Malware and Social Engineering Attacks

Chapter 2

Malware

wide variety of damaging or annoying software that enters a computer system and performs unwanted actions.

Taxonomy of Malware

Spread, conceal, and profit

viruses

malicious computer code that reproduces itself on the same computer

infection

insert to a computer file/program; when infected program is launched the virus replicates itself by spreading to another file on same computer and activates its malicious payload.

virus actions

causes a computer to repeatedly crash, erase files from hard drive, make copies of itself to consume resources, turns off computers security settings, and reformat the hard disk drive.

virus spread

cannot automatically spread to another computer it relies on user actions to spread

Virus Program

infects executable files (.exe or .com)

Macro Virus

Take advtanage of the “trust” between the app and os

Resident

loaded into RAM each time computer is turned on & infects files opened by user or operating systems

Companion virus

Adds malicious copycat program to operating system

Worm

Malicious program, exploits application or operating systems vulnerability and sends copies of itself to other network devices

Worms may

Consume resources or leave behind a payload to harm infected systems

Trojans

program that does something other than advertised; typically executable programs contains hidden code that launches an attack

Logic Bomb

A computer code that lies dormant and difficult to detect before it is triggered

Backdoor

software code that circumvents normal security to give program access; common practice by developers and removed before deployment

Botnets

Computer is infected with program that allows it to be remotely controlled by attackers, infected computer called a zombie, and a groups of zombie computers together called botnet

Spamming

A botnet consisting of thousands of zombies enables an attacker to send massive amount of spam; some botnets can also harvest e-mail addresses

Spreading malware

Botnets can be used to spread malware and create new zombies and botnets; zombies have the ability to download and execute a file sent by the attacker

Attacking IRC networks

Botnets are often used for attacks against IRC network; the bot herder orders each botnet to connect a large number of zombies to the IRC network, which is flooded by service request and then cannot functions M

Manipulating online polls

Because each zombie has an unique internet protocol (IP) address, each "vote” by a zombie will have the same credibility as a vote cast by a real person; online games can be manipulated in a similar way

Denying services

Botnets can be flood a web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate request

Spyware

software that gathers information without user consent

Spyware effects

slows computer performance, causes systems instability, install new browsers menus or toolbars, place new shortcuts, hijack home page, increase pop-ups.

Adware

Program that delivers advertising content: in manner unexpected and unwanted by the user.

Adware downsides

may display objectionable content, pop-up ads slow computer or cause crashes, and unwanted ads can be a nuisance.

Keyloggers

Program that captures user’s keystrokes the information later retrieved by attacker. The attacker searches for user information. At times would look like a small hardware device or could be a software.

Social Engineering

Directly gathering information from individuals: Relies on the weaknesses of individuals, like trusting nature of indivduals. Psychological approaches & physical procedures.

Psychological approaches

persuade the victim to provide information or take action. Often involve impersonation, phishing, spam and hoaxes.

Impersonation

Attacker pretends to be someone else, a fictitious character

Phishing

Sending an email claiming to be from legitimate source & tries to trick user into giving private information

Pharming

automatically redirects user to fraudulent Web site

Spear phishing

Email messages target specific users

Whaling

Going after the “big fish” & targeting wealthy individuals

Vishing

Voice phishing

Spam

Unsolicited e-mail, one of the primary vehicles for distribution of malware

Spim

Targets instant messaging users

Image spam

uses graphical images of text, circumvents text-based filters, often contains nonsense text.

GIF layering

image spam divided into multiple images & layers make up one complete legible messages

Word splitting

Horizontally separating words & can still be read by human eye

Geometric variance

uses speckling and different colors so no two emails appear to be the same

Hoaxes

False warning or claim & may be first step in an attack

Dumpster diving

Digging through trash to find user information T

Tailgating

Following behind an authorized individual through an access door

Shoulder Surfing

form of social engineering attack where someone secretly observes another person private information