Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total ...
-
Upload
jason-wood -
Category
Documents
-
view
214 -
download
0
Transcript of Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total ...
![Page 1: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/1.jpg)
![Page 2: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/2.jpg)
Outline
Infections 1) r57 shell 2) rogue software
What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox
Prevention 1) Personal Software Inspector 2) Network Software Inspector
![Page 3: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/3.jpg)
![Page 4: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/4.jpg)
![Page 5: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/5.jpg)
![Page 6: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/6.jpg)
![Page 7: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/7.jpg)
![Page 8: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/8.jpg)
![Page 9: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/9.jpg)
![Page 10: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/10.jpg)
![Page 11: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/11.jpg)
![Page 12: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/12.jpg)
![Page 13: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/13.jpg)
![Page 14: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/14.jpg)
![Page 15: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/15.jpg)
![Page 16: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/16.jpg)
![Page 17: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/17.jpg)
![Page 18: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/18.jpg)
![Page 19: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/19.jpg)
Basic Steps for an Infection Save all important data Best: Wipe the machine-do a fresh
install If this is not possible- then try to clean
it Change all passwords Install latest anti-virus software Apply all patches Turn on the Firewall Let the NSO know so we can search for
other compromised machines
![Page 20: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/20.jpg)
Advanced Steps for an Infection SecCheck Virus Total Malware Analysis:1.Norman Sandbox2.Anubis3.CWSandbox4.Threat Expert
![Page 21: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/21.jpg)
Different Types of Infections Virus – Relies on users to spread:
email attachments, links in an email Worm – can spread on its own Trojan – A malicious file that appears
to be legitimate Bot – A worm that phones home to a
Command & Controller so the attacker can give it instructions
![Page 22: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/22.jpg)
What Do Most Infections Do? Send Spam Scan the network Attack other machines – called a DDOS
(Distributed Denial of Service) attack Run a distribution server for malicious
files: web server or ftp server Set up a Phishing site Act as a proxy for other malicious traffic Download spyware and adware to the
machine Run a keylogger
![Page 23: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/23.jpg)
Guidelines for Attempting to Clean a Machine Install an AV tool like Symantec Anti-
Virus Corporate Edition with the latest signatures and run a full scan
Other techniques/tools: Seccheck (Windows) netstat –anb (Windows command line) lsof (Linux) Ultimate Boot CD for Windows (UBCD) Sysinternals Suite (Windows GUI)
![Page 24: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/24.jpg)
Spam Proxys and SecCheck
Lawrence Baldwin is the author of seccheck and owner of mynetwatchman.com
He was directly involved in taking down a spam botnet which was responsible for sending out 5-10% of the mail on the Internet =~ about 2-10 billion spam messages per day
![Page 25: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/25.jpg)
SecCheck continued
Windows forensic tool Aids in the detection and removal
of malicious software Passive Runs in about three-six minutes Send me the URL for the report
and I can help analyze it
![Page 26: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/26.jpg)
STC Josh Leibner after running SecCheck“I'm pretty baffled as to why AV,
HijackThis, and AdAware didn't catch any of this. I'll set up another appointment with the student so that I can more thoroughly clean the computer.”
![Page 27: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/27.jpg)
Actual Reports for WashU IPs http://sc.mynetwatchman.com/seccheck/Submissio
nStatus.jsp?submissionID=190837b316eedbd6aab02db074f67a77
http://sc.mynetwatchman.com/seccheck/SubmissionStatus.jsp?submissionID=76a554a590f845d26fc06274d5a847c8
http://sc.mynetwatchman.com/seccheck/SubmissionStatus.jsp?submissionID=4d7ab225b5f447f6346db1f4733bbac6
http://sc.mynetwatchman.com/seccheck/SubmissionStatus.jsp?submissionID=70c2f42b966fe39baf6478595d92403b
http://sc.mynetwatchman.com/seccheck/SubmissionStatus.jsp?submissionID=7bc71e08adf1cf344d1689ac7a0d08a9
![Page 28: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/28.jpg)
![Page 29: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/29.jpg)
![Page 30: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/30.jpg)
![Page 31: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/31.jpg)
![Page 32: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/32.jpg)
Use A Tool to Check for Third Party Software Vulnerabilities Like Secunia’s PSI or NSI
![Page 33: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/33.jpg)
![Page 34: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/34.jpg)
![Page 35: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/35.jpg)
![Page 36: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/36.jpg)
![Page 37: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/37.jpg)
![Page 38: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/38.jpg)
![Page 39: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/39.jpg)
![Page 40: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/40.jpg)
Useful Links:
http://www.virustotal.com/ http://www.norman.com/microsites/n
sic/ http://anubis.iseclab.org/index.php http://www.cwsandbox.org/ http://www.mynetwatchman.com/
tools/sc/ http://technet.microsoft.com/en-us/
sysinternals/default.aspx http://www.ubcd4win.com/
![Page 41: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/41.jpg)
Contact Information And More Useful Links http://nso.wustl.edu – NSO website If you have a computer security incident email the
NSO at [email protected] or directly to me at [email protected]
http://www.wustl.edu/policies/compolcy.html - WashU Computer Policy
www.mynetwatchman.com/tools/sc/ - Seccheck www.ubcd4win.com – Ultimate Boot CD for Windows www.antiphishing.org – Phishing Information mozilla.com – Download Firefox http://www.microsoft.com/athome/security/
spyware/software/default.mspx - Microsoft Defender
![Page 42: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/42.jpg)
Watch Out For Malicious links and attachments Links to phishing and hacking sites, as
well as malicious files, can arrive by email, instant message, web page, etc.
Know your source! Verify before clicking. Don’t open anything unexpected. ~100 users were removed from the
network for days because of a bot infection transmitted through an AIM link
![Page 43: Outline Infections 1) r57 shell 2) rogue software What Can We Do? 1) Seccheck 2) Virus total 3) Sandbox Prevention 1) Personal Software.](https://reader031.fdocuments.in/reader031/viewer/2022013004/56649e155503460f94afea08/html5/thumbnails/43.jpg)
Use it to identify:PhishingMalicious linksAnd to protect personal information!