Malicious Software

Hoang Thi Kieu Hoa

Faculty of Information Technology, Hanoi University
 Contents
1. Malware
2. Usage of Malware
3. Types of Malware
4. How Malware Spreads?
5. How Can You Protect Computer?
6. Symptoms
7. Anti-Malware Program
 Malicious Software
Malicious software, or malware: A is software used or
created to disrupt computer operation, gather sensitive
information, or gain access to private computer systems.
It can appear in the form of code, scripts, active content,
and other software.
'Malware' is a general term used to refer to a variety of
forms of hostile, intrusive, or annoying software
 Usage of Malware
Many early infectious programs, including the first
Internet Worm, were written as experiments or pranks.
Today, malware is used primarily to steal sensitive
personal, financial, or business information for the
benefit of others.
Malware is sometimes used broadly against
government or corporate websites to gather guarded
information, or to disrupt their operation in general.
However, malware is often used against individuals to
gain personal information such as social security
numbers, bank or credit card numbers, and so on
 Types of Malware
Viruses
Trojan horses
Worms
Spyware
Zombie
Phishing
Spam
Rootkit
Types of Malware - Viruses
A program or piece of code that is loaded onto your
computer without your knowledge and runs against
your wishes.
Viruses can also replicate themselves.
All computer viruses are manmade.
Viruses copy themselves to other disks to spread to
other computers.
They can be merely annoying or they can be vastly
destructive to your files.
Types of Malware - Viruses
Examples of computer viruses are:
– Macro virus
– Boot virus
– Logic Bomb virus
– Directory virus
– Resident virus
– Email Virus
 Macro Virus
Common in mid-1990s since
Platform independent
Infect documents
Easily spread
Exploit macro capability of office apps
Executable program embedded in office docs
More recent MS office releases include protection
Recognized by many anti-virus programs
 E-Mail Viruses
Recent development
Example: Melissa
 Exploits MS Word macro in attached doc
 If attachment opened, macro activates
 Sends email to all on users address list and does local
damage
Newer versions triggered by just opening email (rather
than attachment) ⇒ Much faster propagation
 Logic Bomb Virus
One of oldest types of malicious software
Code embedded in legitimate program
Activated when specified conditions met
 E.g., presence/absence of some file
 Particular date/time
 Particular user
When triggered typically damages the system
 Modify/delete files/disks, halt machine, et
 Types of Malware - Trojan Horse

 A Trojan Horse program has the appearance of having a

useful and desired function.
 A Trojan Horse neither replicates nor copies itself, but
causes damage or compromises the security of the computer.
 A Trojan Horse must be sent by someone or carried by
another program and may arrive in the form of a joke
program or software of some sort.
 These are often used to capture your logins and passwords.
 Example of Trojan Horses
Remote access Trojans (RATs)
Backdoor Trojans (backdoors)
IRC Trojans (IRCbots)
Keylogging Trojans.
 Backdoor or Trapdoor
Secret entry point into a program
Allows those, who know, access bypassing usual
security
procedures
Commonly used by developers
A threat when left in production programs
Allowing exploitation by attackers
Very hard to block in O/S
Requires good s/w development & update
 Types of Malware - worms
Replicating program that transfer over net
Using email, remote exe, remote login
Has phases like a virus:
Dormant, propagation, triggering, execution
Propagation phase: searches for other systems, connects to it,
copies self to it and runs
May disguise itself as a system process
Some kinds of Worms:
 Internet Worms
 Email Worms
 Instant Messaging Worms
 File – Sharing Worms
 Mobile Phone Worms
First appeared on mobile phones in 2004
Target smartphone which can install s/w
They communicate via Bluetooth or MMS
To disable phone, delete data on phone, or send
premium-priced messages
CommWarrior: Launched in 2005
Replicates using Bluetooth to nearby phones and via
MMS using address-book numbers
 Examples of Worms
The Morris Worm  launched in 1988 by Robert Morris, an American student
who wanted to discover how big the internet really was. To do this, he
launched a few dozen lines of code, but he didn’t know that the code was
riddled with bugs that would cause a variety of problems on affected hosts.
The result was thousands of overloaded computers running on UNIX and a
financial damage ranging between $10 million and $100 million.
The Storm Worm is an email worm launched in 2007. Victims would receive
emails with a fake news report about a storm wave that had already killed
hundreds of people across Europe. More than 1.2 billion of these emails were
sent over the course of ten years in order to create a botnet that would target
popular websites. Experts believe that there are still at least a million infected
computers whose owners don’t know that they are part of a botnet.
SQL Slammer was unique in that it didn’t utilize any of the traditional
distribution methods. Instead, it generated a number of random IP addresses
and sent itself out to them in hopes that they weren’t protected by antivirus
software. Soon after it hit in 2003, the result was more than 75,000 infected
computers unknowingly involved in DDoS attacks on several major websites.
Types of Malware - Spyware
Spyware is a type of malware installed on computers
that collects information about users without their
knowledge.
The presence of spyware is typically hidden from the
user and can be difficult to detect.
Spyware programs hide on your computer to steal
important information, like your passwords and logins
and other personal identification information and then
send it off to someone else.
 Types of Malware - Spyware
Adware:
common type of spyware mainly used by advertisers.
records your web surfing habits to gather information.
used to direct marketing pop-ups and spam email.
Keyboard Logger:
Record PIN, password, credit card
used to access systems and commit identity theft and fraud
Modem Hijacker
tie into your phone line to make unauthorized calls
Browser hijacker
 spyware effects your Internet access by resetting your
homepage and bookmarks
Types of Malware - Phishing
Phishing (pronounced like the word 'fishing') is a
message that tries to trick you into providing
information like your social security number or bank
account information or logon and password for a web
site.
The message may claim that if you do not click on the
link in the message and log onto a financial web site
that your account will be blocked, or some other
disaster.
 Types of Malware - Spam
Spam is email that you
did not request and do
not want.
One person's spam is
another's useful
newsletter or sale ad.
Spam is a common way
to spread viruses,
Trojans, and the like.
 Distributed Denial of Service Attacks
(DDoS) /Zombie
Zombie programs take control of your computer and
use it and its Internet connection to attack other
computers or networks or to perform other criminal
activities
Making networked systems unavailable by flooding
with useless traffic using large numbers of “zombies”
Zombie is an action that prevents or impairs the
authorized use of networks, systems, or applications by
exhausting resources such as central processing units
(CPU), memory, bandwidth, and disk space.
Type of malware - Rootkit
A rootkit is a malicious software that allows an
unauthorized user to have privileged access to a
computer
A rootkit may contain a number of malicious tools
such as keyloggers, banking credential stealers,
password stealers, antivirus disablers, and bots for
DDoS attacks.
This software remain hidden in the computer and
allow the attacker remote access to the computer
Discussion Questions
1. How Malware Spreads?
2. What are Malware Damages?
3. What are Symptoms of Malware?
4. How Can You Protect Your Computer?