Security: Mal-Ware

1
Security Mal-Ware

• Vainstein Maxim Emanuel Hahamov
• Seminar in Software Design 2005/6, CS, Hebrew
  University

2
Malicious Software Definition

• Technologies deployed without appropriate user
  consent and/or implemented in ways that impair
  user control over
• Material changes that affect their user
  experience, privacy, or system security
• Use of their system resources, including what
  programs are installed on their computers and/or
• Collection, use, and distribution of their
  personal or other sensitive information.
• Anti-Spyware Coalition, Working Report
  October 27, 2005

3
Computer Virus Timeline

• 1949 Theories for self-replicating programs are
  first developed.
• 1960 Experimental self-replicating programs were
  first produced.
• 1981 Apple Viruses 1, 2, and 3 are some of the
  first viruses in the wild,
• or in the public domain. Found on the Apple II
  operating system, the
• viruses spread through Texas AM via pirated
  computer games.
• 1983 Fred Cohen, while working on his
  dissertation, formally defines a
• computer virus as a computer program that can
  affect other computer
• programs by modifying them in such a way as to
  include a (possibly
• evolved) copy of itself.
• 1986 Two programmers named Basit and Amjad
  replace the executable
• code in the boot sector of a floppy disk with
  their own code designed to
• infect each 360kb floppy accessed on any drive.

4
Computer Virus Timeline Cont.

• 1987 The Lehigh virus, one of the first file
  viruses, infects command.com files.
• 1988 One of the most common viruses, Jerusalem,
  is unleashed. Activated every Friday the 13th,
  the virus affects both .exe and .com files and
  deletes any programs run on that day. MacMag and
  the Scores virus cause the first major Macintosh
  outbreaks.
• 1990 Symantec launches Norton AntiVirus, one of
  the first antivirus programs developed by a large
  company.
• 1991 Tequila is the first widespread polymorphic
  virus found in the wild. Polymorphic viruses make
  detection difficult for virus scanners by
  changing their appearance with each new
  infection.

5
Motives of Malicious Coders

• Fun / Hobbyists
• Fame And Fortune
• Experienced Coders Pushing the Envelope (Security
  Forum)
• The Disgruntled Loner (Criminals)

6
Underlying Technology

• Tracking Software
• Advertising Display Software
• Remote Control Software
• Dialing Software
• System Modifying Software
• Security Analysis Software
• Automatic Download Software
• Passive Tracking Technologies

7
Tracking Software

• Used to monitor user behavior or gather
  information about the user, sometimes including
  personally identifiable or other sensitive
  information.
• Spyware / Snoopware
• Keylogger (Unauthorized)
• Screen Scraper (Unauthorized)

8
Advertising Display Software

• Any program that causes advertising content to be
  displayed.

9
Remote Control Software

• Used to allow remote access or control of
  computer systems
• Backdoors
• Botnets (a jargon term for a
• collection of software robots, or
• bots, which run autonomously)
• Droneware (Programs
• used to take remote control of
• a computer and typically use to
• send spam remotely or to host
• offensive web images)

10
Dialing Software

• Used to make calls or access services through a
  modem or Internet connection.
• Unauthorized Dialers

11
System Modifying Software

• Used to modify system and change user experience
  e.g. home page, search page, default media
  player, or lower level system functions
• Hijackers
• Rootkits
• Exploit

12
Security Analysis Software

• Used by a computer user to analyze or circumvent
  security protections
• Hacker Tools (including port scanners)

13
Automatic Download Software

• Used to download and install software without
  user interaction
• Trickles

14
Passive Tracking Technologies

• Used to gather limited information about user
  activities
• without installing any software on the users
  computers
• Unauthorized Tracking Cookies

15
Detection Protection

• Antivirus
• Firewall
• Antispyware
• Gateway (VPN, Proxy, Router etc)
• Advanced Techniques

16
Antivirus

• Symantec AV (NAV)
• AVG
• Kaspersky AV
• Avast AV
• McAfee AV
• NOD32 AV
• E-Trust AV
• Trend Micro AV
• Panda AV
• Free Online Scan (All AVs)

17
Firewall

• Zone Alarm
• Sygate
• Kerio Personal FW
• Windows FW (XP-SP2)
• Norton Internet Security
• Tiny Personal FW
• Outpost

18
Antispyware

• MS Windows Antispyware
• AdAware SE Personal
• Spyware Doctor
• A-Square (a2)

19
Antivirus vs. Antispyware

• Antispyware systems deals with groups of not so
  harmful, but really annoying pests. Such file,
  like annoying and unwanted toolbars, is the main
  aim of such type security system. Antispyware
  simply ignores destructive viruses (just like
  antiviral systems ignore spyware) and
  concentrates on detecting spies, pop-ups,
  tracking cookies and other junk, which sometimes
  may harm the infected PC.

20
Gateway

• NAT / Router
• (Network Address Translation)
• ADSL Alcotel
• Windows 2000/2003 Server
• VPN (Virtual Private Network)
• Checkpoint VPN-1
• Cisco VPN
• Instant VPN
• Win-Gate VPN
• Proxy

21
Advanced Techniques

• Group Policy Management
• Windows 2000/2003 Domain Server
• Intrusion Detection Systems (IDS)
• Cisco IPS Sensor Software
• DMZ (Demilitarized Zone / Virtualization)
• VE2 / VELITE SecureOL
• Shadow User
• VMWare / MS Virtual PC
• SandBox
• Terminal Servers