Transcript Slide 1

What is Malware?

Definition:
• A generic term used to describe any
form of malicious software; e.g., Virus,
Trojan horse, Spyware, Adware,
Malicious ActiveX web page, Rootkit,
Zombie.
Jonathan Held
Presented 9/13/2005
What Harm Can Malware Do?





Install strange
programs
Slow internet
connections
Slow PC
performance
Cause system
instabilities/
crashes
Web popups






Change IE settings
View / Steal any
information on the
PC
Open you up to
identity theft
Log all keystrokes
typed
Cause your PC to
attack others (laptops)
Render your PC
unusable
How Bad is the Problem?







90% of home users are infected with malware.
20% of home computers are infected with a
virus
88% of the infected users don’t even know they
are infected with malware.
2 of every 3 users don’t have an activated
firewall, & 1 of the 3 firewall-using folks have
their firewalls improperly configured
Some worms have infected millions of
computers within just a few minutes.
Malware is responsible for a third of all Windows
application crashes
Viruses alone cost businesses around the world
$55 billion per year.
HOW TO TELL IF YOUR COMPUTER IS
INFECTED WITH MALWARE
• Sluggish system, Decrease in system performance.
• Computer boots up slower than usual.
• Pop-up ads, while you're not even running your web browser.
• Unwanted changes to Web Browser settings - home page, search page,
new toolbars, new added Favorites.
• Hard Drive keeps losing free space.
• New messages, errors, and icons, for programs you never installed,
especially on startup.
• Programs crash more often, even after rebooting.
• Suspicious or new Windows processes. (Advanced Users)
What are the different
types of Malware?
How do they get
onto my computer?
DIFFERENT TYPES OF
MALWARE Best to Worst
DAMAGE
All malware will cause sluggish performance and
crashes, and here are some additional annoyances:
ADWARE / POPUPS
SPYWARE
BROWSER HIJACK
Nuisance
VIRUS
Some viruses can cause data loss.
TROJAN Files
SPAM RELAY (SpamBot)
DDOS ZOMBIE
Your PC is used only to attack others
DIALER
Telephone fraud, 1-900 overseas #s
Rogue FTP server
Hard Drive space will dwindle
KEYLOGGER
Remote Acc.Backdoor
ROOTKIT
Any data on your computer can be
viewed or stolen, even your keystrokes.
COMPLETE SYSTEM COMPROMISE.
Malware is usually “Bundled”
This makes some
sophisticated Malware difficult
to remove.
Windows reinstallation is
sometimes required,
and recommended annually.
TERMS
• SPYWARE: Any program which secretly collects and transmits user information
(visited websites, search terms, etc) through the user's Internet connection without
user’s knowledge, usually for advertising purposes.
Aside from privacy issue, it also slows down computer and internet connection,
and creates system instability and crashes.
• VIRUS: A small “parasite” program that attached to a program or file on your
computer’s hard drive without your knowledge, and runs against your wishes.
Viruses replicate themselves when the file is shared with others. Their payload is
usually harmful, deleting files, opening up the PC for other infections, Slowing the
computer to a halt, etc.
• WORM: Similar to a virus, but more powerful – doesn’t need a host “file”, and
Spreads much more quickly over network.
• EXPLOIT / HACK: small programs or methods which attacks particular unpatched
security holes. Not self-replicating. An attack vector which opens up the PC for
further infection. Once a computer is Hacked, the hacker has complete control over
the PC, and can proceed to install viruses, spyware, FTP servers, and anything else.
TERMS
• BROWSER HIJACK: Web sites that, when visited, set the user's default browser home
page to an unwanted URL, change the default search engine, or add unwanted toolbars
and other custom plugins/add-ons to the user's browser and system.
• FIREWALL – Software which runs in the background and blocks suspicious
activity to & from a computer’s 65,000 network ports. Will block *most* Malware,
But not all. Windows XP SP2 has a Firewall built-in.
• PATCH (WindowsUpdate.com) – a small modification to the Windows OS code,
to close up a recently discovered vulnerability.
Removal
I THINK MY PC IS INFECTED WITH MALWARE
…WHAT NOW?
If it's an IFEM computer, tell Jon. Update and run Spyware
Scanner first, if you have time.
Run 2 spyware scanners. Make sure to update them first.
They will detect and remove most of your spyware.
(Microsoft Anti-Spyware, Spybot Search&Destroy, Ad-Aware)
Run a full virus scan. Update your virus definitions first.
Go to Control Panel, Add/Remove Programs, and remove
any programs you've never heard of, or you don't need.
(don't touch the Microsoft programs!)
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Microsoft AntiSpyware.
Easy to use, easy to install, has straightforward
friendly "real-time" protection.
Spybot Search&Destroy.
Catches more Malware than the Microsoft product,
but "real time" protection is sub-par.
Ad-Aware.
Similar to SpybotSD above, a little easier to use.
Does not offer “real-time” protection.
I THINK MY PC IS INFECTED WITH MALWARE – WHAT NOW?
►If
it's a browser Hijack, Run "Hijack This", or MS AntiSpyware.
►Use
a Process Viewer, such as TaskInfo
(Advanced users)
Terminate suspicious processes and Services, check Registry “Start” section.
As a last resort:
►
Reformat hard drive, reinstall Windows & all your programs.
(back up your files first!)
OR
►
Take your PC to a repair service, such as HomePCHelpers
or Geeksquad.
MALWARE PROCESSES
Serv-U.exe
GAIN.exe
akjughwtlpztq.exe
Slave.exe
dameware.exe
fxsvc.exe
Winshel.exe
service.exe
Microsofts.exe
Installation files for these programs are in
The IFEM Shared Folder, for your use:
\\shiva\shared\Malware Tools\
How does
Malware spread?
How did I get Malware on my Computer? How does it spread?


Email attachments, and shared infected
files.
“Bundled” with a software installation
(usually Shareware and Web toobars & add-ons)




(IFEM installs policy)
An infected PC on the network
Peer-To-Peer (P2P) applications and
services (like Skype, Kazaa, Limewire, etc)
Worm or Virus
Exploit / Hack (Exploits of security flaws within
the operating system or the web browser)
How did I get Malware on my Computer? How does it spread?
VISITING MALICIOUS WEB SITES
•Clicking a web popup.
For example, Clicking “close” or
“OK” on a pop-up or ad when it’s
really a link to another web page.
•Automatic installations by
visiting certain web sites
(“drive-by-download” )
…tricks users into installation by
the use of deceptive buttons and
hyperlinks, false error boxes and
system notices, uncloseable
popups,or other confusing
GUI elements;
…falsely poses as Microsoft Windows Update
software,"anti-spyware" software, or other
software that may be desired by users.
SHAREWARE
www.download.com
Software downloadable free of charge, but the author usually requests that
you pay a small fee if you like the program. Shareware is inexpensive
because it is usually produced by a single programmer and is offered
directly to customers.
Some shareware is “bundled” with spyware. Always check customer reviews or Google
Before you install shareware, and make sure to run spyware scan after you install.
Different Types:
Limited Trial (15 days, etc)
Adware
(Sponsored)
Nagware
Honorware
Crippleware
(Certain features are
Disabled, or limited “Save”
cabability)
Prevention
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Keep your Anti-Virus program AND Anti-Spyware Scanner
up to date. Run them in background at all times.
Do full scans a few times per month.
►
Install *all* critical Windows Updates, from
www.windowsupdate.com, OR make sure it's set to “Automatic".
Laptops must be updated manually, every week or two.
►
►
Install Windows XP Service Pack 2 (look for "Windows Firewall" in CP)
►
MAKE SURE YOUR XP SP2 FIREWALL IS TURNED ON.
A firewall will protect against SOME malware, not all.
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
►
Don’t view or open spam or unknown email attachments.
►
Don't click on ANY web pop-ups!
►
Set Internet Explorer browser settings to “High”. (optional)
MAKE SURE you have a strong password for all accounts on
your PC.
►
Be careful what software you install. Look up the program on
Google first, to check if the program is safe.
Always do a Spyware scan after installing software.
►
Never give out passwords or other protected information,
and don't leave them lying around.
►
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Microsoft AntiSpyware.
Easy to use, easy to install, has straightforward
friendly "real-time" protection.
Spybot Search&Destroy.
Catches more Malware than the Microsoft product,
but "real time" protection is sub-par.
Ad-Aware.
Similar to SpybotSD above, a little easier to use.
Does not offer “real-time” protection.
WHY DO PEOPLE CREATE
VIRUSES AND MALWARE?
►
DDOS Attacks.
►
Spamming relays.
►
Paid by advertising agencies and companies.
To get personal useful information, such as credit card
and SS numbers.
►
►
for fun.
►
To show off their skills.
Will this stop?



No, not in the near future. Currently, few
laws are in place, and no one is being
convicted, in any country.
The income potential is attractive to those
wishing to work from home, or make extra
money.
Prevention and awareness is the only
protection!
Spyware Scanner
Screenshots
WindowsXP SP2
Internet Explorer
►
added protection from
Popups and ActiveX
installations!
This website attempted to
install unsolicited
software or change
settings