Trends and threats: Malware development - PowerPoint PPT Presentation

About This Presentation
Title:

Trends and threats: Malware development

Description:

Damage impact of modern malware. Damage to software and data (often security software) ... traffic analyzers and auditing tools to find these machines and ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 17
Provided by: snorrefa
Category:

less

Transcript and Presenter's Notes

Title: Trends and threats: Malware development


1
Trends and threats Malware development
  • A closer look at the changes in development of
    malicious software, and possible damage impact
    and damage limitation.
  • Snorre Fagerland
  • Senior Virus Analyst, Norman ASA

2
Malware on the way out
  • DOS viruses. Forget them. 50000 viruses or so,
    not a threat anymore.
  • Boot viruses. Still see them every once in a
    while, but not many new ones only the odd
    infected diskette from way back when.
  • Macro viruses. After dominating the picture from
    1995 to ca. 2000, macro viruses are now on the
    decline.

3
Malware still going strong
4
Email worms
These will be with us for the foreseeable
future. They are often combined with local area
network infection methods, which means that they
can be a real problem to get out of a corporate
network. They may come in large series of
variants. They are rapid to very rapid
spreaders. Even with good emergency response
mechanisms, a significant amount of people may be
infected in the early stages of an epidemic.
5
File infecting viruses
File infectors are still around to a large
extent. In addition, many classic email and P2P
worms also double as file infecting
viruses. File infectors may be hard to clean
perfectly.
6
Trojans that give unauthorized access
Example Subseven shown below.
7
Malware on the way up
8
Peer 2 peer worms
File sharing networks like Kazaa, Morpheus,
Limewire, Grokster etc now thoroughly infested.
Supova.H
Spybot.1_2 Pinfi.A
Loxar.C
Supova.E
Supova.A
Supova.I
9
Multi-component malware
From UNIX/Linux environment we have seen that
malware often comes as packages of many files.
This trend has now moved to Windows. Problem
Harder to analyse the interaction between many
files easier to change to avoid detection,
easier to get false alarms, harder to clean
properly.
10
Exploits (bugs that undermine security)
Malware will seek to use exploits they ease
spreading and give better access to resources.
The most well known are f.ex. those that enable
attachments to auto-execute in some
instances Content-Type audio/x-wav
namereadme.exe" ..or the DCOM RPC exploit used
for W32/Blaster. Note It is as always important
to keep software updated.
11
Damage impact of modern malware
  • Damage to software and data (often security
    software)
  • Reduction of system and network performance
    instability
  • Misuse of system (storage of pornography,
    pirated software, music and films), or
    participation in spam or DDOS schemes.
  • Loss of system control (deletion of admin shares
    and accounts)
  • Unauthorized access to sensitive data

12
Damage impact of modern malware, contd
  • Secondary impact
  • financial losses connected with investments in
    security systems and possible cleanup operations.
  • Loss of goodwill and business because of
    downtime, or public security breaches.

13
Damage limitation before infection
  • There is always a tradeoff between functionality
    and security. Be as secure as you can without
    severely limiting your ability to work.
  • Do not allow frivolous use of administrator
    accounts. No one needs to be constantly logged on
    as admin.
  • Have a plan in case of infection, and people in
    charge of executing it.

14
Damage limitation, contd
Use firewalls. Make sure all clients are updated.
Do not allow people to turn off the AV software.
Disallow rogue protocols (i.e. P2P
software). Keep control with shares. Back up
often. Use attachment limitations on the mail
servers, if possible.
15
Damage limitation after infection
  • DONT PANIC! Have centrally placed people lead
    cleanup operation, you may want to have AV
    consultants there as well.
  • Get all available information on the malware.
  • Small networks pull infected machines off net,
    clean manually aided by AV software.

16
Damage limitation, contd
Larger networks important to find the machines
that are spreading the infection. Use network
traffic analyzers and auditing tools to find
these machines and take them off the network if
possible isolate infected section of the net. If
suspicion of information security breach, back up
data and reinstall compromised systems with new
passwords etc. This may also need to be done in
the case of file infectors, where the infected
files may not be possible to clean perfectly.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Trends and threats: Malware development" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!