Malicious Software: an Update

Hardware & Tech SIG

Darrylin Coleman

May 22, 2007

Trends

• Has become more sophisticated

• Created for financial gain

• Level of automation is increasing

• Data theft is increasing

• “Gateway attacks:” Blending techniques to make them more successful

Trends - continued

• More of an organized undercurrent now

• Targets vulnerabilities in programs, more than the operating system

Latest Threats

Adware/Spyware

Adware: Software that generates pop-up ads targeted to the user’s interests.

Spyware: Tracks user’s Internet activity, without user’s permission, for targeted marketing purposes.

Backdoor Trojan: A type of Trojan horse that opens a back door and allows a remote attacker to have unauthorized access to the computer.

Bots: Trojans designed to respond to the commands of their creators.

Browser Hijacker: Redirects web browser to sites of hijacker’s choosing, thus generating more traffic—and advertising revenue— to specific sites.

Denial of Service attacks: Attack designed to render a network unusable by flooding it with network traffic.

Drive-by-downloads: Programs automatically downloaded without user consent or knowledge.

Keyloggers: Software that keeps track of all key strokes entered and transmits this information to a third party.

Phishing/Pharming

Phishing: Trying to trick users into providing personal information by posing as a legitimate business.

Pharming: Redirecting users from one Web site to a different, identical-looking site to steal user names, passwords, etc.

Ransomware: Holding computers, or certain files or folders, hostage to extract a ransom from the owner.

Rootkits: Malware which hides in other applications or in the operating system’s kernel, masking its presence.

Social Engineering: Tricking users into performing actions or divulging confidential information.

Targeted Attacks: Tricking workers into opening opening an infected attachment by spoofing the ‘From’ address of a coworker.

Trojan Horse: Not new, but frequently used in Gateway attacks. A malicious program that falsely appears to be a useful application.

Worm: Self-replicating program used in ‘blended attacks’ to send spam, infected attachments, phishing, etc.

Zero-day Exploit: an attack against a software flaw that occurs at a time when no patch to correct the problem exists.

Zombies: Computers infected with malware that gives an attacker control over the system.

Defense

1. Anti-Virus Software

Signature-based: Use of code unique to a malware program to identify and eliminate it.

Heuristic Analysis: Checks contents of a questionable program for commands or instructions not found in typical programs.

Behavioral Analysis: Checks programs for conduct typical of malware.

Today most major anti-virus programs incorporate behavioral and/or heuristic analysis, in addition to the traditional signature-based detection method.

Top AntiVirus Programs
(PC World, June, 2007)

Kaspersky AntiVirus 6

Symantec Norton AntiVirus 2007

Bit Defender AntiVirus 10

Eset NOD 32

Panda AntiVirus 2007

Alwil’s Avast4 AntiVirus Professional

Grisoft’s AVG7.5 AntiVirus Professional

Trend Micro AntiVirus plus AntiSpyware

Free Online Virus Scans

• Trend Micro’s Housecall http://housecall.trendmicro.com/

• McAfee http://us.mcafee.com/root/mfs/default.asp?pkgid=0

• Symantec http://kb.wisc.edu/helpdesk/page.php?id=2389

Free AntiVirus Programs

• Avast

• AVG

• PC Tools AntiVirus

• ClamWin

• Comodo AntiVirus

2. Firewall

Hardware Firewall: Router

Software Firewalls:

Windows XP firewall (incoming)

Windows Vista (incoming, by default; outgoing available)

Others available commercially

Free Firewalls

• Zone Alarm http://www.pcworld.com/downloads/file/fid,7228-order,1-page,1-c,alldownloads/description.html?RSS=RSS

3. Anti-Spyware Software

Rated by PC World

Spy Sweeper (top performer)

Spyware Doctor (good rootkit protection)

AdAware SE Personal (free)

CounterSpy

Spybot Search and Destroy (free)

4. Windows and Program Updates

Updates patch known vulnerabilities in Windows and in programs.

5. Rootkit Detection Tools (free)

6. Sandbox

A virtually walled-off environment, for frequently targeted programs such as Web browsers and e-mail clients.7. Vista’s Security Features

• User Account Control – By default, users logged on with restricted privileges.

• Parental controls

• Firewall – Two-way, but outgoing protection disabled by default. Advanced users can configure outbound filtering.

*Vista’s Security Features – cont’d***

• Windows Defender – anti-spyware

• Anti-Virus – available, but not included

• Bit-Locker – an encryption utility

• PatchGuard – attempts to block rootkits which can hide virus infections

• Address Space Layout Randomization – makes it harder for malware to find and infect running processing

• Several changes to the kernel – increase its resistance to hacker attacks. (PC World, June, 2007)

8. Avoiding Malicious Software

• Keep anti-virus and anti-spyware updated and run frequent scans.

• Keep operating system, programs and browser updated.

• Don’t download “free” software unless it’s from a reputable source.

• Scan downloads for viruses before opening or installing.

• Don’t open e-mail messages from unknown senders.

• Don’t open e-mail attachments unless you’re expecting them.

• Scan attachments for viruses before opening.

• Backup your data!!!

What’s on the Horizon?

• Vista’s security features may cause attackers to revert to older techniques that have been previously successful.

• Vista’s security features may cause attackers to focus on third-party applications that may be less secure than Microsoft applications.

• Phishers will develop new techniques to evade anti-phishing solutions.

• Spam and phishing attacks are targeting mobile phones and PDAs with wireless capability.

• Software virtualization (allows one computer, the host, to run one or more virtual computers, the guests) may expose the virtual machines to more threats than if they were run on independent hardware.

• Virtual machines do little to protect the data on the host.

References

• Symantec Internet Security Threat Report, Trends for July-Dec., 2006

• IT Security: Malware Trends (website)

• PC World

• Smart Computing

Malicious Software: an Update

Hardware & Tech SIG

Darrylin Coleman

May 22, 2007

Trends

• Has become more sophisticated

• Created for financial gain

• Level of automation is increasing

• Data theft is increasing

• “Gateway attacks:” Blending techniques to make them more successful

Trends - continued

• More of an organized undercurrent now

• Targets vulnerabilities in programs, more than the operating system

Latest Threats

Adware/Spyware

Adware: Software that generates pop-up ads targeted to the user’s interests.

Spyware: Tracks user’s Internet activity, without user’s permission, for targeted marketing purposes.

Backdoor Trojan: A type of Trojan horse that opens a back door and allows a remote attacker to have unauthorized access to the computer.

Bots: Trojans designed to respond to the commands of their creators.

Browser Hijacker: Redirects web browser to sites of hijacker’s choosing, thus generating more traffic—and advertising revenue— to specific sites.

Denial of Service attacks: Attack designed to render a network unusable by flooding it with network traffic.

Drive-by-downloads: Programs automatically downloaded without user consent or knowledge.

Keyloggers: Software that keeps track of all key strokes entered and transmits this information to a third party.

Phishing/Pharming

Phishing: Trying to trick users into providing personal information by posing as a legitimate business.

Pharming: Redirecting users from one Web site to a different, identical-looking site to steal user names, passwords, etc.

Ransomware: Holding computers, or certain files or folders, hostage to extract a ransom from the owner.

Rootkits: Malware which hides in other applications or in the operating system’s kernel, masking its presence.

Social Engineering: Tricking users into performing actions or divulging confidential information.

Targeted Attacks: Tricking workers into opening opening an infected attachment by spoofing the ‘From’ address of a coworker.

Trojan Horse: Not new, but frequently used in Gateway attacks. A malicious program that falsely appears to be a useful application.

Worm: Self-replicating program used in ‘blended attacks’ to send spam, infected attachments, phishing, etc.

Zero-day Exploit: an attack against a software flaw that occurs at a time when no patch to correct the problem exists.

Zombies: Computers infected with malware that gives an attacker control over the system.

Defense

1. Anti-Virus Software

Signature-based: Use of code unique to a malware program to identify and eliminate it.

Heuristic Analysis: Checks contents of a questionable program for commands or instructions not found in typical programs.

Behavioral Analysis: Checks programs for conduct typical of malware.

Today most major anti-virus programs incorporate behavioral and/or heuristic analysis, in addition to the traditional signature-based detection method.

Top AntiVirus Programs (PC World, June, 2007)

Kaspersky AntiVirus 6

Symantec Norton AntiVirus 2007

Bit Defender AntiVirus 10

Eset NOD 32

Panda AntiVirus 2007

Alwil’s Avast4 AntiVirus Professional

Grisoft’s AVG7.5 AntiVirus Professional

Trend Micro AntiVirus plus AntiSpyware

Free Online Virus Scans

• Trend Micro’s Housecall http://housecall.trendmicro.com/

• McAfee http://us.mcafee.com/root/mfs/default.asp?pkgid=0

• Symantec http://kb.wisc.edu/helpdesk/page.php?id=2389

Free AntiVirus Programs

• Avast

• AVG

• PC Tools AntiVirus

• ClamWin

• Comodo AntiVirus

2. Firewall

Hardware Firewall: Router

Software Firewalls:

Windows XP firewall (incoming)

Windows Vista (incoming, by default; outgoing available)

Others available commercially

Free Firewalls

• Zone Alarm http://www.pcworld.com/downloads/file/fid,7228-order,1-page,1-c,alldownloads/description.html?RSS=RSS

3. Anti-Spyware Software

Rated by PC World

Spy Sweeper (top performer)

Spyware Doctor (good rootkit protection)

AdAware SE Personal (free)

CounterSpy

Spybot Search and Destroy (free)

4. Windows and Program Updates

Updates patch known vulnerabilities in Windows and in programs.

5. Rootkit Detection Tools (free)

6. Sandbox

A virtually walled-off environment, for frequently targeted programs such as Web browsers and e-mail clients.7. Vista’s Security Features

• User Account Control – By default, users logged on with restricted privileges.

Top AntiVirus Programs
(PC World, June, 2007)

*Vista’s Security Features – cont’d***