learning malware for fun and profit
TRANSCRIPT
![Page 2: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/2.jpg)
OVERVIEW
What is malware?
Types of malwares.
How to create your own malware (Educational purpose only)
Writing signatures to antiviruses.
Evading antiviruses. (Educational purpose only)
![Page 3: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/3.jpg)
What is a malware ? Malware short for malicious software . malware is a piece of software that is designed to disrupt operation , gather information , gain unauthorized access to system resources, and for exploitation purposes.
The malware is a general term used by a computer professionals to mean a variety of forms of hostile , intrusive, or annoying software or programming code.
In simply malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do.
![Page 4: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/4.jpg)
Types of malwareThere are many types of malwares are there. most common are :
VirusesWormsRootkitsTrojansBackdoors SpywareKeyloggerAdwareCrimewareScareware
This list goes on …………………
![Page 5: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/5.jpg)
What is a Virus?
A computer virus is a program that can replicate itself and spread from one computer to another.
if a computer program is called as a virus it most have the capability to spread from one file to another file and one computer to another computer by means of Network or internet or carried it by a removable devices like CD’s, DVD’s, Floppy disks and USB devices.
in simply virus is a program that can infect other programs by modifying them to include a, possibly evolved, version of itself.
![Page 6: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/6.jpg)
Indications of Virus attack
Hard drive is accessed even when not using the computer.Computer freezes frequently or encounters errors.Computer slows down when programs starts.Files and Folders are missing (god has to know what happened to files).Unable to load operating system files.Browser window freezes.
![Page 7: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/7.jpg)
When computer get infected by Viruses
Don’t having proper antivirus application.Not updating antivirus and operating system and applications.Installing pirated software's and rouge applications.Opening an infected E-Mail attachments.
![Page 8: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/8.jpg)
How to create your own Virus (Educational purpose only)
DEMO
![Page 9: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/9.jpg)
What is a Worm
A computer worm is a self-replicating malware which uses a computer network to send copies of itself to another computer.
However, a computer worm does not need to attach itself to a program in your system like a computer virus does in order to function. A computer worm generally localizes its damage to the computer network by causing increased bandwidth(only applicable to old worm types )
![Page 10: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/10.jpg)
Indications of worm attacks
• Unusual network traffic in pc• Not able to visit websites due to bandwidth is
flooded by worm.• Unusual files in network shares.• Unable to update antiviruses.
![Page 11: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/11.jpg)
How Worm spreads
Peer 2 peer (p2p) networks like uTorrent.
Infected USB devices.
Network shares. Emails
![Page 12: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/12.jpg)
![Page 13: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/13.jpg)
How to create your own Worm (Educational purpose only)
DEMO
![Page 14: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/14.jpg)
Rootkit
Rootkit is a stealthy type of malware designed to hide its existence from processes viewer and other monitor software's.
![Page 15: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/15.jpg)
Types of rootkits
• There are two different types of rootkits. they are :–User Mode rootkit–Kernel Mode rootkit
User Mode
Supervisor /Kernel Mode
![Page 16: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/16.jpg)
Backdoors• A Backdoor is a way in to the system that
allows an attacker to access the victim machine.
• after penetrating the victim machine the attacker installs the backdoor in it.
• it used to access the victim machine.
• Example: NetCat
![Page 17: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/17.jpg)
Backdoor !!!!
Hey got the backdoor. PWNED
![Page 18: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/18.jpg)
Trojan
• Trojan is a piece of software which contains both legitimate code and malicious code.
• performs covert and overt actions.• Frequently embedded in applets, games and
email attachments.• Examples
– Beast– ProRat
![Page 19: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/19.jpg)
Small story about Trojan
![Page 20: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/20.jpg)
How to create your own Trojan (Educational purpose only)
DEMO
![Page 21: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/21.jpg)
Best Tips to Defend Against Malware
Protect your computer with strong security software and
keep updated.
Enable automatic Windows updates.
Be careful when engaging in peer-to-peer (P2P) file-
sharing.
Beware of spam-based phishing
schemes.
Back up your files
regularly.
![Page 22: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/22.jpg)
Writing signatures to antiviruses
Mostly antivirus signature writers use three methods to create signatures They are:
MD5 hashes Byte code Heuristic
![Page 23: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/23.jpg)
AgainDEMO
![Page 24: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/24.jpg)
Evading Antiviruses
AgainAn Awesome
DEMO
![Page 25: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/25.jpg)
Any Queries
![Page 26: Learning malware for fun and profit](https://reader035.vdocument.in/reader035/viewer/2022062303/554fb2e9b4c90586258b5277/html5/thumbnails/26.jpg)
SpecialThanks
to
Raghu
chaitu
Imran