2 hnsz - malicious software 19082013
TRANSCRIPT
-
7/29/2019 2 HNSZ - Malicious Software 19082013
1/1
1
What can Malicious Software do to you?
Malicious Softwares are programs that make your computer sick.
These applications can perform a variety of nasty tasks, such as
stealing personal information, slowing your computer down, or
launching attacks at other systems. Many people consider all
malicious software to be viruses. However, this is not the case
there are many different types of malware, such as viruses, worms,
rootkits, backdoors/trojans, botnet agents, and keyloggers, to name
a few. Each of these threats are malicious in nature, but the intentof the threat (or payload) is different.
VIRUSEs: Viruses are programs designed to replicate and spread to
other computers. Although the term virus is often given a negative
connotation, a virus is not necessarily malicious some viruses
have been known to carry a benevolent payload. That being said,
the majority of viruses are malicious in nature, and any program
that performs unauthorized modifications of files should be
considered undesirable.
A traditional virus will generally require a user to perform some
action in order to launch the virus program and allow it to infect the
system and propagate. To make this process less obvious, the
viruses frequently attach themselves to other executable files on a
system, and then run along with an authorized program. Viruses
also hide as safe file types by overloading the displayed file
extensions on Windows, such as a photo.jpg.exe file, which may
appear to be a picture but is actually a program in disguise (it is
not the best disguise, but it works well enough for people to keep
using this technique).
Fortunately for the viruses writers (and less fortunately for the
security staff), users are often all too eager to run these
applications, triggering an infection. Some virus infections can be
prevented simply by preventing users from installing applications
locally without authorization (the lock down). Other viruses are able
to install, run, and spread on any type of user account.
WORMs: A worm, on the other hand, is a type of virus that is able
to spread without any user interaction. You might wonder, How is
this possible? Computers have a tendency to like to talk and share
with each other they apparently get lonely or something. And like
teenage girls, the things they talk about dont make much sense to
the normal person (although personally, Id take a packet capture
any day, but weve already established that I dont fit into the
normal category).
Many times, certain services will be allowed to talk to each other on
the network, and others will be restricted (in the context of people,
consider a situation where texting is permitted, but Skype is not).
Unfortunately, some of these services have vulnerabilities that may
be exploited. Suppose for example there was a bug that existed in
your cell phone whereby a specially crafted text message would
cause the phone to explode randomly. This would be considered a
wormable vulnerability, since this could be exploited without any
user activity or intervention. Lets take this example one step
further, and have the phone text your entire address book (or a
subset of it) prior to executing the explode message. As you can
imagine, the impact of this interaction would be immediate and
significant. Some of the most devastating computer worms have
spread in a similar matter, compromising the majority of vulnerable
machines on the Internet in hours or even minutes.
TROJAN HORSEs: A Trojan horse is even more valuable to an
attacker, since they are often used to gain and give full control of a
system back to an outsider. Trojans are widely used to provide a
means of access to a system from the Internet. The bad guys love
to have anonymous systems available on the Internet that they can
use for whatever purposes they require. A system compromised with
a Trojan horse can be used to steal information (through keystroke
or screen logging), modify or delete files, as anonymous proxies forInternet browsing, or as pivot points for compromising other
systems. Because of the many uses for a compromised system
(including the possibility of financial gain for the attacker), Trojan
horses represent one of the most popular forms of malware in use
on the Internet today.
BOTNETs: When a single party controls a large number of
compromised machines, a botnet is formed. A typical botnet is
composed of many machines that were initially compromised by a
Trojan horse or other similar method. These nodes, or zombies,
connect back to centralized controllers for instruction. A large botnet
is essentially an army of individual machines across the Internet,
which can be deployed for any purposes the master desires.
Unfortunately, botnet owners often have much more sinister goals
than calculating larger and larger versions of pi. These botnets are
often used for illegal activities such as distributed denial of service
attacks or information theft. A distributed denial of service attack
occurs when a large number of machines repeatedly connect to a
website or server to the point where it becomes overloaded.
Consider what would happen if Amazon decided to sell TVs for $1
each on Christmas Eve the sheer volume of visitors would bring
the site to a crawl and quite possibly prevent Amazon from being
able to process other orders during this surge in traffic. This
technique is often used for political protest reasons, where a botnet
owner will launch attacks against sites they find undesirable in order
to make them unavailable. Other botnet agents may install
keyloggers and form grabbers to steal information such as
passwords, banking account information, or personal information
such as social security numbers. This information can be used to
manipulate victims banking accounts, open or raid accounts, orpurchase items in their names.
The moral of the story here is that Malware is bad, and different
types of malware are bad in different ways.
If there are topics you would like to see us explain, let us know!
- By Hemant Pandya, Pre Sales Consultant - Security at Redington Gulf,
Riyadh Saudi Arabia
mailto:[email protected]:[email protected]:[email protected]