DOCSLIB.ORG

Antivirus HAX! Presented by Ehab Hussein Synapse Malware Research Team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) Saadtalaat (Egypt) Amr Thabet (Egypt)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Antivirus HAX! Presented by Ehab Hussein Synapse Malware Research Team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) Saadtalaat (Egypt) Amr Thabet (Egypt) AntiVirus HAX! Presented by Ehab Hussein Synapse Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) SaadTalaat (Egypt) Amr Thabet (Egypt) http://www.synapse-labs.com [email protected] Synapse Intro History AV Detection Techniques Bypassing Sophos :) Demo Student Bounty Challenge $$$ http://www.synapse-labs.com [email protected] Security Corporate Services Services Solution Development Trainings http://www.synapse-labs.com [email protected] Viruses don't harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky) http://www.synapse-labs.com [email protected] http://www.synapse-labs.com [email protected] – 1948 – 1966 (First theroical Approach) John von Neumann « Theory of self-reproducing automata » http://www.synapse-labs.com [email protected] – 1971 (First Worm) Robert (Bob) H. Thomas (BBN technologies) "I'm the creeper, catch me if you can!" Machine : PDP-10 System : TENEX Transport : ARPANET was the world's first operational packet switching network and the core network of a set that came to compose the global Internet. Funded by Darpa http://www.synapse-labs.com [email protected] WORM http://www.synapse-labs.com [email protected] TROJAN HORSE http://www.synapse-labs.com [email protected] – 1974/1975 (First Trojan Virus) John Walker « ANIMAL » UNIVAC 1108 http://www.synapse-labs.com [email protected] – 1982/1982 (First microcomputer Virus) Rich Skrenta « Elk Cloner » Apple II Boot Sector http://www.synapse-labs.com [email protected] BOOT SECTOR http://www.synapse-labs.com [email protected] – 1986 (First IBM-PC Virus) Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore » http://www.synapse-labs.com [email protected] – 1986 (First File Infector Virus) VirDem Ver.: 1.06 (Generation #) aktive. Ralf Burger Copyright by R.Burger « Virdem model» 1986,1987 .com Phone.: D - 05932/5451 This is a demoprogram for computerviruses. Please put in a number now. If you're right, you'll be able to continue. The number is between 0 and x http://www.synapse-labs.com [email protected] COM INFECTION http://www.synapse-labs.com [email protected] 1987 (Destructive Virus) Vienna / Lehigh / Yale / Stoned / Ping Pong Cascade (self-encrypting file virus) IBM Antivirus http://www.synapse-labs.com [email protected] 1987 Jerusalem « Infecting .EXE » Interrupt 1808(EXE) Friday 13th 1813(COM) ArabStar BlackBox BlackWindow Friday13th HebrewUniversity Israeli PLO Russian http://www.synapse-labs.com [email protected] EXE Infection http://www.synapse-labs.com [email protected] 1988 (First Internet Worm) Robert Tappan Morris « The Morris worm » Buffer Overflow 6000 infections http://www.synapse-labs.com [email protected] BUFFER OVERFLOW http://www.synapse-labs.com [email protected] 1988 (First Multipartite Virus) Ghostball EXE/COM/Boot Sector http://www.synapse-labs.com [email protected] Multipartite virus A multipartite virus is a computer virus that infects and spreads in multiple ways. The term was coined to describe the first viruses that included DOS executable files and PC BIOS boot sector virus code, where both parts are viral themselves. For a complete cleanup, all parts of the virus must be removed. http://www.synapse-labs.com [email protected] 1988 (First Polymorphic Virus) Mark Washburn & Ralf Burger « the Chameleon family » « Vienna and Cascade » 1260 http://www.synapse-labs.com [email protected] Polymorphism http://www.synapse-labs.com [email protected] 1995 (First Macro Virus) « Concept » Sub MAIN REM That's enough to prove my point End Sub http://www.synapse-labs.com [email protected] Macro Virus Macro is a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened http://www.synapse-labs.com [email protected] 1998 Chen Ing Hau CIH v1 « Chernobyl / Spacefiller » overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system BIOS. http://www.synapse-labs.com [email protected] 1999 (Year of the worms) Jan 20: Happy99 worm (emails) (Spanska) March 26: Melissa worm (Microsoft Word/ Outlook) June 06: ExploreZip worm(Microsoft Office documents) December 30: Kak worm (Javascript worm / Outlook Express bug) http://www.synapse-labs.com [email protected] 2000 (The most damaging worm ever) « ILOVEYOU worm (VBS/Loveletter) » VBScript http://www.synapse-labs.com [email protected] 2000 (The year of Exploits) Mai : Sadmind worm (Sun Solaris / Microsoft IIS) Juillet : Code Red worm (Microsoft IIS indexing) Septembre : Nimda worm (Windows/Code Red / Sadmind) Octobre : Klez worm (MS IE / MS Outlook / Outlook Express) http://www.synapse-labs.com [email protected] 2002 (Metamorphic virus) Mental Driller « Win32/Simile » (Etap / MetaPHOR) 90% metamorphose May 14 / System locale http://www.synapse-labs.com [email protected] METAMORPHIC VIRUS metamorphic code is code that can reprogram itself. Often, it does this by translating its own code into a temporary representation, editing the temporary representation of itself, and then writing itself back to normal code again. This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes. This is used by some viruses when they are about to infect new files, and the result is that the "children" will never look like their "parents". http://www.synapse-labs.com [email protected] 2002/2003 (Rise of the RAT & Trojans) a RAT, or remote access trojan (sometimes remote administration tool) is a program that listens for and accepts connections from a remote 3rd party and carries out the commands that 3rd party gives it... Beast (Delphi) Optix Pro Graybird ProRat http://www.synapse-labs.com [email protected] 2004 (First Webworm) « Santy » - Target : phpbb forums - 40 000 sites infections http://www.synapse-labs.com [email protected] 2006 (First ever Mac OS X virus) « OSX/Leap-A or OSX/Oompa-A » Lan worm Bonjour Protocol (iChat buddy list) http://www.synapse-labs.com [email protected] 2007 « ZEUS » (drive-by downloads /phishing) June 2009 : 74,000 FTP 3.6 million infections in USA 28 Oct.2009 : 1.5 million messages phishing on facebook 14/15 Nov. 2009 : 9 million emails infected(Verizon Wireless) Credits cards of 15 banks compromised 1 Oct.2010 : FBI / 70 millions $ and 90 arrests May.2011 : source code release http://www.synapse-labs.com [email protected] 2007 (Mise a pirx : 250 000 $) « Conflicker » NetBIOS Exploits MS08-067 http://www.synapse-labs.com [email protected] BOTNET http://www.synapse-labs.com [email protected] Cyber Weapons !!!!! 2010 : STUXNET Destructive (targets industrial systems) 2011 : Duqu NON Destructive (targets industrial systems to gather information that could be useful in attacking) http://www.synapse-labs.com [email protected] AntiViruses http://www.synapse-labs.com [email protected] Possibly the first publicly documented removal of a computer virus in the wild was performed by Bernd Fix in 1987 Enough Said... http://www.synapse-labs.com [email protected] Detections http://www.synapse-labs.com [email protected] Signature Based Detection http://www.synapse-labs.com [email protected] Behaviour Based Detection http://www.synapse-labs.com [email protected] Normalization http://www.synapse-labs.com [email protected] What About rootkits Signature-Based File Integrity Monitoring (ex: Tripwire) Hooking Detection Network-Based Detection Heuristics-Based Detection http://www.synapse-labs.com [email protected] Lets Bypass That AV #Demo http://www.synapse-labs.com [email protected] 1- Locate the signature : in our case we have : A- the signature turko 0x00003F87 0x00000005 0x00004343 0x00000005 0x000044EF 0x00000005 0x0002E754 0x00000005 0x0002E76C 0x00000005 0x0002E78F 0x00000005 http://www.synapse-labs.com [email protected] B- the Starting of the MZ file to be dropped the MZ signature starts from 37D64 : MZP before the MZP there is another signature in unicode starting at 37D1A it starts the unicode string DENAME http://www.synapse-labs.com [email protected] 2- Patching the signature : A- the signature turko All what we can do is change some chars to capital letters (playing with case) for all the patterns found B- we need to encrypt the signature starting from 37D1A (43F11A in debugger) from Hexworkshop we load the exe and we go to the address 37D1A (43F11A in debugger) we select from there till the end of the file (approx 0xBC6E bytes) we go to tools/operations and we make some encryption for example : Add 20 Xor 27 http://www.synapse-labs.com [email protected] now back to debugger, we load the exe then we go to DATA section at address 43F11A : we select the following part : 0043F11A 44 00 45 00 4E 00 45 00 D.E.N.E. 0043F122 4D 00 45 00 06 00 44 00 M.E..D. 0043F12A 56 00 43 00 4C 00 41 00 V.C.L.A. 0043F132 4C 00 03 00 45 00 44 00 L..E.D. 0043F13A 54 00 0B 00 50 00 41 00 T..P.A. 0043F142 43 00 4B 00 41 00 47 00 C.K.A.G. 0043F14A 45 00 49 00 4E 00 46 00 E.I.N.F. 0043F152 4F 00 07 00 52 00 4F 00 O..R.O. 0043F15A 4F 00 54 00 4B 00 49 00 O.T.K.I. 0043F162 54 00 4D 5A 50 T.MZP we put a breakpoint on memory on access We run the exe, the breakpoint will be hit at the following instruction : 7C9350C0 0FB706 MOVZX EAX,WORD PTR DS:[ESI] http://www.synapse-labs.com [email protected] we can see it's in NTDLL.DLL, we look into the stack and we search for the return address to our binary so we locate the original call addres we find the following in the stack : 0012FF00 |00403EC9 É>@.
Load more

Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Chapter 3: Viruses, Worms, and Blended Threats
    Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57
    [Show full text]
  • IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions
    IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem.
    [Show full text]
  • Reversing Malware [Based on Material from the Textbook]
    SoftWindows 11/23/05 Reversing Malware [based on material from the textbook] Reverse Engineering (Reversing Malware) © SERG What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Reverse Engineering (Reversing Malware) © SERG Reversing Malware • Revering is the strongest weapon we have against the creators of malware. • Antivirus researchers engage in reversing in order to: – analyze the latest malware, – determine how dangerous the malware is, – learn the weaknesses of malware so that effective antivirus programs can be developed. Reverse Engineering (Reversing Malware) © SERG Distributed Objects 1 SoftWindows 11/23/05 Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Reverse Engineering (Reversing Malware) © SERG Typical Purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Reverse Engineering (Reversing Malware) © SERG Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Reverse Engineering (Reversing Malware) © SERG Distributed Objects 2 SoftWindows 11/23/05 Viruses • Viruses are self-replicating programs that usually have a malicious intent.
    [Show full text]
  • Topics in Malware What Is Malware?
    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Metamorphic viruses • Instead of encrypting the program’s body and making slight alterations in the decryption engine, alter the entire program each time it is replicated. • This makes it extremely difficult for antivirus writers to use signature-matching techniques to identify malware. • Metamorphism requires a powerful code analysis engine that needs to be embedded into the malware. Metamorphic viruses: Operation • Metamorphic engine scans the code and generates a different version of it every time the program is duplicated. • The metamorphic engine performs a wide variety of transformations on the malware and on the engine itself.
    [Show full text]
  • Computer Virus Tutorial
    Computer Virus Tutorial Computer Virus Tutorial License Copyright 1996-2005, Computer Knowledge. All Rights Reserved The Computer Knowledge Virus Tutorial is a copyright product of Computer Knowledge. It also contains copyrighted material from others (used with permission). Please honor the copyrights. Read the tutorial, learn from the tutorial, download and run the PDF version of the tutorial on your computer, link to the tutorial. But, please don't copy it and claim it as your own in whole or part. The PDF version of the Computer Knowledge Virus Tutorial is NOT in the public domain. It is copyrighted by Computer Knowledge and it and all accompanying materials are protected by United States copyright law and also by international treaty provisions. The tutorial requires no payment of license fees for its use as an educational tool. If you are paying to use the tutorial please advise Computer Knowledge (PO Box 5818,www.co-bw.com Santa Maria, CA 93456 USA). Please provide contact information for those charging the fee; even a distribution fee. License for Distribution of the PDF Version No royalties are required for distribution. No fees may be charged for distribution of the tutorial. You may not use, copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program except as provided in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license. In no case may this product be bundled with hardware or other software without written permission from Computer Knowledge (PO Box 5818, Santa Maria, CA 93456 USA).
    [Show full text]
  • INFOSEC UPDATE 2001 Student Workbook Norwich University Eprotectit Conference March 21-22, 2001
    INFOSEC UPDATE 2001 Student Workbook Norwich University eProtectIT Conference March 21-22, 2001 M. E. Kabay, PhD, CISSP Security Leader, AtomicTangerine, Inc. [email protected] Category 11 Breaches of confidentiality Page 1 Copyright © 2001 M. E. Kabay. All rights reserved. INFOSEC UPDATE WORKSHOP -- March 20-21, 2001 11 Breaches of confidentiality 2000-02-06 Keywords: bank financial system leak confidentiality windfall investors market RISKS Vol 20 # 78 An error at the Reserve Bank of Australia caused e-mail to be sent to 64 subscribers of the bank's alert service informing them of a planned 0.5% increase in the prime interest rate. However, the message was sent out six minutes early, allowing some of those traders to sell A$3B of treasury bill and bond futures -- and making some people a great deal of money. 2000-02-06 Keywords: confidentiality human factors workstations home computer Web browsing RISKS, New York Times <http://www.nytimes.com/yr/mo/day/news/washpol/cia-impeach- deutch.html > Vol 20 # 78 The former director of the CIA, John Deutch, kept thousands of highly classified documents on his unsecured home Macintosh computer. Critics pointed out that the system was also used for browsing the Web, opening the cache of documents up to unauthorized access of various kinds. Category 11 Breaches of confidentiality Page 2 Copyright © 2001 M. E. Kabay. All rights reserved. INFOSEC UPDATE WORKSHOP -- March 20-21, 2001 2000-02-20 Keywords: confidentiality Web site RISKS, CNet < http://news.cnet.com/category/0-1005-200-1550948.html > Vol 20 # 80 H&R Block had to shut down its Web-based online tax-filing system after the financial records of at least 50 customers were divulged to other customers.
    [Show full text]
  • Computer Viruses--A Form of Artificial Life?
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Purdue E-Pubs Purdue University Purdue e-Pubs Department of Computer Science Technical Reports Department of Computer Science 1990 Computer Viruses--A Form of Artificial Life? Eugene H. Spafford Purdue University, [email protected] Report Number: 90-985 Spafford, Eugene H., "Computer Viruses--A Form of Artificial Life?" (1990). Department of Computer Science Technical Reports. Paper 837. https://docs.lib.purdue.edu/cstech/837 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. COMPUTER YmUSES-A FORM OF ARTIFICIAL LIFE? Eugene H. Spalford CSD·TR·985 June 1990 Computer Viruses-A Form of Artificial Life? * Technical Repor~ CSD-TR-985 Eugene H. SpaJford Software Engineering Research Center Department of Computer Science Purdue University West Lafayette, Indiana 47907-2004 (317) 494-7825 [email protected] June 8, 1990 1 Introduction There has been con5id~rable interest of late in computer viruses. One aspect of this interest has been to ask if computer viruses are a form of artificial life, and what that might imply. This paper is a condensed, high-Ievell' description ofcomputer viruses­ their history, structure, and how they relate to some properties that might derme artificial life. It provides a general introduction to the topic without requiring an extensive background in computer science. The interested reader might pursue [9, I, 2] and [5] for more detail about computer viruses and their properties. The description in this paper of the origins of computer viruses and their structure is taken from [9].
    [Show full text]
  • Virus Bulletin, February 2000
    ISSN 0956-9979 FEBRUARY 2000 THE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Francesca Thorneloe CONTENTS Technical Consultant: Fraser Howard Technical Editor: Jakub Kaminski COMMENT Media: Insight or Incitement? 2 Consulting Editors: VIRUS PREVALENCE TABLE 3 Nick FitzGerald, Independent consultant, NZ Ian Whalley, IBM Research, USA NEWS Richard Ford, Independent consultant, USA 1. Sunshine Conference 3 Edward Wilding, Maxima Group Plc, UK 2. Nothing if not Predictable 3 3. Feeding the Hand that Bites? 3 4. CD-ing is Believing 3 IN THIS ISSUE: LETTERS 4 • Happy Birthday Virus Bulletin! VB’s annual conference VIRUS ANALYSES is ten years old this year. Information about where, what, 1. Digital Rivers of Babylonia 6 how and who can be found on p.3. 2. Cryptomaniac 8 • How DOS your scanner rate? Thirteen FEATURE SERIES products line up in this month’s Comparative – starting on p.16 – competing for the first 1. Malware Do You Want To Go Today? Part 2 10 VB 100% awards of the new millennium. 2. Lotus Notes and Email Risks – Part 2 12 • New and Improved? Two recently discovered Windows INSIGHT file viruses are examined to reveal ever more complex Nick, Nick – Who’s There? 14 infection methods. Our analyses start on p.6. COMPARATIVE REVIEW Prescribing the Right DOS 16 OVERVIEW Exchange of Ideas 22 END NOTES AND NEWS 24 VIRUS BULLETIN ©2000 Virus Bulletin Ltd, The Pentagon, Abingdon, Oxfordshire, OX14 3YP, England. www.virusbtn.com /2000/$0.00+2.50 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form without the prior written permission of the publishers.
    [Show full text]
  • The Ultimate Cybersecurity Guide for the It Professional
    THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC.
    [Show full text]
  • Malware Slides
    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Viruses • Viruses are self-replicating programs that usually have a malicious intent. • Old fashioned type of malware that has become less popular since the widespread use of the Internet. • The unique aspect of computer viruses is their ability to self-replicate. • However, someone (e.g., user) must execute them in order for them to propagate. Viruses (Cont’d) • Some viruses are harmful (e.g.,): – delete valuable information from a computer’s disk, – freeze the computer. • Other viruses are harmless (e.g.,): – display annoying messages to attract user attention, – just replicate themselves.
    [Show full text]
  • Virus Bulletin, March 2000
    ISSN 0956-9979 MARCH 2000 THE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Francesca Thorneloe CONTENTS Technical Consultant: Fraser Howard Technical Editor: Jakub Kaminski COMMENT What Support Technicians Really, Really Want 2 Consulting Editors: NEWS & VIRUS PREVALENCE TABLE 3 Nick FitzGerald, Independent consultant, NZ Ian Whalley, IBM Research, USA LETTERS 4 Richard Ford, Independent consultant, USA VIRUS ANALYSES Edward Wilding, Maxima Group Plc, UK 1. 20/20 Visio 6 2. Kak-astrophic? 7 IN THIS ISSUE: OPINION Add-in Insult to Injury 8 • Limited editions: Make sure you don’t miss out on the chance to own one of Virus Bulletin’s 10 year anniversary EXCHANGE T-shirts. Details of how to order and pay are on p.3. Hollow Vic-tory 10 • Is it a bird? Is it a plane? Our corporate case study this CASE STUDY month comes from Boeing’s Computer Security Product Boeing all the Way 12 Manager, starting on p.12. FEATURE • Denial of service with a smile: Nick FitzGerald explains the latest menace and what you can or cannot do to avoid it, The File Virus Swansong? 15 starting on p.16. TUTORIAL • Exchange & mark: We kick off our new series of What DDoS it all Mean? 16 groupware anti-virus product reviews with GroupShield for Exchange on p.20. OVERVIEW Testing Exchange 18 PRODUCT REVIEWS 1. FRISK F-PROT v3.06a 19 2. NAI GroupShield v4.04 for Exchange 20 END NOTES AND NEWS 24 VIRUS BULLETIN ©2000 Virus Bulletin Ltd, The Pentagon, Abingdon, Oxfordshire, OX14 3YP, England. www.virusbtn.com /2000/$0.00+2.50 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form without the prior written permission of the publishers.
    [Show full text]