“To Improve the System Security from Viruses”
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Chapter 3: Viruses, Worms, and Blended Threats
Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57 -
IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions
IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem. -
Reversing Malware [Based on Material from the Textbook]
SoftWindows 11/23/05 Reversing Malware [based on material from the textbook] Reverse Engineering (Reversing Malware) © SERG What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Reverse Engineering (Reversing Malware) © SERG Reversing Malware • Revering is the strongest weapon we have against the creators of malware. • Antivirus researchers engage in reversing in order to: – analyze the latest malware, – determine how dangerous the malware is, – learn the weaknesses of malware so that effective antivirus programs can be developed. Reverse Engineering (Reversing Malware) © SERG Distributed Objects 1 SoftWindows 11/23/05 Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Reverse Engineering (Reversing Malware) © SERG Typical Purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Reverse Engineering (Reversing Malware) © SERG Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Reverse Engineering (Reversing Malware) © SERG Distributed Objects 2 SoftWindows 11/23/05 Viruses • Viruses are self-replicating programs that usually have a malicious intent. -
Topics in Malware What Is Malware?
Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Metamorphic viruses • Instead of encrypting the program’s body and making slight alterations in the decryption engine, alter the entire program each time it is replicated. • This makes it extremely difficult for antivirus writers to use signature-matching techniques to identify malware. • Metamorphism requires a powerful code analysis engine that needs to be embedded into the malware. Metamorphic viruses: Operation • Metamorphic engine scans the code and generates a different version of it every time the program is duplicated. • The metamorphic engine performs a wide variety of transformations on the malware and on the engine itself. -
Slide Credit: Vitaly Shmatikov
Malware: Botnets, Viruses, and Worms Damon McCoy Slide Credit: Vitaly Shmatikov slide 1 Malware u Malicious code often masquerades as good software or attaches itself to good software u Some malicious programs need host programs • Trojan horses (malicious code hidden in a useful program), logic bombs, backdoors u Others can exist and propagate independently • Worms, automated viruses u Many infection vectors and propagation methods u Modern malware often combines trojan, rootkit, and worm functionality slide 2 PUP u Potentially unwanted programs • Software the user agreed to install or was installed with another wanted program but is, spyware, adware slide 3 Viruses vs. Worms VIRUS WORM u Propagates by u Propagates infecting other automatically by programs copying itself to target systems u Usually inserted into u A standalone program host code (not a standalone program) slide 5 “Reflections on Trusting Trust” u Ken Thompson’s 1983 Turing Award lecture 1. Added a backdoor-opening Trojan to login program 2. Anyone looking at source code would see this, so changed the compiler to add backdoor at compile- time 3. Anyone looking at compiler source code would see this, so changed the compiler to recognize when it’s compiling a new compiler and to insert Trojan into it u “The moral is obvious. You can’t trust code you did not totally create yourself. (Especially code from companies that employ people like me).” slide 6 Viruses u Virus propagates by infecting other programs • Automatically creates copies of itself, but to propagate, a human -
Computer Viruses--A Form of Artificial Life?
View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Purdue E-Pubs Purdue University Purdue e-Pubs Department of Computer Science Technical Reports Department of Computer Science 1990 Computer Viruses--A Form of Artificial Life? Eugene H. Spafford Purdue University, [email protected] Report Number: 90-985 Spafford, Eugene H., "Computer Viruses--A Form of Artificial Life?" (1990). Department of Computer Science Technical Reports. Paper 837. https://docs.lib.purdue.edu/cstech/837 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. COMPUTER YmUSES-A FORM OF ARTIFICIAL LIFE? Eugene H. Spalford CSD·TR·985 June 1990 Computer Viruses-A Form of Artificial Life? * Technical Repor~ CSD-TR-985 Eugene H. SpaJford Software Engineering Research Center Department of Computer Science Purdue University West Lafayette, Indiana 47907-2004 (317) 494-7825 [email protected] June 8, 1990 1 Introduction There has been con5id~rable interest of late in computer viruses. One aspect of this interest has been to ask if computer viruses are a form of artificial life, and what that might imply. This paper is a condensed, high-Ievell' description ofcomputer viruses their history, structure, and how they relate to some properties that might derme artificial life. It provides a general introduction to the topic without requiring an extensive background in computer science. The interested reader might pursue [9, I, 2] and [5] for more detail about computer viruses and their properties. The description in this paper of the origins of computer viruses and their structure is taken from [9]. -
Antivirus HAX! Presented by Ehab Hussein Synapse Malware Research Team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) Saadtalaat (Egypt) Amr Thabet (Egypt)
AntiVirus HAX! Presented by Ehab Hussein Synapse Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) SaadTalaat (Egypt) Amr Thabet (Egypt) http://www.synapse-labs.com [email protected] Synapse Intro History AV Detection Techniques Bypassing Sophos :) Demo Student Bounty Challenge $$$ http://www.synapse-labs.com [email protected] Security Corporate Services Services Solution Development Trainings http://www.synapse-labs.com [email protected] Viruses don't harm, ignorance does! « The Evolution of malware within the last ten years is described by the evolution of people who develop that » (Eugene kaspersky) http://www.synapse-labs.com [email protected] http://www.synapse-labs.com [email protected] – 1948 – 1966 (First theroical Approach) John von Neumann « Theory of self-reproducing automata » http://www.synapse-labs.com [email protected] – 1971 (First Worm) Robert (Bob) H. Thomas (BBN technologies) "I'm the creeper, catch me if you can!" Machine : PDP-10 System : TENEX Transport : ARPANET was the world's first operational packet switching network and the core network of a set that came to compose the global Internet. Funded by Darpa http://www.synapse-labs.com [email protected] WORM http://www.synapse-labs.com [email protected] TROJAN HORSE http://www.synapse-labs.com [email protected] – 1974/1975 (First Trojan Virus) John Walker « ANIMAL » UNIVAC 1108 http://www.synapse-labs.com [email protected] – 1982/1982 (First microcomputer Virus) Rich Skrenta « Elk Cloner » Apple II Boot Sector http://www.synapse-labs.com [email protected] BOOT SECTOR http://www.synapse-labs.com [email protected] – 1986 (First IBM-PC Virus) Basit & Amjad Farooq Alvi « Brain Boot Sector » « Pakistan Flu » « Lahore » http://www.synapse-labs.com [email protected] – 1986 (First File Infector Virus) VirDem Ver.: 1.06 (Generation #) aktive. -
The Ultimate Cybersecurity Guide for the It Professional
THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC. -
Malware Slides
Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Viruses • Viruses are self-replicating programs that usually have a malicious intent. • Old fashioned type of malware that has become less popular since the widespread use of the Internet. • The unique aspect of computer viruses is their ability to self-replicate. • However, someone (e.g., user) must execute them in order for them to propagate. Viruses (Cont’d) • Some viruses are harmful (e.g.,): – delete valuable information from a computer’s disk, – freeze the computer. • Other viruses are harmless (e.g.,): – display annoying messages to attract user attention, – just replicate themselves. -
Studying and Classification of the Most Significant Malicious Software
Studying and Classification of the Most Significant Malicious Software Dr. Wajeb GHARIBI, Computer Science & Information Systems College, Jazan University, Jazan, KSA. [email protected] Abstract—As the cost of information processing and Internet University, this grandfather of modern computer virology, accessibility falls, most organizations are becoming demonstrated a virus-like program on a VAX11/750 increasingly vulnerable to potential cyber threats which its system[2]. rate has been dramatically increasing every year in recent times. Nevertheless, the idea for computer viruses actually appeared much earlier. Many consider the starting point to In this paper, we study, discuss and classify the most be the work of John Von Neumann in his studies on self- significant malicious software: viruses, Trojans, worms, reproducing mathematical automata, famous in the 1940s. adware and pornware which have made step forward in the By 1951, Neumann had already proposed methods for science of Virology. demonstrating how to create such automata. In 1959, the Keywords: Informatics; information Security; Virolog; British mathematician Lionel Penrose presented his view Cyber threats. on automated self-replication in his Scientific American article 'Self-Reproducing Machines'. Unlike Neumann, I. INTRODUCTION Penrose described a simple two dimensional model of this Nowadays, there is a huge variety of cyber threats that structure which could be activated, multiply, mutate and can be quite dangerous not only for big companies but also attack. Shortly after Penrose's article appeared, Frederick for ordinary user, who can be a potential victim for G. Stahl reproduced this model in machine code on an IBM cybercriminals when using unsafe system for entering 650 [3]. -
Computer Virus
Computer virus From Wikipedia, the free encyclopedia Jump to: navigation, search Not to be confused with Worm (software) or Trojan Horse (computing). Hex dump of the Blaster virus, showing a message left for Microsoft CEO Bill Gates by the virus programmer A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected".[1][2][3] Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, or logging their keystrokes. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent. Virus writers use social engineering and exploit detailed knowledge of security vulnerabilities to gain access to their hosts' computing resources. The vast majority of viruses (over 99%) target systems running Microsoft Windows,[4][5][6] employing a variety of mechanisms to infect new hosts,[7] and often using complex anti-detection/stealth strategies to evade antivirus software.[8][9][10][11] Motives for creating viruses can include seeking profit, desire to send a political message, personal amusement, to demonstrate that a vulnerability exists in software, for sabotage and denial of service, or simply because they wish to explore artificial life and evolutionary algorithms.[12] Computer viruses currently cause billions of dollars worth of economic damage each year,[13] due to causing systems failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. -
Computer Virus –“Knowing It All” Bnmqwertyuiopasdfghjklzxcvbnmqwe What-Why-When and How: All About Rtyuiopasdfghjklzxcvbnmqwertyuiopacomputer Viruses
Qwertyuiopasdfghjklzxcvbnmqwertyu iopasdfghjklzxcvbnmqwertyuiopasdfg hjklzxcvbnmqwertyuiopasdfghjklzxcv Computer virus –“Knowing it All” bnmqwertyuiopasdfghjklzxcvbnmqwe What-Why-When and How: all about rtyuiopasdfghjklzxcvbnmqwertyuiopaComputer Viruses. sdfghjklzxcvbnmqwertyuiopasdf[Feb-2010] ghjklz xcvbnmqwertyuiopasdfghjklzxcvbnmq [For Contact: Look Around] wertyuiopasdfghjklzxcvbnmqwertyuio pasdfghjklzxcvbnmqwertyuiopasdfghj klzxcvbnmqwertyuiopasdfghjklzxcvbn mqwertyuiopasdfghjklzxcvbnmqwerty uiopasdfghjklzxcvbnmqwertyuiopasdf ghjklzxcvbnmqwertyuiopasdfghjklzxc vbnmqwertyuddfsiopasdfghjklzxcvbn mrtyuiopasdfghjklzxcvbnmqwertyuio” “[email protected]”bn mqwertyuiopasdfghjklzxcvbnmqwerty uiopasdfghjklzxcvbnmqwertyuiopasdf ghjklzxcvbnmqwertyuiopasdfghjklzxc All about Computer Viruses. Computer virus “Knowing it All” A computer virus- is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. As stated above, the