1 / 38

Internet Vulnerabilities & Criminal Activities

Internet Vulnerabilities & Criminal Activities. Malware 3.2 9/26/2011. Malware. Malicious software designed to gain access to information and/or resources without the knowledge or consent of the end user. Malware History. 1981 - First Apple II virus in the wild

michaellbarnes
Télécharger la présentation

Internet Vulnerabilities & Criminal Activities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Vulnerabilities & Criminal Activities Malware 3.2 9/26/2011

  2. Malware Malicious software designed to gain access to information and/or resources without the knowledge or consent of the end user

  3. Malware History • 1981 - First Apple II virus in the wild • 1983 - Fred Cohen coins term “virus” • 1986 - First PC virus • 1988 - Morris Internet worm • 1990 - First Polymorphic virus • 1991 - Virus Construction Set • 1994 - Good Times virus hoax • 1995 - First Macro Virus • 1998 - Back Oriface tool released

  4. Malware History cont. • 1999 - Melissa virus / worm • 1999 - Tribal Flood Network - DDOS tool • 2001 - Code Red worm • 2001 - Nimda worm • 2003 - Slammer worm • 2004 - So Big & Sasser worms • 2007 - Storm worm / Zeus botnet tool • 2008 - Conficker worm • 2010 – Stuxnet – weaponized malware

  5. Malware Trends • Increasing complexity & sophistication • Acceleration of the rate of release of innovative tools & techniques • Movement from viruses to worms to kernel-level exploitations

  6. Malware can be: • “Proof of concept” • Created to prove it can be done • Not found outside of laboratory environment • If code available, can be used by others • “In the Wild.” • Found on computers in everyday use

  7. Traditional Categories of Malware • Virus • Worm • Malicious Mobile Code • Backdoor • Trojan Horse • Rootkit • Combination Malware – Malware “Cocktail”

  8. Virus • Infects a host file • Self replicates • Requires human interaction to replicate • Examples: • Michelangelo • Melissa

  9. Worm • Spreads across a network • Does not require human interaction to spread • Self-replicating • Examples: • Morris Worm • Code Red • Slammer

  10. Malicious Mobile Code • Lightweight program downloaded from a remote source and executed locally • Minimal human interaction • Written in Javascript, VBScript, ActiveX, or Java • Example: • Cross Site Scripting

  11. Backdoor • Bypasses normal security controls • Gives attacker access to user’s system • Example: • Netcat • Back Oriface • Sub 7

  12. Trojan Horse • Program that disguises its hidden malicious purpose • Appears to be harmless game or screensaver • Used for spyware & backdoors • Not self-replicating

  13. Rootkit • Replaces or modifies programs thts are part of the operating system • Two Levels • User-level • Kernel-level • Examples • Universal Rootkit • Kernel Intrusion System

  14. Combination Malware • Uses a combination of various techniques to increase effectiveness • Examples: • Lion • Bugbear.B • Stuxnet

  15. Malware Distribution • Attachments • E-mail and Instant Messaging • Piggybacking • Malware added to legitimate program • Adware, spyware • EULA - End User License Agreement • Internet Worms • Exploit security vulnerability • Used to install backdoors • Web Browser Exploit • Malware added to legitimate web site • Cross-site scripting & SQL Injection • Visitors to web site may be infected • Drive by malware

  16. Malware Distribution cont. • Hacking • Too labor intensive for large crime operations • May be used to compromise DNS server • Affiliate Marketing • Web site owner paid 8¢ to 50 ¢ per machine to install malware on a visitor’s computer • Mobile Devices • Transfer via bluetooth

  17. Malware Activity • Adware • Spyware • Hijacker • Toolbars • Dialers • Rogue Security Software • Bots

  18. Adware • Displays ads on infected machine • Ads format can be: • Pop-ups • Pop-under • Embedded in programs • On top web site ads • More annoying than dangerous

  19. Spyware • Send information about infected computer to someone, somewhere • Web sites surfed • Terms searched for • Information from web forms • Files downloaded • Search hard drive for files installed • E-mail address book • Browser history • Logon names, passwords, credit card numbers • Any other personal information

  20. Hijacker • Takes control of web browser • Home page • Search engines • Search bar • Redirect sites • Prevent some sites from loading • IE vulnerable

  21. Toolbars • Plug-ins to IE • Google • Yahoo • Attempt to emulate legitimate toolbars • Installed via underhanded means • Adware or Spyware • Acts a keystroke logger

  22. Dialers • Alters modem connections and ISDN-Cards • Once installed, will dial 1-900 numbers or other premium rate numbers • Run up end-users phone bill & provide revenue for criminal enterprise • Targets MS Windows

  23. Rogue Security Software • Usually delivered via a trojan horse • Uses social engineering techniques to get user to install • Fake warnings that computer is infected • Fake video of machine crashing • Disables anti-virus and anti-spyware programs • Alters computer system so the rogue software cannot be removed

  24. Bots • Allows attacker remote access to a computer • When end-user is online, computer contacts Command & Control (C&C) site • Bot will then perform what ever commands received from the C&C • Some things botnets are used for • Distributed Denial of Service (DDoS) attacks • Spam • Hosting contraband such as child porn • Other illegal fraud schemes

  25. Weaponized Malware • Attacks SCADA system • Supervisory Control And Data Acquisition • Causes physical damage • SCADA systems control • Dams • Electrical grid • Nuclear power plants • Cyber War - The Aurora Project • http://www.youtube.com/watch?v=rTkXgqK1l9A

  26. More Malware Terminology • Downloader • Single line of code • Payload from malware • Instructs infect computer to download malware from attacker’s server • Drop • Clandestine computer or service (E-mail) • Collects information sent to it from infected machines • Blind Drop - well hidden, designed to run attended

  27. More Malware Terminology cont. • Exploit • Code used to take advantage of a vulnerability in software code or configuration • Form-grabber • A program that steal information submitted by a user to a web site • Packer • Tool used to scramble and compress an .exe file • Hides malicious nature of code • Makes analysis of program more difficult

  28. More Malware Terminology cont. • Redirect • HTTP feature • Used to forward someone from one web page to another • Done invisibly with malware • Variant • Malware produced from the same code base • Different enough to require new signature for detection by anti-virus software

  29. Malware Sources • Malware • Can be programmed from scratch • Less likely to be detected by anti-malware programs • Can be purchased • Malware tools • Haxdoor, Torpig, Metafisher, Web Attacker • Tools offered with other services • Access to botnet, drop sites • Tools derived from small stable base of existing code

  30. Frauds Involving Malware • Advertising schemes • Pay-per-view • Pay-per-click (“Click Fraud”) • Pay-per-install • Banking fraud • Identity theft • Spam • Denial-of-service attacks • DoS extortion

  31. Advertising Schemes • Pay-per-view • Sell advertising space on controlled web sites • Command botnet to “view” as many ads as possible • May have ads download in the background • Fraudulent commissions generated

  32. Advertising Schemes cont. • Pay-per-click (“”Click Fraud”) • Similar to Pay-per-view fraud • Bots simulate clicks on ads • Between 5% and 35% of all ad commissions may be fraudulent • Pay-per-install • Commission paid every times advertisers software is installed • When installed, notification sent to advertiser • Infected machines will be instructed to install advertisers software

  33. Banking Fraud • Banks are a prime target of malware • Malware can allows attacker to empty victim’s bank account • Example (September 2009) • Rewrite online bank statements on the fly • Covers up theft of funds • Trojan horse • Alters HTML code before browser displays • Makes use of “Money Mules”

  34. Identity Theft • Phishing & key logging • Recent increase in malware associated with identity theft • Information sent to drop site

  35. Spam • Bots used to send spam • Also show dramatic rise • Bots are available for rent for spam purposes • Spam sent can also contain malware

  36. Denial of Service Attacks • Botnet commanded to make requests of a web site • Web site may crash due to heavy traffic • Legitimate traffic blocked • Threat of DoS attack can be used for extortion • Bots for rent for DoS attacks

  37. Problems for Law Enforcement • Anonymity • Jurisdiction • Attackers know how difficult international law enforcement is • Exploit the situation • Target victims in one country from another country • Have C&C site and drop site located in a third country • Use multiple proxies to access C&C site and drop site • Money gain quickly funneled through online bank accounts and international money transfers

  38. Other Issues • Monetary Threshold • Must reach a limit before prosecutor will take case • May be hard to prove exact amount of money involved • Cyber crimes may be considered a non-priority • Virtual world emboldens individuals • Less fear of getting caught • Realization of difficulties in investigating crimes • Easy money

More Related