Академический Документы
Профессиональный Документы
Культура Документы
Malicious software
Lorenzo Cavallaro
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 1 / 12
Lecture Outline
Learning Outcomes
The exploit downloads and installs a malware sample, infecting the victim
Week 1 Introduction
1 (Should we care? A botnet takeover storytelling)
2 Admin blabbing
3 Malicious software
4 (a glimpse at) Botnets
5 (a glimpse at) Botnets detection & Rootkits
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 2 / 12
Malicious Software
(Malware) refers to any unwanted software and executable code that is used
to perform an unauthorized, often harmful, action on a computing device. It
is an umbrella-term for various types of harmful software, including viruses,
worms, Trojans, rootkits, and botnets.
Taxonomy I
Self-Spreading
Means of Distribution Virus Worm
Non-Spreading
Dialer
Root-kit
Spyware
Trojan horse
Keylogger
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 4 / 12
Taxonomy II
Virus
Self-replicating
Needs a host to infect
Boot (Brain virus), overwrite, parasitic, cavity, entry point obfuscation,
code integration (W95/Zmist virus)
Worm
Self-replicating, spreads (autonomously) over network
Exploits vulnerabilities affecting a large number of hosts
Sends itself via email
e.g., Internet worm, Netsky, Sobig, Code Red, Blaster, Slammer
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 5 / 12
Taxonomy III
Trojan horse
Malicious program disguised as a legitimate software
Many different malicious actions
Spy on sensitive user data
Hide presence (e.g., root-kit)
Allow remote access (e.g., Back Orifice, NetBus)
Root-kit
Used to keep access to a compromised system
Usually hides files, processes, network connections
User- and kernel-level
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 6 / 12
Taxonomy III
Trojan horse
Malicious program disguised as a legitimate software
Many different malicious actions
Spy on sensitive user data
Hide presence (e.g., root-kit)
Let
Allowus haveaccess
remote a look
(e.g., at some
Back Orifice,numbers.
NetBus) . .
Root-kit
Used to keep access to a compromised system
Usually hides files, processes, network connections
User- and kernel-level
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 6 / 12
Q4 2012 Threats Report
Q4 2012 Threats Report Summary
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 8 / 12
Q4 2012 Threats Report Summary
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 8 / 12
Q4 2012 Threats Report Summary
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 8 / 12
Q4 2012 Threats Report Summary
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 8 / 12
Q4 2012 Threats Report (cont.)
Q4 2012 Threats Report Summary (cont.)
Figure : New Password Stealers Samples (Source: McAfee Q4 2012 Threats Report)
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 10 / 12
Q4 2012 Threats Report Summary (cont.)
Figure : Total Malicious Signed Binaries (Source: McAfee Q4 2012 Threats Report)
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 10 / 12
Q4 2012 Threats Report Summary (cont.)
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 10 / 12
Q4 2012 Threats Report Summary (cont.)
Figure : Leading Global Botnet Infections (Source: McAfee Q4 2012 Threats Report)
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 10 / 12
Q4 2012 Threats Report Summary (cont.)
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 10 / 12
Q4 2012 Threats Report Summary (cont.)
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 10 / 12
Fighting Malware I
Foremost Goals
Understand malware behaviors
to (automatically) identify and classify families of malware
(to) automatically generate effective malware detection models
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 11 / 12
Fighting Malware II
(Week 1-3) Lorenzo Cavallaro (ISG@RHUL) Malware and its Underground Economy Apr 28, 2014Week 1-3 12 / 12