Chapter 5: Malware

Computer Security Fundamentals

Chapter 5: Malware

Author: Dr. Chuck Easttom
Chapter Objectives

  • Understand viruses (including worms) and their propagation methods.

    • Review famous viruses: WannaCry, Pegasus, Titanium.

  • Acquaintance with specific virus outbreaks.

  • Dynamics of virus scanners.

  • Comprehension of Trojan horses and their functioning.

  • Familiarity with specific Trojan horse attacks.

  • Understanding ransomware and current trends.

  • Grasping the concept of buffer-overflow attacks.

  • Insight into spyware and its entry points into systems.

  • Ability to defend against various attacks through effective practices, antivirus, and antispyware software.

Introduction to Malware

  • Overview of virus outbreaks:

    • How they work, why they succeed, and how they are deployed.

  • Other notable malware forms:

    • Buffer-overflow attacks and spyware.

Understanding Viruses

  • Definition of a Computer Virus:

    • Self-replicating programs capable of rapidly spreading across networks.

    • Potential to diminish the functionality and responsiveness of a network.

    • May carry a malicious payload or be benign.

Virus Propagation Methods

  • How a Virus Spreads:

    • Network Connection:

    • Copies itself to additional hosts, requiring programming skills.

    • Email Transmission:

    • Sends itself to contacts in the host's address book, requiring less technical skill.

    • This is the most frequent infection pathway.

Types of Viruses

  • Classification of Computer Viruses:

    • Macro viruses.

    • Boot sector viruses.

    • Multi-partite viruses.

    • Memory resident viruses.

    • Armored viruses.

    • Sparse infectors.

    • Polymorphic viruses.

    • Metamorphic viruses.

Notable Virus Examples

  • List of Noteworthy Viruses:

    • Black Basta

    • Titanium

    • WannaCry

    • Petya

    • Shamoon

    • Rombertik

    • Gameover ZeuS

    • CryptoLocker and CryptoWall

    • IoT Malware

    • Mindware

    • Thanatos

    • Clop (or CL0p)

    • FakeAV

    • MacDefender

    • Kedi RAT

    • Sobig

    • Shlayer

    • Mimail

    • Flame

Virus Prevention Guidelines

  • Rules for Avoiding Viruses:

    • Implement the use of reliable virus scanners.

    • Avoid opening suspicious email attachments:

    • Use a predefined code word for transferring safe attachments.

    • Do not trust unsolicited “security alerts.”

Trojan Horses

  • Definition of Trojan Horses:

    • Seemingly harmless programs that harbor malicious functionality.

  • Capabilities of a Trojan Horse:

    • Can download harmful software.

    • Install keyloggers or spyware.

    • Delete files.

    • Create backdoors for unauthorized access.

    • Can be custom-made for individual targets.

  • Company Policy Recommendation:

    • Strict prohibition against unauthorized downloads.

Buffer-Overflow Attack

  • Definition:

    • Involves inputting more data into a buffer than it can handle, leading to data overflow.

  • Prevention Techniques:

    • Developers can ensure overflow is rejected or truncated through thorough application design.

  • Execution Complexity:

    • More difficult to execute compared to Denial of Service (DoS) attacks or simple script-based viruses.

    • Requires expert knowledge of programming languages like C or C++.

    • Most modern operating systems and web servers mitigate susceptibility.

Spyware

  • Definition and Deployment:

    • Requires significant technical expertise and is often customized for specific targets.

  • Forms of Spyware:

    • Web cookies.

    • Keyloggers.

  • Legitimate Uses: (With Ethical Implications)

    • Monitoring by employers.

    • Parental control over children's internet use.

Other Forms of Malware

  • Rootkits:

    • A suite of tools enabling a hacker to disguise an intrusion and secure administrative-level access.

    • Functionalities include:

    • Traffic and keystroke monitoring.

    • Creating system backdoors.

    • Altering log files and existing system tools to avoid detection.

  • Malicious Web-Based Code:

    • Also recognized as web-based mobile code, functional across various platforms (e.g. HTTP, Java).

    • Poorly scripted code often results from rushed development.

  • Logic Bombs:

    • Activate malicious actions once specified conditions are met, frequently tied to date/time.

  • Spam:

    • Unwanted, unsolicited emails usually aimed at mass marketing.

  • Advanced Persistent Threats (APTs):

    • Employs advanced techniques rather than simple script kiddie methods.

    • Represents ongoing attacks sustained over long durations.

  • Deep Fakes:

    • Emerging technology creating hyper-realistic videos that can deceive viewers.

    • Although not directly harmful to devices, they may create societal disruptions.

Detecting and Eliminating Viruses and Spyware

  • Antivirus Software Functionality:

    • Operates by:

    • Scanning for virus signatures and maintaining updated signature files.

    • Monitoring executable behaviors such as:

      • Self-replication efforts.

      • Attempts to access email address books.

      • Modifying Windows Registry settings.

    • Notable examples include Norton and McAfee.

  • Anti-Malware and Machine Learning Enhancements:

    • Machine learning applications contribute significantly to malware defense.

    • Notable antivirus products utilizing machine learning:

    • Cylance Smart Antivirus

    • Deep Instinct D-Client

    • Avast Antivirus

Summary

  • Overview of malware variety and the necessity of computer security to protect personal data and intellectual property.

  • Acknowledgment that many attacks are preventable.

  • Emphasis on employing solid defense strategies together with antivirus and antispyware software to mitigate risks.