Malicious Software

Beginners SIG Oct. 11, 2007

Trends

Has become more sophisticated

Created for financial gain

Level of automation is increasing

Data theft is increasing

Gateway attacks: Blending techniques to make them more successful

Trends - continued

More of an organized undercurrent now

Targets vulnerabilities in programs, more than the operating system

Latest Threats

Adware/Spyware

Adware: Software that generates pop-up ads targeted to the user's interests.

Spyware: Tracks users Internet activity, without user's permission, for targeted marketing purposes.

Backdoor Trojan: A type of Trojan horse that opens a back door and allows a remote attacker to have unauthorized access to the computer.

Bots: Trojans designed to respond to the commands of their creators.

Browser Hijacker: Redirects web browser to sites of hijacker's choosing, thus generating more traffic and advertising revenue to specific sites.

Denial of Service attacks: Attack designed to render a network unusable by flooding it with network traffic.

Drive-by-downloads: Programs automatically downloaded without user consent or knowledge.

Keyloggers: Software that keeps track of all key strokes entered and transmits this information to a third party.

Phishing/Pharming

Phishing: Trying to trick users into providing personal information by posing as a legitimate business.

Pharming: Redirecting users from one Web site to a different, identical-looking site to steal user names, passwords, etc.

Ransomware: Holding computers, or certain files or folders, hostage to extract a ransom from the owner.

Rootkits: Malware which hides in other applications or in the operating systems kernel, masking its presence.

Social Engineering: Tricking users into performing actions or divulging confidential information.

Targeted Attacks: Tricking workers into opening opening an infected attachment by spoofing the From address of a coworker.

Trojan Horse: Not new, but frequently used in Gateway attacks. A malicious program that falsely appears to be a useful application.

Worm: Self-replicating program used in blended attacks to send spam, infected attachments, phishing, etc.

Zero-day Exploit: an attack against a software flaw that occurs at a time when no patch to correct the problem exists.

Zombies: Computers infected with malware that gives an attacker control over the system.

Defense

1. Anti-Virus Software

Signature-based: Use of code unique to a malware program to identify and eliminate it.

Heuristic Analysis: Checks contents of a questionable program for commands or instructions not found in typical programs.

Behavioral Analysis: Checks programs for conduct typical of malware.

Today most major anti-virus programs incorporate behavioral and/or heuristic analysis, in addition to the traditional signature-based detection method.

Top AntiVirus Programs
(PC World, June, 2007)

Kaspersky AntiVirus 6

Symantec Norton AntiVirus 2007

Bit Defender AntiVirus 10

Eset NOD 32

Panda AntiVirus 2007

Alwils Avast4 AntiVirus Professional

Grisofts AVG7.5 AntiVirus Professional

Trend Micro AntiVirus plus AntiSpyware

Free Online Virus Scans

Trend Micros Housecall http://housecall.trendmicro.com/

McAfee http://us.mcafee.com/root/mfs/default.asppkgid=0

Symantec http://kb.wisc.edu/helpdesk/page.phpid=2389

Free AntiVirus Programs

Avast

AVG

PC Tools AntiVirus

ClamWin

Comodo AntiVirus

2. Firewall

Hardware Firewall: Router

Software Firewalls:

Windows XP firewall (incoming)

Windows Vista (incoming, by default; outgoing available)

Others available commercially

Free Firewalls

Zone Alarm http://www.pcworld.com/downloads/file/fid,7228-order,1-page,1-c,alldownloads/description.htmlRSS=RSS

3. Anti-Spyware Software

Rated by PC World

Spy Sweeper (top performer)

Spyware Doctor (good rootkit protection)

AdAware SE Personal (free)

CounterSpy

Spybot Search and Destroy (free)

4. Windows and Program Updates

Updates patch known vulnerabilities in Windows and in programs.

5. Rootkit Detection Tools (free)

6. Sandbox

A virtually walled-off environment, for frequently targeted programs such as Web browsers and e-mail clients.

7. Vistas Security Features

User Account Control By default, users logged on with restricted privileges.

Parental controls

Firewall Two-way, but outgoing protection disabled by default. Advanced users can configure outbound filtering.

*Vistas Security Features contd***

Windows Defender anti-spyware

Anti-Virus available, but not included

Bit-Locker an encryption utility

PatchGuard attempts to block rootkits which can hide virus infections

Address Space Layout Randomization makes it harder for malware to find and infect running processing

Several changes to the kernel increase its resistance to hacker attacks. (PC World, June, 2007)

8. Avoiding Malicious Software

Keep anti-virus and anti-spyware updated and run frequent scans.

Keep operating system, programs and browser updated.

Dont download free software unless its from a reputable source.

Scan downloads for viruses before opening or installing.

Dont open e-mail messages from unknown senders.

Dont open e-mail attachments unless youre expecting them.

Scan attachments for viruses before opening.

Backup your data!!!

Whats on the Horizon

Vistas security features may cause attackers to revert to older techniques that have been previously successful.

Vistas security features may cause attackers to focus on third-party applications that may be less secure than Microsoft applications.

Phishers will develop new techniques to evade anti-phishing solutions.

Spam and phishing attacks are targeting mobile phones and PDAs with wireless capability.

Software virtualization (allows one computer, the host, to run one or more virtual computers, the guests) may expose the virtual machines to more threats than if they were run on independent hardware.

Virtual machines do little to protect the data on the host.

References

Symantec Internet Security Threat Report, Trends for July-Dec., 2006

IT Security: Malware Trends (website)

PC World

Smart Computing

Malicious Software

Beginners SIG Oct. 11, 2007

Trends

Has become more sophisticated

Created for financial gain

Level of automation is increasing

Data theft is increasing

Gateway attacks: Blending techniques to make them more successful

Trends - continued

More of an organized undercurrent now

Targets vulnerabilities in programs, more than the operating system

Latest Threats

Adware/Spyware

Adware: Software that generates pop-up ads targeted to the user's interests.

Spyware: Tracks users Internet activity, without user's permission, for targeted marketing purposes.

Backdoor Trojan: A type of Trojan horse that opens a back door and allows a remote attacker to have unauthorized access to the computer.

Bots: Trojans designed to respond to the commands of their creators.

Browser Hijacker: Redirects web browser to sites of hijacker's choosing, thus generating more traffic and advertising revenue to specific sites.

Denial of Service attacks: Attack designed to render a network unusable by flooding it with network traffic.

Drive-by-downloads: Programs automatically downloaded without user consent or knowledge.

Keyloggers: Software that keeps track of all key strokes entered and transmits this information to a third party.

Phishing/Pharming

Phishing: Trying to trick users into providing personal information by posing as a legitimate business.

Pharming: Redirecting users from one Web site to a different, identical-looking site to steal user names, passwords, etc.

Ransomware: Holding computers, or certain files or folders, hostage to extract a ransom from the owner.

Rootkits: Malware which hides in other applications or in the operating systems kernel, masking its presence.

Social Engineering: Tricking users into performing actions or divulging confidential information.

Targeted Attacks: Tricking workers into opening opening an infected attachment by spoofing the From address of a coworker.

Trojan Horse: Not new, but frequently used in Gateway attacks. A malicious program that falsely appears to be a useful application.

Worm: Self-replicating program used in blended attacks to send spam, infected attachments, phishing, etc.

Zero-day Exploit: an attack against a software flaw that occurs at a time when no patch to correct the problem exists.

Zombies: Computers infected with malware that gives an attacker control over the system.

Defense

1. Anti-Virus Software

Signature-based: Use of code unique to a malware program to identify and eliminate it.

Heuristic Analysis: Checks contents of a questionable program for commands or instructions not found in typical programs.

Behavioral Analysis: Checks programs for conduct typical of malware.

Today most major anti-virus programs incorporate behavioral and/or heuristic analysis, in addition to the traditional signature-based detection method.

Top AntiVirus Programs (PC World, June, 2007)

Kaspersky AntiVirus 6

Symantec Norton AntiVirus 2007

Bit Defender AntiVirus 10

Eset NOD 32

Panda AntiVirus 2007

Alwils Avast4 AntiVirus Professional

Grisofts AVG7.5 AntiVirus Professional

Trend Micro AntiVirus plus AntiSpyware

Free Online Virus Scans

Trend Micros Housecall http://housecall.trendmicro.com/

McAfee http://us.mcafee.com/root/mfs/default.asppkgid=0

Symantec http://kb.wisc.edu/helpdesk/page.phpid=2389

Free AntiVirus Programs

Avast

AVG

PC Tools AntiVirus

ClamWin

Comodo AntiVirus

2. Firewall

Hardware Firewall: Router

Software Firewalls:

Windows XP firewall (incoming)

Windows Vista (incoming, by default; outgoing available)

Others available commercially

Free Firewalls

Zone Alarm http://www.pcworld.com/downloads/file/fid,7228-order,1-page,1-c,alldownloads/description.htmlRSS=RSS

3. Anti-Spyware Software

Rated by PC World

Spy Sweeper (top performer)

Spyware Doctor (good rootkit protection)

AdAware SE Personal (free)

CounterSpy

Spybot Search and Destroy (free)

4. Windows and Program Updates

Updates patch known vulnerabilities in Windows and in programs.

5. Rootkit Detection Tools (free)

6. Sandbox

A virtually walled-off environment, for frequently targeted programs such as Web browsers and e-mail clients.

7. Vistas Security Features

User Account Control By default, users logged on with restricted privileges.

Parental controls

Top AntiVirus Programs
(PC World, June, 2007)

*Vistas Security Features contd***