1 / 24

INTRODUCTION TO COMPUTING

INTRODUCTION TO COMPUTING. Malware, Grayware & Protection. Malware, Grayware & Protection. OBJECTIVE:. Understand the terms Malware & Grayware Describe the various kinds of Malware & Grayware Explain the life Cycle of Malware Understand why people create viruses?

jace
Télécharger la présentation

INTRODUCTION TO COMPUTING

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTRODUCTION TO COMPUTING

  2. Malware, Grayware & Protection

  3. Malware, Grayware & Protection OBJECTIVE: • Understand the terms Malware & Grayware • Describe the various kinds of Malware & Grayware • Explain the life Cycle of Malware • Understand why people create viruses? • Describe the techniques used to protect a computer system from • Malware & Grayware • Understand Cell Phone Viruses and Protection

  4. Malware, Grayware & Protection Protection from Malware & Grayware

  5. Malware, Grayware & Protection 1.0 MALWARE • Malware is a combination of two words: Malicious & Software • A malware is a program that performs unexpected or unauthorized, but always malicious, actions. • Malware is designed to infiltrate or damage a computer system without the owner’s informed consent. • Malware is also sometimes known as Badware or Computer Contaminant • Malware should not be confused with Defective Software • Computer users still use Virus as a jargon for Malware 1.1 Virus A computer virus is a computer program that has the unique ability to replicate and can infect a computer without permission or knowledge of the user 1.1.1 Replication Strategies Viruses can be divided into two categories on the basis of their behavior when a user executes an infected program:

  6. Malware, Grayware & Protection 1.1.1.a Non-Resident Viruses These viruses immediately search for other hosts that can be infected, infect these targets and finally transfer the control to that program they infected 1.1.1.b Resident Viruses These viruses do not search for the host, instead a resident virus loads itself into the memory on execution and transfer control to host program. 1.1.2 Classification of Viruses Viruses are classified into number of types based on their features: 1.1.2.a Macro Viruses A macro virus is written in a scripting language for programs like word & excel and spread by infecting documents & spreadsheets. A macro virus is platform independent (Relax, Mellisa.A, Bablas.) 1.1.2.b Network Viruses These viruses are proficient in spreading over LAN and over the Internet These viruses propagate through shared resources. (Nimda & SQLSlammer)

  7. Malware, Grayware & Protection 1.1.2.c Logic Bomb / Time Bomb A logic bomb employs code that lie inert until specific condition are met like number of hosts or specific time One example is “Friday the 13th” Virus 1.1.2.d Sentinels • A sentinel is a highly advanced virus capable of empowering the creator or perpetrator of the virus with remote access control over the computers that are infected. • They are used for malicious purposes such as DoS Attacks • A DoS attack is an explicit attempt to prevent legitimate users of a service from using that service. Examples are: • Flooding a network • Disrupting a server by sending more requests • These attacks can be directed on network devices and servers as well. 1.1.2.e Boot Sector Viruses A boot sector virus resides in boot sector of a magnetic disk. Examples are Polyboot.B and Anti.EXE

  8. Malware, Grayware & Protection 1.2 Worms • A computer worm is a self-replicating computer program that send copies of itself to other nodes without any user intervention. • Unlike a computer virus, it does not need to attach itself to an existing program • Warms always harm the network by consuming bandwidth & computer time whereas viruses only infect or corrupt files on targeted machines 1.2.1 Classifications of Worms 1.2.1.a Email Worms • Email worms are spread via Email using MS Outlook SMTP or MAPI function • Email worms use Address Book of client email program • In July 19, 2001 Code Red replicated 250,000 times in 9 hours • Klez.E in 2002 is another example 1.2.1.b Instant Messaging Worms • IM worms are spread by sending links to infected web site to everyone on the local contact list

  9. Malware, Grayware & Protection 1.2.1.c IRC Worms Like IM worms, IRC worms are also spread through Chat Channels 1.2.1.d File Sharing Network Worms • These worms copies itself into a shared folder • One example is RavMon.Exe 1.2.1.e Internet Worms • These worms spread through low level TCP/IP ports where an infected file scans the LAN or Public or public internet 1.2.2 Payloads • Some worms are only designed to spread, without altering the system they pass through. Examples can be Morris worm, Mydoom, ExploreZip worms. • These worms may also delete the files on host systems

  10. Malware, Grayware & Protection 1.3 Trojan • A Trojan is a program that performs a malicious action but has no replication abilities. • Trojan may arrive through harmless file or application • It may also have a payload • One example of Trojan is “waterfall.scr” which allow the remote access of user’s computer • Trojan Horses may • erase or overwrite data • encrypt files • corrupt files • upload or download files • allow remote access to victim’s computer • restart the computer • start unwanted system process • Examples are: • Downloader-EV, Pest Trap, Sub7, Back Orifice, NetBus, Flooder

  11. Malware, Grayware & Protection 1.4 Why people create computer viruses • Research Projects • Pranks • Vandalism • To attack the products of specific company • To distribute political messages • Financial gain 1.5 Life Cycle of Malware • Creation • Replication & Propagation • Activation • Discovery • Assimilation • Eradication

  12. Malware, Grayware & Protection 2.0 GRAYWARE • Grayware refers to the application or files that are not classified as virus or trojan but can still negatively affect the performance of the computers • Graware behave in a manner that is annoying or undesirable such as popup windows, logging user keystrokes 2.1 Types of Grayware 2.1.1 Spyware • Software that installs components on a computer for the purpose of recording web surfing habits (primarily for marketing purpose) • Spyware sends this information to its author or to other interested parties when the computer is online • Spyware often downloads with items identified as 'free downloads' without user intervention • The information spyware components gather can be a vulnerable theft which includes: • user names, passwords & credit card numbers

  13. Malware, Grayware & Protection Examples • Gator by Claria Corporation installed with GoZilla & Kazaa (2003) • CoolWeb Search • Internet Optimizer also known DyFuCa • 180 Solutions (Zango) • HuntBar • Movieland, Moviepass.tv or Popcorn.net

  14. Malware, Grayware & Protection

  15. Malware, Grayware & Protection Fake Anti-Spyware Programs (Examples) • errorsafe • Pest Trap • Spy Axe • Anti Virus Gold • Spyware Strike • Spyware Quake • World Anti Spy • Spy Sheriff • Spy Wiper • PAL Spyware Remover • PS Guard • Malware • WinAntiVirus Pro 2006 • WinFixer

  16. Malware, Grayware & Protection Notable Programs distributed with Spyware • BearShare • Bonzi Buddy • Dope Wars • Error Guard • Grokster • Kazaa • Morpheus • RadLight • WeatherBug • EDonkey2000 • LimeWire (Windows Free version upto 3.9.3)

  17. Malware, Grayware & Protection 2.1.2 Adware • Adware is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. • Software that display advertising banners on web browsers • Adware often create unwanted effects like annoying popup ads and general degradation in network connection or system performance • Adware also comes as Free Downloads with EULA • Adware are also often installed with Spyware Spyware programs profile user’s internet behavior while Adware programs display targeted ads that correspond to the gathered user profile Examples • Kazaa which displays targeted ads to its users • TopMoxie, 123 Messenger, Bonzi Buddy, Block Checker, Comet Cursor, Daemon Tools, Aurora, Ebates Money Maker, Error Safe, Gator, Hotbar, Xango Toolbar, Smiley Central, Weather Bug, WhenU, WinFixer

  18. Malware, Grayware & Protection WhenU(Adware)

  19. Malware, Grayware & Protection 180 Solutions(Adware)

  20. Malware, Grayware & Protection 2.1.4 Joke Programs • Programs that cause the computer to behave abnormally like making the screen to shake or modifying the appearance of cursor 2.1.3 Dialers • Dialers are the programs that change the client’s internet settings to dial preconfigured phone numbers through modem

  21. Malware, Grayware & Protection 3.0 PROTECTION 3.1 Protection from Malware • Operating System Considerations • System Restore (Microsoft Windows) • Anti-Virus Programs • Symantec AntiVirus Corporate Edition 10.1 • Norton AntiVirus Professional 2007 • Kaspersky 6.0 Personal Edition • McAfee Anti Virus Plus 2007 • Trend Micro PC-cillin Internet Security 2007 • Zone Alarm Internet Security • Antivirus Definition must be updated • Regular System & Data Scan • Real-Time scanning of both data, emails & downloads • Regular backups • Update OS Security Patches • Re-Install Operating System

  22. Malware, Grayware & Protection 3.2 Protection from Grayware • Ad-Aware by Lavasoft • CounterSpy by Sunbelt Software • Spybot Search & Destroy by Patrick Kolla • SpySubtract by Intermute • SpySweeper by Webroot • Spyware Doctor by PCTools • AVG Anti-Spyware by Grisoft (formerly Ewido)

  23. Malware, Grayware & Protection 4.0 Cell Phone Viruses • A cell phone virus is similar to a computer virus • Unlike a computer virus which spread through emails & internet download, cell phone virus spreads via: • Internet Download • MMS • Bluetooth Transfer • PC to Cell Phone 4.1 Cell Phone Virus Damages

  24. Malware, Grayware & Protection 4.2 Cell Phone Virus Protection • Turn off Bluetooth • Install Security Software • Symantec • McAfee • F-Secure • Check Security Updates • Scan every MMS & Internet Download file

More Related