Malware

By: Lucas Scavone

April 16th, 2009

Topics

What is Malware?Why does Malware exist?Where does Malware come from?How does Malware effect me?How can I remove Malware infections?How can I prevent Malware infections?

What is Malware?

Malicious Software (Viruses, Trojans, Worms, Spyware)Small programs that run in the backgroundGenerally installed without consentNot always harmful, but almost never good

Some Examples

Why does Malware exist?

ProfitFraudData MiningLack of better things to do

Where does Malware come from?

Malicious scripts on websites that exploit security holes in browsers (Exploits)Security vulnerabilities in operating systems and other softwareSpam emails can contain attachments of MalwareSome Malware will download more Malwareonce installedP2P software downloads often contain MalwareCybercrime organizations (credit card fraud)

Exploits (Used on Vulnerabilities)

Security holes found in software, usually operating system, browser or email client basedMake use of “Buffer Overflow” and other attacks to execute arbitrary code at root level accessUsed to gain unauthorized access to machines in order to infect them with MalwareSeveral Malware variants will scan IP ranges for vulnerable ports and infect any machines found automatically (Blaster Worm).

Buffer Overflow

Caused by unchecked buffer sizes being assigned values that “overflow” into the next memory space.This generally causes the code to be executed with root level permissions by the machine code interpreterUsually causes host application being overflowed to crash due to code being overwritten in memory

Crash caused by initial Blaster worm infection

How does Malware affect me?

Can cause performance decrease in computerCan be used to steal user information

Credit Cards, Passwords, Banking informationCan be used to send spam from your computerCan be used to turn your computer into a "zombie"Can be used to infect other computers from your computer

How can I remove Malwareinfections?

Several tools available for free on the internet

Malware Bytes (general computer scanner)Hijack This! (registry scanner)ProcXP (detailed process manager)

How can I prevent Malwareinfections?

Be cautious when dealing with email from unknown sendersNever open files you do not know the sender ofBe cautious when surfing the webScan your computer for Malware regularlyKeep up to date security patches on all software (Operating system, Virus scanner)Run firewall software to protect internet applications from being exploited

How can I prevent Malwareinfections? (As a System Admin)

Properly configuring user accounts to have minimal permissions neededConfigure browser and email client security settings to limit ActiveX controls and tighten other security settingsUse AntiVirus software to actively scan the computer and processes for malicious programsProperly train users to be cautious with email and web browsing and to notify you immediately in the event of an uncaught infectionFirewall with Deep Packet Inspection (SonicWALL)

Any Questions?