Understand viruses and how they propagate Have a working knowledge of several specific viruses Understand virus scanners Understand what a Trojan horse is
Have a working knowledge of several specific Trojan horse attacks Have a working knowledge of several specific Trojan horse attacks Understand the buffer overflow attack Understand spyware
Virus outbreaks Virus outbreaks - How they work
- Why they work
- How they are deployed
Buffer overflow attacks Spyware Other malware
A computer virus - Self-replicates
- Spreads rapidly
- May or may not have a malicious payload
How a virus spreads How a virus spreads - Finds a network connection; copies itself to other hosts on the network
- Requires programming skill
OR - Mails itself to everyone in host’s address book
- Requires less programming skill
E-mail propagation E-mail propagation - More common for one major reason;
- Microsoft Outlook is easy to work with.
- Five lines of code can cause Outlook to send e-mails covertly.
- Other viruses spread using their own e-mail engine.
Network propagation. Network propagation. - Less frequent, but just as effective
Web site delivery. - Relies on end-user negligence
Multiple vectors for a virus are becoming more common.
Virus Types Virus Types - Macro
- Multi-Partite
- Armored
- Memory Resident
- Sparse Infector
- Polymorphic
Examples Examples - Rombertik
- Gameover ZeuS
- FakeAV
Rules for avoiding viruses: Rules for avoiding viruses: - Use a virus scanner.
- DO NOT open questionable attachments.
- Use a code word for safe attachments from friends.
- Do not believe “Security Alerts.”
Examples
A program that looks benign, but is not A program that looks benign, but is not A cute screen saver or apparently useful login box can - Download harmful software.
- Install a key logger .
- Open a back door for hackers.
Competent programmers can craft a Trojan horse: Competent programmers can craft a Trojan horse: Company policy should prohibit unauthorized downloads.
Competent programmers can craft a Trojan horse: Competent programmers can craft a Trojan horse: - To appeal to a certain person or
- To appeal to a certain demographic
Company policy should prohibit unauthorized downloads.
EliteWrap.
Requires more technical knowledge Requires more technical knowledge Usually used for targets of choice Must be tailored to specific circumstances Must then be deployed
Forms of spyware
Legal Uses Legal Uses Illegal Uses - Deployment will be covert
Rootkit Rootkit - A collection of hacking tools that can
- Monitor traffic and keystrokes
- Create a backdoor
- Alter log files and existing tools to avoid detection
- Attack other machines on the network
Web-Based mobile code - Code that is portable on all operating systems
- Multimedia rushed to market results in poorly scripted code
- Spreads quickly on the web
Go off on a specific condition Go off on a specific condition - Often date
- Can be other criteria
Advanced Persistent Threat - Advanced techniques, not script kiddy’s
- Ongoing over a significant period of time
Antivirus software operates in two ways: Antivirus software operates in two ways: - Scans for virus signatures
- Keeps the signature file updated
- Watches the behavior of executables
Anti-spyware software Anti-spyware software - www.webroot.com
- www.spykiller.com
- www.zerospy.com
- www.spectorsoft.com
There are a wide variety of attacks. There are a wide variety of attacks. Computer security is essential to the protection of personal information and your company’s intellectual property. Most attacks are preventable. Defend against attacks with sound practices plus antivirus and antispyware software.
Dostları ilə paylaş: |