Malicious SoftwareObjectivesMalicious Software = MalwareScripting LanguageVirusMichelangelo VirusWormsBenjamin WormCode Red wormSlide 10Trojan HorsesStorm TrojanSpywareAdwareMalware PreventionMalware ProtectionMalware lawsSlide 18ExamplesSlide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27SummaryQuestionsSlide 30SourcesMalicious SoftwareAll your bytes are belong to me.Omar HemmaliJan 13, 2019Omar Hemmali - Malicious Software ObjectivesDefine Malicious Software and some relevant termsDefine and explain some of the types of Malicious SoftwareTalk about how we can get Malicious SoftwareTalk about ways to prevent transfer of Malicious SoftwareTalk about Malicious Software LawsShow a few examplesOmar Hemmali - Malicious Software Malicious Software = MalwareA catch-all term to refer to any software designed to cause undesirable effects or damage to a single computer, server or computer network.Bug = Malware?Viruses, Worms, Trojan Horses, Spyware, AdwareHigh Level, Assembly, ScriptOmar Hemmali - Malicious Software Scripting LanguageA programming language that mimics user interaction with a computer.Very easy to use.More later.Omar Hemmali - Malicious Software VirusA segment of code designed to attach to another file, run when the file is executed, and have a mechanism to replicate itself.Needs a host.User must spread the virus.Omar Hemmali - Malicious Software Michelangelo VirusDiscovered April 1991Activates on March 6thChanges MBRInfects DisksIntel LANSpoolOmar Hemmali - Malicious Software WormsScripts designed to create an undesired effect and replicate.Worm = Virus?No host – Self containedInternet Connectivity greatly help the spread of wormsOmar Hemmali - Malicious Software Benjamin WormSpread through File Sharing ProgramsUser thinks they are getting a movie or songFile is actually the worm with dummy bytesCreates multiple copies with names of popular filesTakes a lot of hard drive spaceOmar Hemmali - Malicious Software Code Red wormDiscovered July 2001Infected 300,000+ machines in 14 hoursOmar Hemmali - Malicious Software Code Red wormExploited a flaw in Microsoft’s Internet Information Server (IIS) softwareRequired no user interactionOnly a network connectionCompiled a list of IP addresses and then attacked themOmar Hemmali - Malicious Software Trojan HorsesMasquerades as a program the user wants or finds interestingCreates a security hole so that the attacker may gain control later onSometimes used as a method of implanting another form of malwareOmar Hemmali - Malicious Software Storm TrojanDiscovered January 17, 2007Sent as an email with a fictitious news story as the subjectContains program with name similar to subjectJoins the Storm botnet structured like a peer-to-peer networkEach node is connected to 30-35 other nodesUtilizes some of the infected machines to send spam messages containing the TrojanOmar Hemmali - Malicious Software SpywareInstalled without user knowledge or consent and monitors user activities.This is used for advertising and monitoring, or to sell to another party.Considered invasion of privacySlows down the computer significantlyOmar Hemmali - Malicious Software AdwareUsers consider malicious, legally isn’t.Present ads catered to users surfing habitsConsidered invasion of privacyUser must agree to have adware installed usually bundled with sponsored software.Omar Hemmali - Malicious Software Malware PreventionOunce of prevention is worth a ton of cureStay away from illegally shared filesNot worth the hassle of losing valuable data to identity thievesNot worth the jail time eitherOmar Hemmali - Malicious Software Malware ProtectionALWAYS get the latest security updatesCode Red could have been preventedKeep Anti-Virus / Anti-Spyware runningKeep a software Firewall runningOmar Hemmali - Malicious Software Malware lawsDeveloping viruses, worms, Trojans, and spyware for distribution is illegal. Period.Florida Statute §815.06 outlines what constitutes illegal activityOmar Hemmali - Malicious Software Malware lawsSoftware cannot destroy, injure, damage, disrupt, deny, or cause to deny service of a computer. 3rd degree felonyAbove and damage exceeds $5,000. 2nd degree felonyAbove and endangers a human life. 1st degree felonyOmar Hemmali - Malicious Software ExamplesOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious SoftwareOmar Hemmali - Malicious Software SummarySubtle differences between viruses, worms, and TrojansSpyware and Adware are annoyingPrevention is easier than fixingEasy to protect yourselfOmar Hemmali - Malicious Software QuestionsWhat is one way to protect yourself from malicious software?What was one of the viruses/worms/Trojans discussed?Omar Hemmali - Malicious SoftwareOmar Hemmali - Malicious Software SourcesFundamentals of Network SecurityBy Eric
View Full Document