Malicious software group 24

Malicious Software

Minhal Abbas 136 M. Zain 035

Adil Islam 101

Outline Malware

Computer Virus

Trojan Horse

Worm

Latest Threats

How to be Secure

Malware

What is Malware? Collective term for malicious software

Secretly accesses device without user knowledge

Makes system do something an attacker wantso Disrupt operations

o Gather sensitive information

o Display unwanted advertising

Origin Before Internet, viruses spread via floppy disks

Apr 1975: First Trojan Horse ‘Animal’ by John Walker

Jan 1986: First Computer Virus ‘Brain’ (Pakistanis Basit & Amjad)

Nov 1988: First Worm ‘Morris’ by Robert Morris

Oct 1995 : First ‘Spyware’ popped up on Usenet

Why is it created? Originally created as experiments and pranks

Led to vandalism and destruction of machines

Created for profito Adware : Forced advertising

o Spyware : Stealing sensitive information

o Zombie : Computers used to spread spam

o Ransomware : Extorting money

How It Spreads File sharing, removable drives

Spam emails, attachments

Downloads from unverified websites

Installing pirated & third party software

Games demos from unknown sources

Unofficial Toolbars

20072008

20092010

20112012

20132014

20152016

0

100000000

200000000

300000000

400000000

500000000

600000000

Total Malwarehttps://www.av-test.org/en/statistics/malware/

Types of Malware

80%

6%

7%

4%3%

Trojan

Worm

Virus

Adware & Spyware

Others

pandasecurity.com

Computer Virus

Computer Virus Self-replicating software, installed without user consent

Incorporates copies into other programs

Hidden in commonly used programs

Attaches to executable files

Human action required for it to spread

Virus Phases Dormant phase : Virus is idle

Propagation phase : Starts to Spread

Triggering phase : Virus activated

Execution phase : Function is performed

Main Categories Boot Sector Resident : Infects Boot Sector

Activates when booting machine

File Resident : Infects program files

Activates once program is run

Memory Resident : Installs in the memory

Infects future programs

Types of Viruses

Companion• Creates new

program, no modification• Executed by

shell rather than program

Stealth• Hides from

Anti-Virus software• Difficult to

repair infected file

Polymorphic• Changes with

every new host• Produces

modified code

Armored• Hides the

modification made• Reports false

values to programs

Trojan Horse

Trojan Horse Appears to be useful software, persuades user to install

Performs a different function than what it is advertised to do

Does not self replicate or self propagate

Creates backdoors, allowing unauthorized access to your system

Allows an attacker to access confidential or personal information

Purposes of Trojan Destructive : Destroy & Delete Files

Use of resources: Uses infected host to carry out illegal activities

Money theft : Stealing or extorting money

Data theft : Password, credit card, personal information theft

Spying : Monitoring activities through webcam &

keystrokes

Types of Trojans

Remote Access• Takes full

control of the system• Gives admin

control to attacker

Data Sending• Sends data to

hacker by email• Logs and

transmit each keystroke (keylogger)

DOS• Combines

computing power of hosts• Attacks by

flooding with traffic

Proxy• Turns system

into Host Integ Server (HIS)• Makes illegal

purchases with user’s accounts

Worm

Worm Self replicating software designed to spread through network

Does not need human intervention like Virus or Trojan

Exploits security flaws in widely used services

Consumes system memory & bandwidth

Causes servers to stop responding

Means of Infection Gains access to trusted host lists on infected system

Penetrates a system by guessing passwords

Exploiting widely known security holes

Example is the ILOVEYOU worm, which invaded millions in 2000

Types of Worms Scanning : Chooses “random” address

Coordinated scan: Different instances scan different addresses

Flash : Propagate along tree of vulnerable

hosts

Meta-server : Ask server for hosts to infect

Topological : Use information from infected hosts

Contagion : Propagates along normal communication

Latest Threats FBI Virus : Fake FBI alert, tricks user into paying $200

Firefox Redirect : Redirects Firefox browser to unwanted sites

Suspicious.Emit : Backdoor Trojan Horse in removable devices

Serifef : In keygens & cracks, disables Windows

Defender

Loyphish : Fake banking webpage, steals login

credentials

How to be Secure Use Antivirus software

Use a Firewall

Use a pop-up blocker

Use complex and secure passwords

Don't click on links within emails

THANK YOU!