techtarget.com/feature/Balancing-the-cost- and-benefits-of-countermeasures Other References: Vinod P, V.Laxmi, M.S.Gaur, Survey on Malware Detection Methods,retrieved 06/02/11 from: http://www.security.iitk.ac.in/contents/events/workshops/iitkhack09/papers/vinod.pdf Aubrey-Derrick Schmidt · Frank Peters · Florian Lamour · Christian Scheel · Seyit Ahmet Çamtepe · ¸ Sahin Albayrak, (November 2008) Monitoring Smartphone’s for Anomaly Detection, ACM Digital Library , retrieved on 06/18/11 from: https://connect.spsu.edu/,DanaInfo=.apptweqFhkvJz3t+citation.cfm?id=1503496.15035 04&coll=DL&dl=GUIDE&CFID=29700256&CFTOKEN=40903672 Linda Musthaler, Google says the scope of drive-by malware is 'Significant' (Mar 3, 2008) Networkworld, retrieved on 06/5/2011 from: http://www.networkworld.com/newsletters/2008/0303techexec1.html