1 / 26

Malwares and Networking

Malwares and Networking. MADS 6638 Louai Rahal. Vulnerability: There is no type of defense that is always reliable  Solution: Defense in Depth. Give access only to the assets that the user is allowed to access. Create records of user’s activity. Identify who the user is.

jsholes
Télécharger la présentation

Malwares and Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malwares and Networking MADS 6638 Louai Rahal

  2. Vulnerability: There is no type of defense that is always reliable •  Solution: Defense in Depth Give access only to the assets that the user is allowed to access Create records of user’s activity Identify who the user is

  3. Malware: Software that cause harm • "Downloaded software can open files, delete files, or create new files" These files can access the computer's memory and processor

  4. Malware Detection • How are antiviruses developed ? • Experts analyze malwares and identify patterns, signatures • For example, if a malware contains instructions to the computer to install a software called Trojan.exe, then the antivirus will add Trojan.exe to its blacklist

  5. Malware Detection • Not all malware detection tools are based on signatures. • Other tools are based on behavior. • For example, antivirus tools inspect files that allow access by remote users. • If a file gives access to remote users then it is inspected.

  6. Malware Detection

  7. Malware Detection • 68 antivirus engines • Constantly being updated with new signatures and new behavioral patterns of malwares • Windows has incorporated VirusTotal in their Process Explorer Tool

  8. 1/68 score means that 1 out of the 68 antivirus engines has reported the program as malicious. • The higher the score the more certain we are that the program is malicious. • A low score like 1/68 could be a False Positive • Like any cybersecurity tool, virus total does not guarantee a 100% success rate • A sophisticated malware could still score 0/68. False negative. https://www.csoonline.com/article/2883958/malware/malware-detection-in-9-easy-steps.html

  9. A non malicious program gets a score of 5/65: • False positive or False negative ? • A malicious program gets a score of 0/67 • False positive or False negative ?

  10. https://www.youtube.com/watch?v=wF_44SqldIQ 28:00 • Allows hackers to change the behavior of the program by entering special codes. • Similar to cheat codes in online games. Codes taken from Amoroso, E. G., & Amoroso, M. E. (2017) • Which one is a Trojan program?

  11. "In general, Trojan Horses infect devices through social engineering where the users are deceived into opening an email attachment or clicking a link, or maybe by drive-by-download using a pop-up window. Signs such as low performance and changed settings are indicators that a Trojan horse resides on the victim’s device. Counter measures such as keeping the anti-virus application up to date, avoiding clicking or downloading unknown files from unknown sources, and scanning files can help protecting against Trojan Horses" • The use of open source software protects from Trojan Horse Programs because the code can be inspected by millions of users

  12. Displaying Advertisements to make money • Redirecting you to other websites in order to increase traffic on these websites • Alters browser's security settings • Resetting the browser's Homepage

  13. Creating your own Adware Go to www.louairahal.net/infosec Download the Adware Open it with notepad Modify the code and make the adware produce at least 50 popup windows Save your file as a .html file Open the file in your browser

  14. Users can protect themselves from Adware and remove them in different ways: • "Blocking scripts from running on your browser can help protecting your device from Adware. However, this can also end up blocking other useful scripts since Adware are written in the same scripting language like other legitimate software" • Make sure that your browser is up to date and all security patches are installed. Also, make sure that your firewall is on when using the Internet. • Go to settings in your browser • Check if pop ups are disabled • Check if browser is tracking your activity

  15. Codes taken from Amoroso, E. G., & Amoroso, M. E. (2017) • Which one is a spyware?

  16. Accessing applications and files that control memory, processor and other resources on a device

  17. Codes taken from Amoroso, E. G., & Amoroso, M. E. (2017)

  18. https://www.avira.com/en/support-virus-lab • Find one Adware, one Trojan and one other type of Malware • For each Malware, find the method of propagation

  19. Assignment-1 Preparation 5 sentences 1 sentence: Hacking Incident you will research 1 sentence: The attackers’ motivation 1 sentence: The vulnerability that was exploited 1 sentence: The technique used by attackers 1 sentence: The incident response Email the 5 sentences to lir01@alumni.ubc.ca

  20. If you want to practice sending and receiving encrypted messages: Download Louai’s public key at http://louairahal.net/infosec/Louai-Public-Key.asc Encrypt and send (1) The Encrypted Message and (2) Your Public Key Louai will send you feedback

  21. Each computer connected to a network (World Wide Web or any other) has an ip address assigned to it • Both servers and clients have ip addresses • IP addresses can be hidden easily • Get your ip address from https://whatismyipaddress.com • Go to http://nl.smarthide.com/ and visit https://whatismyipaddress.com

  22. Client/Server interactions follow different types of protocols in their interactions • HTTP: Hyper Text Transfer Protocol • HTTPS: Hyper Text Transfer Protocol Secure • https://www.makeuseof.com/tag/https-everywhere-use-https-instead-of-http/ HTTPS Everywhere is a Firefox plugin that forces the browser to use HTTPS where possible

  23. The domain name system is the system that maps a name to an ip address • A rudimentary understanding of the domain name system helps detect phishing • Which one is a phishing site http://mystery.ubc.ca/ or http://ubc.ca.mystery/

More Related