Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to...

Security+ Guide to Network

Security Fundamentals, Third

Edition

Chapter 2

Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition

Objectives

• Define Malicious Software (Malware)

• Describe the different types of Malware:

– Infecting Malware (viruses and worms)

– Concealing Malware (trojan horses, rootkits, logic

bombs, and priviledge escalation)

– Malware for Profit (spams, spyware, and botnets)

2


Software-Based Attacks

• Malicious software, or malware

– Software that enters a computer system without the

owner’s knowledge or consent

– Malware is a general term that refers to a wide variety

of damaging or annoying software

• The three primary objectives of malware

– To infect a computer system

– Conceal the malware’s malicious actions

– Bring profit from the actions that it performs

3


Infecting Malware

• Viruses

– Programs that secretly attach to another document or

program and execute when that document or program

is opened

– Once a virus infects a computer, it performs two

separate tasks

• Replicates itself by spreading to other computers

• Activates its malicious payload

– Cause problems ranging from displaying an annoying

message to erasing files from a hard drive or causing

a computer to crash repeatedly

4


Infecting Malware (continued)

5



• Types of computer viruses

– File infector virus

– Resident virus

– Boot virus

– Companion virus

– Macro virus

– Metamorphic viruses

– Polymorphics viruses

6



• Worm

– Program designed to take advantage of a vulnerability

in an application or an operating system in order to

enter a system

– Worms are different from viruses in two regards:

• A worm can travel by itself

• A worm does not require any user action to begin its

execution

– Actions that worms have performed: deleting files on

the computer; allowing the computer to be remote-

controlled by an attacker

7


Concealing Malware

• Trojan Horse (or Trojan)

– Program advertised as performing one activity that but

actually does something else

– Trojan horse programs are typically executable

programs that contain hidden code that attack the

computer system

• Rootkit

– A set of software tools used by an intruder to break

into a computer, obtain special privileges to perform

unauthorized functions, and then hide all traces of its

existence

8


Concealing Malware (continued)

• Rootkit (continued)

– The rootkit’s goal is to hide the presence of other

types of malicious software

– Rootkits function by replacing operating system

commands with modified versions

• That are specifically designed to ignore malicious

activity so it can escape detection

– Detecting a rootkit can be difficult

– Removing a rootkit from an infected computer is

extremely difficult

• You need to reformat the hard drive and reinstall the

operating system 9



• Logic bomb

– A computer program or a part of a program that lies

dormant until it is triggered by a specific logical event

– Once triggered, the program can perform any number

of malicious activities

– Logic bombs are extremely difficult to detect before

they are triggered

10

Security+ Guide to Network Security Fundamentals, Third Edition 11



• Privilege escalation

– Exploiting a vulnerability in software to gain access to

resources that the user would normally be restricted

from obtaining

– Types of privilege escalation:

• When a user with a lower privilege uses privilege

escalation to access functions reserved for higher

privilege users

• When a user with restricted privileges accesses the

different restricted functions of a similar user

12


Malware for Profit

• Spam

– Unsolicited e-mail

– Sending spam is a lucrative business

– Costs involved for spamming:

• E-mail addresses

• Equipment and Internet connection

– Text-based spam messages can easily by trapped

by special filters

– Image spam uses graphical images of text in order to

avoid text-based filters

13


Malware for Profit (continued)

• Other techniques used by spammers include:

– GIF layering

– Word splitting

– Geometric variance

15



• Image spam cannot be easily filtered based on the

content of the message

• To detect image spam, one approach is to examine

the context of the message and create a profile,

asking questions such as:

– Who sent the message?

– What is known about the sender?

– Where does the user go if she responds to this e-

mail?

– What is the nature of the message content?

– How is the message technically constructed? 19



• Spyware

– A general term used for describing software that

imposes upon a user’s privacy or security

• Antispyware Coalition defines spyware as:

– Technologies that are deployed without the user’s

consent and weaken the user’s control over:

• Use of their system resources, including what programs

are installed on their computers

• Collection, use, and distribution of their personal or

other sensitive information

• Material changes that affect their user experience,

privacy, or system security

20


• Spyware has two characteristics that make it very

dangerous

– Spyware creators are motivated by profit

• Spyware is often more intrusive than viruses, harder

to detect, and more difficult to remove

– Spyware is not always easy to identify

• Spyware is very widespread

• Although attackers use several different spyware

tools

– The two most common are adware and keyloggers

Security+ Guide to Network Security Fundamentals 21



• Adware

– A software program that delivers advertising content

in a manner that is unexpected and unwanted by the

user

• Adware can be a security risk

– Many adware programs perform a tracking function

• Monitors and tracks a user’s activities

• Sends a log of these activities to third parties without

the user’s authorization or knowledge

23



• Keylogger

– A small hardware device or a program that monitors

each keystroke a user types on the computer’s

keyboard

– As the user types, the keystrokes are collected and

saved as text

• As a hardware device, a keylogger is a small device

inserted between the keyboard connector and

computer keyboard port

24



• Software keyloggers

– Programs that silently capture all keystrokes,

including passwords and sensitive information

– Hide themselves so that they cannot be easily

detected even if a user is searching for them

26



• Botnets

– When hundreds, thousands, or even tens of

thousands of zombie computers are under the control

of an attacker

– Zombie: An infected computer with a program that will

allow the attacker to remotely control it

– Attackers use Internet Relay Chat (IRC) to remotely

control the zombies

– Attacker is knows as a bot herder

28


Summary

• Malicious software (malware) is software that enters

a computer system without the owner’s knowledge or

consent

• Infecting malware includes computer viruses and

worms

• Ways to conceal malware include Trojan horses

(Trojans), rootkits, logic bombs, and privilege

escalation

• Malware with a profit motive includes spam, spyware,

and botnets

30

Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to...

Documents

Transcript of Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to...