Attacks using Malware
- Malicious software (malware)
- Enters a computer system:
- Without the owner's knowledge or consent
- Refers to a wide variety of damaging or annoying software
- Primary objectives of malware
- Infecting systems
- Concealing its purpose
- Making profit
More after the break
Malware that spreads
- Viruses
- Malicious computer code that reproduces itself on the same computer
- Virus infection methods
- Appender infection
- Virus appends itself to end of a file
- Moves first three bytes of original file to virus code
- Replaces the with a jump instruction pointing to the virus code
- Swiss Cheese infection
- Viruses inject themselves into executable code
- Original code transferred and stored inside virus code
- Host code executes properly after the infection
- Split infection
- Virus splits into several parts
- Parts placed at random positions in host program
- Head of virus code starts at beginning of files
- Gives control to next piece of virus code
- When infected program is launched:
- Virus replicates itself by spreading to another file on same computer
- Virus activates its malicious payload
- Viruses may display an annoying message
- Or be much more harmful
- Examples of virus actions
- Cause a computer to repeatedly crash
- Erase files from or reformat hard drive
- Turn off computer's security settings
- Virus cannot automatically spread to another computer
- Relies on user action to spread
- Viruses are attached to files
- Viruses are spread by transferring infected files
- Types of computer viruses
- Program
- Infects executable files
- Macro
- Executes a script
- Resident
- Virus infects files opened by user or OS
- Boot virus
- Infects the master boot record
- Companion virus
- Adds malicious copycat program to OS
- Worm
- Malicious program
- Exploits application or OS vulnerabiliy
- Sends copies of itself to other network devices
- Worms may:
- Consume resources or
- Leave behind a payload to harm infected systems
- Examples of worm actions
- Deleting computer files
- Allowing remote control of a computer by an attacker
Malware that conceals
- Trojans
- Program that does something other than advertised
- Typically executable programs
- Contain hidden code that launches an attack
- Sometimes made to appear as data file
- Example
- User downloads "free calendar program"
- Program scans systems for credit card numbers and passwords
- Transmits information to attacker through network
- Rootkits
- Software tools used by an attacker to hide actions or presence of other types of malicious software
- Hide or remove traces of log-in records, log entries
- May alter or replace OS files with modified versions:
- Specifically designed to ignore malicious activity
- Can be detected using programs that compare file contents with original files
- Rootkits that operate at OS's lower levels
- May be difficult to detect
- Removal of a rootkit can be difficult
- Rootkit must be erased
- Original OS files must be restored
- Reformat HD and reinstall OS
- Logic Bomb
- Computer code that lies dormant
- Triggered by a specific logical event
- Then performs malicious activities
- Difficult to detect before it is triggered
- Backdoor
- Software code that circumvents normal security to give program access
- Common practice by developers
- Intent is to remove backdoors in final application
Malware that profits
- Types of malware designed to profit attackers
- Botnets
- Computer is inected with program that allows it to be remotely controlled by attacker
- Often payload of Trojans, worms, viruses
- Infected computers are called zombies
- Early botnet attackers used Internet Relay chat to remotely control zombies
- HTTP is often used today
- Botnets' advantages for attackers
- Operate in the background:
- Often with no visible evidence of existence
- Provide means for concealing actions of attacker
- Can remain active for years
- Large percentage of zombies are accessible at a given time
- Due to growth of always-on Internet services
- Spyware - cookies
- Software that gathers information without user consent
- Usually used for:
- Advertising
- Collection personal information
- Changing computer configurations
- Spyware's negative effects
- Slows computer performance
- Causes system instability
- May install new browser menus or toolbars
- May place new shortcuts
- May hijack home page
- Causes increased pop-ups
- Adware
- Program that delivers advertising content:
- In manner unexpected and unwanted by the user
- Typically displays advertising banners and pop-up ads
- May open new browser windows randomly
- Can also perform tracking of online activities
- Downsides of adware for users
- May display objectionable content
- Frequent pop-up ads cause lost productivity
- Pop-up ads slow computer or cause crashes
- Unwanted ads can be a nuisance
- Keyloggers
- Program that captures user's keystrokes
- Information later retrieved by attacker
- Attacker searches for useful information
- Passwords
- Credit card numbers
- Personal information
- Can be a small hardware device
- Inserted between computer keyboard and connector
- Unlikely to be detected
- Attacker physically removes device to collect information
No comments:
Post a Comment