Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Malicious Software A Technical B Breakdown

advertisement 
Malicious Software
A Technical B
Breakdown
Josh Mc
cCune
Network Secu
urity Analyst
mccunej@ksu.edu
Overrview
•
•
•
•
•
Types of Malware
How does it get there?
?
How do we find it?
How do we analyze it?
?
How do we contain it?
Malware Definitions
D
• Spyware
S
o
o
o
Gathers information for advertisement
a
purposes
Sometimes called adwarre
Created by businesses th
hat want to know their
customers' browsing hab
customers
bits
Malware Definitions
D
• Viruses / Worms
Self-replicating
applications
o Created by malicious
programmers for a varietty
of nefarious purposes
o
Malware Definitions
D
• Remote Access Trojans
o
o
Server app
plications that operate covertly
Created byy malicious programmers to
give them a means to get back in to a
system oncce compromised
Malware Definitions
D
• Rootkits
Hard to detect
Created by programmerss
with advanced knowledg
ge
of system internals
o Known to run for years
unnoticed
o
o
Attack Vectors
V
• Email & attachments
• Deception (Social Engin
neering)
• Web Pages
• Malicious Scripts
• Counterfeit Websites
• Browser vulnerabilities (drive
e-by exploits)
•
•
•
•
Scareware
Worms
Instant Messaging
P2P File Sharing Netwo
orks
Common Malw
ware Activities
• S
Spam
• Denial of Service Attacks
s
• Information
I f
ti Stealing
St li
• Account Numbers
• Credentials
• Keyloggers
•
•
•
•
Network scanning
Infect Peers
Illegal P2P file distributio
on
Pop-up advertisements
Useful Ana
alysis Tools
• Virustotal
• http://virusustotal.com
• Sandbox Applications
•
•
•
•
Anubis - http://anubis.iseclab.org/
Joebox - http://joebox.org/
CWSandbox - http://cwsandb
box.org/
ThreatExpert – http://threatexpert.com/
• Deobfuscators
• Wepawet – http://wepawet.ise
eclab.org/
JJavascript
i tD
bfuscation
ti Example
E
l
Deobfu
Infection Symptoms
S
•
•
•
•
•
•
Slow system performa
ance
Home page hijacking
Excessive pop-up
pop up adss
Crashes
Some websites don't
don t work
w
(Antivirus sites)
Unexplained hard driv
ve activity
Containment
• Remove the system from
f m the network
• If the system contains se
ensitive data, STOP!
o Call
C ll your IInformation
f
ti S
Security
it Offi
Officer
• Back-up critical data to external
e
storage
• Reformat
R f
t Hard
H dD
Drive
i
• Reinstall Operating Syste
em
Malware Demonstration
Related documents
1. Overview of a Computer System
1. Overview of a Computer System
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
sample_cato_cust_ed
sample_cato_cust_ed
ASSIGNMENT
ASSIGNMENT
alert analysis using NIST framework
alert analysis using NIST framework
What is Malware and How can it be Prevented
What is Malware and How can it be Prevented
NETWORKSECURITY
NETWORKSECURITY
CompTiaa Security Plus Prep
CompTiaa Security Plus Prep
Advisory-10-2016
Advisory-10-2016
Virtual Worlds - Cyberspace Law and Policy Centre
Virtual Worlds - Cyberspace Law and Policy Centre
University of Wisconsin - Stout Protecting Against Mobile Malware
University of Wisconsin - Stout Protecting Against Mobile Malware
PCs ENVIRONMENT and PERIPHERALS Lecture 10
PCs ENVIRONMENT and PERIPHERALS Lecture 10
Course Project Cyber Security 19ECSE401
Course Project Cyber Security 19ECSE401
1. Purpose
1. Purpose
Computer
Computer
CSCI - midterm study guide
CSCI - midterm study guide
Metamorphic Malware detection using Nonnegative Matrix Factorization
Metamorphic Malware detection using Nonnegative Matrix Factorization
BBCy LC Q319 CylancePROTECT Data Sheet
BBCy LC Q319 CylancePROTECT Data Sheet
IRJET-Secured Analysis of Android Applications using Permission Accessing System
IRJET-Secured Analysis of Android Applications using Permission Accessing System
Making Smart Decisions in Cyber and Information War Paulo Shakarian CySIS
Making Smart Decisions in Cyber and Information War Paulo Shakarian CySIS
Week 1 -1st Sem
Week 1 -1st Sem
Basic Dynamic Malware Analysis Techniques
Basic Dynamic Malware Analysis Techniques
Download
advertisement