Study Notes for Computer Security and Ethical Hacking

Computer Security and Ethical Hacking (CST 3535 W3)

Overview

  • Lecturer: Dr. Shahedur Rahman

  • Faculty: Science and Technology

Learning Objectives

  • Understand malware threats

  • Comprehend the basic operations of viruses, worms, and Trojans

  • Explore methods of malware propagation

  • Identify categories of malware payloads

  • Discuss propagation mechanisms utilized by viruses, worms, and Trojans

  • Understand countermeasure mechanisms against malware

Malware

  • Definition: Malware refers to programs planted by an agent with malicious intent, aimed at causing unanticipated or undesired effects.

Types of Malware

  1. Virus

    • A program that can replicate itself and spread malicious code to other nonmalicious programs by modifying them.

  2. Worm

    • A standalone program that spreads copies of itself across networks.

  3. Trojan Horse

    • Code that, while performing its intended function, also has a hidden malicious effect.

Harm from Malicious Code

  • Harm to Users and Systems:

    • Sending unsolicited emails to user contacts.

    • Deleting or encrypting files.

    • Modifying system information (e.g., Windows registry).

    • Stealing sensitive information (e.g., passwords).

    • Attaching malware to critical system files.

    • Hiding copies of malware in multiple locations.

  • Harm to the World:

    • Some malware has been known to infect millions of systems, spreading at a geometric rate.

    • Infected systems can serve as staging areas for leveraging new infections.

Transmission and Propagation

  • Propagation Methods:

    • Setup and installer programs.

    • Attachments in emails or documents.

    • Autorun features in devices and media.

    • Infection via nonmalicious programs (e.g., appended, surrounded, integrated viruses).

Virus Overview

  • Definition: A piece of software that infects programs, modifies them to include a copy of the virus, replicates, and spreads to other content.

  • Characteristics:

    • Easily spreads in network environments.

    • Executes secretly when the host program is run.

    • Specific to particular operating systems and hardware, exploiting vulnerabilities.

Virus Classifications

  1. Classification by Target:

    • Boot Sector Infector: Infects master boot records and spreads when the system boots the infected disk.

    • File Infector: Infects files that are executable according to the operating system.

    • Macro Virus: Infects documents with macro or scripting code.

    • Multipartite Virus: Infects files in multiple ways.

    • Stealth Virus: Designed to evade detection by antivirus software.

    • Polymorphic Virus: Mutates with each infection.

    • Metamorphic Virus: Completely rewrites itself during each iteration.

  2. Virus Components:

    • Infection Vector: The means by which a virus spreads.

    • Trigger: An event or condition that activates the payload.

    • Payload: The damaging activity executed by the virus upon activation.

Macro and Scripting Viruses

  • NISTIR 7298 Definition: A macro virus attaches itself to documents, utilizing the macro programming capabilities of the application to execute and propagate.

  • Threat Factors:

    • Platform independence.

    • Infection of user documents rather than executable codes.

    • High ease of modification compared to traditional viruses.

Worms

  • Definition: Malware that actively seeks additional machines to infect, with each infected machine acting as a launchpad for further spread.

  • Propagation Mechanisms:

    • Exploits vulnerabilities in client/server software.

    • Utilizes network connections.

    • Spreads through shared media (USB drives, CDs, DVDs).

    • E-mail-based propagation via macro or script attachments.

  • Historical Example:

    • The Morris Worm (1988) was one of the earliest significant worm infections affecting UNIX systems, exploiting various vulnerabilities.

Case Study: WannaCry Ransomware Attack

  • Incident: In May 2017, WannaCry quickly infected hundreds of thousands of systems worldwide—targeting unpatched Windows systems by exploiting the SMB file-sharing service.

  • Mechanism: Aggressive scanning of local and remote networks; momentarily halted by a “kill-switch” domain activation by a security researcher.

  • Consequences: Encrypted files with a ransom demand in Bitcoin.

Additional Malware Types

Drive-by Downloads

  • Infect systems by exploiting browser and plugin vulnerabilities through malicious web pages.

Watering-Hole Attacks

  • Involve compromising websites frequented by targeted victims to exploit vulnerabilities.

Malvertising

  • Places malware within ads on websites, enabling infection of visitors without site compromise.

Clickjacking

  • Also known as User Interface (UI) Redress Attack, it tricks users into performing unintended actions.

  • Mechanism: Multiple layers to reroute clicks away from intended targets.

Social Engineering

  • Definition: The psychological manipulation of people to perform actions or divulge confidential information.

  • Spam is often a carrier for phishing attacks.

Payload Types

Ransomware

  • Threatens users by encrypting files and demanding ransom.

System Corruption Examples

  • Chernobyl Virus: Rewrites BIOS code.

  • Stuxnet Worm: Targets industrial control systems.

Attack Agents

  • Bots: Take over other computers, acting collectively as a botnet for attacks or information theft.

Information Theft Techniques

  1. Keyloggers: Capture keystrokes to monitor information like passwords.

  2. Spyware: Monitors a range of activities, altering browsing content or redirecting requests.

  3. Phishing Attacks: Exploit users' trust to capture sensitive information through fake websites.

    • Spear-Phishing: Tailored attacks based on detailed information about the target.

Stealthing Mechanisms

  1. Backdoor/Trapdoor: Provides secret system access, bypassing security.

    • Maintenance hooks are examples used for debugging.

  2. Rootkits: Install a hidden set of programs maintaining covert access while subverting detection mechanisms.

Rootkit Classifications

  • Characteristics include: Persistent, Memory-based, User mode, Kernel mode, Virtual machine-based, External mode.

Summary

  • Review the various types of malicious software (malware).

  • Understand propagation vulnerabilities and stealth techniques used.

  • Familiarize with attack agents and information theft methodologies.

  • Engage with countermeasure techniques for protecting against malware attacks.

References

  • Stallings, William, and Brown, Lawrie. Fourth Edition.

  • Pfleeger, Charles P. Fifth Edition.