Transcript Document 7432751

INTRODUCTION TO
COMPUTING
Malware, Grayware & Protection
OBJECTIVE:
o
Understand the terms Malware & Grayware
o
Describe the various kinds of Malware & Grayware
o
Explain the life Cycle of Malware
o
Understand why people create viruses?
o
Describe the techniques used to protect a computer system from
Malware & Grayware
o
Understand Cell Phone Viruses and Protection
Malware, Grayware & Protection
Malware
Grayware
Virus
Spyware
Worm
Adware
Trojan Horses
Dialers
Joke Programs
Protection from
Malware & Grayware
Remote Access
Malware, Grayware & Protection
1.0 MALWARE
 Malware is a combination of two words: Malicious & Software
 A malware is a program that performs unexpected or unauthorized, but
always malicious, actions.
 Malware is designed to infiltrate or damage a computer system without the
owner’s informed consent.
 Malware is also sometimes known as Badware or Computer Contaminant
 Malware should not be confused with Defective Software
 Computer users still use Virus as a jargon for Malware
1.1 Virus
A computer virus is a computer program that has the unique ability to replicate
and can infect a computer without permission or knowledge of the user
1.1.1 Replication Strategies
Viruses can be divided into two categories on the basis of their behavior
when a user executes an infected program:
Malware, Grayware & Protection
1.1.1.a Non-Resident Viruses
These viruses immediately search for other hosts that can be infected, infect
these targets and finally transfer the control to that program they infected
1.1.1.b Resident Viruses
These viruses do not search for the host, instead a resident virus loads itself
into the memory on execution and transfer control to host program.
1.1.2 Classification of Viruses
Viruses are classified into number of types based on their features:
1.1.2.a Macro Viruses
A macro virus is written in a scripting language for programs like word & excel
and spread by infecting documents & spreadsheets.
A macro virus is platform independent (Relax, Mellisa.A, Bablas.)
1.1.2.b Network Viruses
These viruses are proficient in spreading over LAN and over the Internet
These viruses propagate through shared resources. (Nimda & SQLSlammer)
Malware, Grayware & Protection
1.1.2.c Logic Bomb / Time Bomb
A logic bomb employs code that lie inert until specific condition are met like
number of hosts or specific time
One example is “Friday the 13th” Virus
1.1.2.d Sentinels
 A sentinel is a highly advanced virus capable of empowering the creator or
perpetrator of the virus with remote access control over the computers that
are infected.
 They are used for malicious purposes such as DoS Attacks
 A DoS attack is an explicit attempt to prevent legitimate users of a service
from using that service. Examples are:
 Flooding a network
 Disrupting a server by sending more requests
 These attacks can be directed on network devices and servers as well.
1.1.2.e Boot Sector Viruses
A boot sector virus resides in boot sector of a magnetic disk.
Examples are Polyboot.B and Anti.EXE
Malware, Grayware & Protection
1.2 Worms
 A computer worm is a self-replicating computer program that send copies
of itself to other nodes without any user intervention.
 Unlike a computer virus, it does not need to attach itself to an existing
program
 Warms always harm the network by consuming bandwidth & computer time
whereas viruses only infect or corrupt files on targeted machines
1.2.1 Classifications of Worms
1.2.1.a Email Worms




Email worms are spread via Email using MS Outlook SMTP or MAPI function
Email worms use Address Book of client email program
In July 19, 2001 Code Red replicated 250,000 times in 9 hours
Klez.E in 2002 is another example
1.2.1.b Instant Messaging Worms
 IM worms are spread by sending links to infected web site to everyone on
the local contact list
Malware, Grayware & Protection
1.2.1.c IRC Worms
Like IM worms, IRC worms are also spread through Chat Channels
1.2.1.d File Sharing Network Worms
 These worms copies itself into a shared folder
 One example is RavMon.Exe
1.2.1.e Internet Worms
 These worms spread through low level TCP/IP ports where an infected file
scans the LAN or Public or public internet
1.2.2 Payloads
 Some worms are only designed to spread, without altering the system they
pass through. Examples can be Morris worm, Mydoom, ExploreZip worms.
 These worms may also delete the files on host systems
Malware, Grayware & Protection
1.3 Trojan
 A Trojan is a program that performs a malicious action but has no
replication abilities.
 Trojan may arrive through harmless file or application
 It may also have a payload
 One example of Trojan is “waterfall.scr” which allow the remote access of
user’s computer
 Trojan Horses may
 erase or overwrite data
 encrypt files
 corrupt files
 upload or download files
 allow remote access to victim’s computer
 restart the computer
 start unwanted system process
 Examples are:
 Downloader-EV, Pest Trap, Sub7, Back Orifice, NetBus, Flooder
Malware, Grayware & Protection
1.4 Why people create computer viruses






Research Projects
Pranks
Vandalism
To attack the products of specific company
To distribute political messages
Financial gain
1.5 Life Cycle of Malware






Creation
Replication & Propagation
Activation
Discovery
Assimilation
Eradication
Malware, Grayware & Protection
2.0 GRAYWARE
 Grayware refers to the application or files that are not classified as virus or
trojan but can still negatively affect the performance of the computers
 Graware behave in a manner that is annoying or undesirable such as popup
windows, logging user keystrokes
2.1 Types of Grayware
2.1.1 Spyware
 Software that installs components on a computer for the purpose of
recording web surfing habits (primarily for marketing purpose)
 Spyware sends this information to its author or to other interested parties
when the computer is online
 Spyware often downloads with items identified as 'free downloads' without
user intervention
 The information spyware components gather can be a vulnerable theft
which includes:
 user names, passwords & credit card numbers
Malware, Grayware & Protection
Examples






Gator by Claria Corporation installed with GoZilla & Kazaa (2003)
CoolWeb Search
Internet Optimizer also known DyFuCa
180 Solutions (Zango)
HuntBar
Movieland, Moviepass.tv or Popcorn.net
Malware, Grayware & Protection
Malware, Grayware & Protection
Fake Anti-Spyware Programs (Examples)














errorsafe
Pest Trap
Spy Axe
Anti Virus Gold
Spyware Strike
Spyware Quake
World Anti Spy
Spy Sheriff
Spy Wiper
PAL Spyware Remover
PS Guard
Malware
WinAntiVirus Pro 2006
WinFixer
Malware, Grayware & Protection
Notable Programs distributed with Spyware











BearShare
Bonzi Buddy
Dope Wars
Error Guard
Grokster
Kazaa
Morpheus
RadLight
WeatherBug
EDonkey2000
LimeWire
(Windows Free version upto 3.9.3)
Malware, Grayware & Protection
2.1.2 Adware
 Adware is any software package which automatically plays, displays, or
downloads advertising material to a computer after the software is installed
on it or while the application is being used.
 Software that display advertising banners on web browsers
 Adware often create unwanted effects like annoying popup ads and general
degradation in network connection or system performance
 Adware also comes as Free Downloads with EULA
 Adware are also often installed with Spyware
Spyware programs profile user’s internet behavior while Adware programs
display targeted ads that correspond to the gathered user profile
Examples
 Kazaa which displays targeted ads to its users
 TopMoxie, 123 Messenger, Bonzi Buddy, Block Checker, Comet Cursor,
Daemon Tools, Aurora, Ebates Money Maker, Error Safe, Gator, Hotbar,
Xango Toolbar, Smiley Central, Weather Bug, WhenU, WinFixer
Malware, Grayware & Protection
WhenU (Adware)
Malware, Grayware & Protection
180 Solutions (Adware)
Malware, Grayware & Protection
2.1.4 Joke Programs
 Programs that cause the computer to behave abnormally like making the
screen to shake or modifying the appearance of cursor
2.1.3 Dialers
 Dialers are the programs that change the client’s internet settings to dial
preconfigured phone numbers through modem
Malware, Grayware & Protection
3.0 PROTECTION
3.1 Protection from Malware
 Operating System Considerations
 System Restore (Microsoft Windows)
 Anti-Virus Programs
 Symantec AntiVirus Corporate Edition 10.1
 Norton AntiVirus Professional 2007
 Kaspersky 6.0 Personal Edition
 McAfee Anti Virus Plus 2007
 Trend Micro PC-cillin Internet Security 2007
 Zone Alarm Internet Security
 Antivirus Definition must be updated
 Regular System & Data Scan
 Real-Time scanning of both data, emails & downloads
 Regular backups
 Update OS Security Patches
 Re-Install Operating System
Malware, Grayware & Protection
3.2 Protection from Grayware







Ad-Aware by Lavasoft
CounterSpy by Sunbelt Software
Spybot Search & Destroy by Patrick Kolla
SpySubtract by Intermute
SpySweeper by Webroot
Spyware Doctor by PCTools
AVG Anti-Spyware by Grisoft (formerly Ewido)
Malware, Grayware & Protection
4.0 Cell Phone Viruses
 A cell phone virus is similar to a computer virus
 Unlike a computer virus which spread through emails & internet download,
cell phone virus spreads via:
 Internet Download
 MMS
 Bluetooth Transfer
 PC to Cell Phone
4.1 Cell Phone Virus Damages
Virus
Attacks
Spread via
Harm
Cabir.A (June2004)
Symbian S60
Bluetooth
None
Skulls.A (Nov 2004)
Symbian
Internet Downloads
Disable all features except
send/Receive calls
Commonwarrior.A (Jan
2005)
Symbian S60
Bluetooth & MMS
Sends MMS to everyone via
address book
Locknut.B (Mar 2005)
Symbian S60
Internet Download
Crashes system ROM, disable
phone features
Fontal.A (Apr 2005)
Symbian S60
Internet Download
Locks phone on load, disable
phone entirely
Malware, Grayware & Protection
4.2 Cell Phone Virus Protection
 Turn off Bluetooth
 Install Security Software
 Symantec
 McAfee
 F-Secure
 Check Security Updates
 Scan every MMS & Internet Download file