Академический Документы
Профессиональный Документы
Культура Документы
BITDEFENDER
INTRODUCTION
TO MALWARE
Andrei Rublenco
Enterprise Technical Trainer
Introduction to malware
1.1 What is malware
1.2 Malware history
1.3 Malware propagation
1.4 Malware types
1.5 Common malware characteristics
1.6 Prevention
1.7 Removal tools
INTRODUCTION TO MALWARE
WHAT IS MALWARE?
WHAT IS MALWARE?
Introduction to malware
The term “malware” stands for malicious software and defines a broad range of intrusive, hostile
software applications.
adware viruses
backdoors
MALWARE HISTORY
WHERE DID IT ALL START?
MALWARE HISTORY
o Brain 1986
Infected floppy disks
Slowed down floppy disk transfer
Replaced original boot sector
o Melissa 1999
Macro virus
Targeted office documents
Destroyed Excel documents
Ransomware techniques to recover lost data
o Sasser 2003
Exploited LSASS.EXE (Local Security Authority Subsystem Service)
Caused system shutdown caused by faulty code used in the worm
INTRODUCTION TO MALWARE
MALWARE PROPAGATION
MALWARE PROPAGATION
INTRODUCTION TO MALWARE
o Instant messaging
MALWARE TYPES
MALWARE TYPES
INTRODUCTION TO MALWARE
o Viruses
Self replicating program
Spreads by inserting copies of itself into other executables or documents
o Trojans (general)
Programs that appear to be legitimate, but in fact does something malicious
o Backdoor Trojans
Remote access tool (RAT) that allows a remote “operator” to control a system as if he has physical access to the
system
Usually works in client-server model (server – infected PC; client – remote operator)
MALWARE TYPES
INTRODUCTION TO MALWARE
o Trojan keylogger
Program that records the real time activity from a computer user (may include keystrokes, mouse
movements, entire session)
o Worms
Self-replicating program that stealthy spreads across computer networks and portable media
o Spyware
Software that collects computer users personal information (browsing especially) without the users ‘ willing
consent or knowledge and sending it to a third-party
o Adware
Primary function is to make revenue through advertising
Helps recover programming development costs and helps to hold down the cost for the user
Gives annoying pop-ups
o Botnet
A number of infected computers under the control of one or more attackers used for malicious purposes
MALWARE TYPES
INTRODUCTION TO MALWARE
o Ransomware
A form of malware in which rogue software holds a user’s data or entire computer “hostage” until a “ransom” fee is
paid
o Rogue software
Software that warns the users of infections or computer problems that do not exist in order to trick them into buying
the “full version” of the product
Sometimes installs other “trial” rogue software without the users consent
o Rootkits
Method of hiding different files (especially malware) from the Windows API so it can’t be detected / seen
o Polymorphic viruses
Virus capable of mutating itself when replicating, making it more difficult to identify the infection
Some mutate with each infections while others change with each generation
o Metamorphic viruses
Virus capable of rewriting its own code with each infection or generation of infections, while maintaining the same
functionality
INTRODUCTION TO MALWARE
COMMON MALWARE
CHARACTERISTICS
MALWARE CHARACTERISTICS
INTRODUCTION TO MALWARE
o The files are usually packed (encrypted or compressed) – they have a high entropy
INTRODUCTION TO MALWARE
PREVENTION
HOME PREVENTION
PREVENTION
o Use anti-virus, anti-spyware, antispam and firewall software on your computer and maintain them
updated with latest signatures.
o Do not install unknown software on your computer
o Do not download software or programs from unknown websites
o Do not click inside pop-up windows demanding you to install software or clean your infected computer,
even for closing them
o Do not download or use illegal or pirated software (when using double check the source)
o Scan all the removable media before using it on your system
o Do not read E-mails received from unknown persons (OK,everybody will read them but do not open the
attachments where we have: salary.exe or your-meeting-minutes.exe)
o Set your Internet Browser so that you are notified anytime a program attempts to download
o Always install operating system patches and critical updates
HOME PREVENTION
PREVENTION
o Investigate before providing personal information (the requester is really entitled to request this type of
information? Why? Where will he use it?)
o Avoid pubs and coffee shops for Internet usage (usually unsecured Internet connection)
o Use strong passwords for your accounts (letters, numbers, special characters)
o Avoid opening attachments or links from spam messages
o Always use passwords and encryption when configuring wireless networks
o Stay informed about the latest vulnerabilities
o Encrypt important and sensitive data, especially private information!
o Files with more than 1 extension (ex: .txt.vbs) are potentially harmful
o Recommended to only have only 1 antivirus program running at the same time
CORPORATE PREVENTION
PREVENTION
Internet Browsers are saving pieces of information while you are surfing the Internet (images, words used
for searches, even websites visited). This can be useful for cyber criminals to detect your browsing habits.
o Configure your Web Browser to allow cookies only for the site visited, not for web sites of the advertisers
o Block the Web Browser popup windows
o Do not install software within Web Browser (ex. Web Browser plugins)
o Always use upgraded Web Browser when surfing the Internet
o When performing online transactions use https:// not http:// websites
o Clean your browser temporary files and history after each session
o Don’t download free software advertised on web sites
o Toolbars often record the key words used for searches – clear the history
o Before you click on a link, hover over it see the URL to find out if it is pointing to the desired website.
INTRODUCTION TO MALWARE
REMOVAL TOOLS
REMOVAL TOOLS
INTRODUCTION TO MALWARE
Ever wondered which program has a particular file or directory open? Now you can find out. Process
Explorer shows you information about which handles and DLLs processes have been opened or loaded.
Features:
Displays a list of all running processes
Highlights packed executables
Can check digital signature and Virus Total database for running executables / libraries
Shows command line and autostart location (if available)
Find a window’s process
AUTORUNS
REMOVAL TOOLS
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor,
shows you what programs are configured to run during system bootup or login and shows you the entries in
the order that Windows processes them.
Features:
Shows all auto start entries and their path (except rootkits – those are hidden)
Verifies the digital signatures of the entries and highlights unsigned files
Shows application parameters (e.g. malware running through rundll.exe)
Displays entries for all users on a computer
Can analyze an offline system
GMER
REMOVAL TOOLS
GMER is an application that detects and removes rootkits and other malware.
It scans for:
Hidden processes
Hidden threads
Hidden modules
Hidden services
Hidden files
Hidden disk sectors (MBR)
Hidden alternate data streams
Hidden registry keys
Drivers hooking SSDT, IDT and IRP calls
Inline hooks
BDSYS LOG
REMOVAL TOOLS
BDSYS LOG is an application that generates a report packed in a password protected archive on the user’s
desktop. The tool is not used for malware removal, but only to identify threats.
BITDEFENDER RESCUE CD
REMOVAL TOOLS
Bitdefender Rescue CD is a free bootable antivirus scanner based on XUbuntu Linux OS.
Features:
Virus definitions update
Virus scanner
Offline system analysis without any restrictions
Integrated TeamViewer