Explain how an appender infection works.

Security+ Guide to Network Security Fundamentals,

Fourth Edition

Chapter 2

Malware and Social Engineering Attacks

*

Objectives

Describe the differences between a virus and a worm

List the types of malware that conceals its appearance

Identify different kinds of malware that is designed for profit

Describe the types of social engineering psychological attacks

Explain physical social engineering attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Attacks Using Malware

Malicious software (malware)

Enters a computer system:

Without the owner’s knowledge or consent

Refers to a wide variety of damaging or annoying software

Primary objectives of malware

Infecting systems

Concealing its purpose

Making profit

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Spreads

Viruses

Malicious computer code that reproduces itself on the same computer

Virus infection methods

Appender infection

Virus appends itself to end of a file

Moves first three bytes of original file to virus code

Replaces them with a jump instruction pointing to the virus code

*

Women’s Health Magazine

*

Malware That Spreads (cont’d.)

Virus infection methods (cont’d.)

Swiss cheese infection

Viruses inject themselves into executable code

Original code transferred and stored inside virus code

Host code executes properly after the infection

Split infection

Virus splits into several parts

Parts placed at random positions in host program

Head of virus code starts at beginning of file

Gives control to next piece of virus code

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Spreads (cont’d.)

When infected program is launched:

Virus replicates itself by spreading to another file on same computer

Virus activates its malicious payload

Viruses may display an annoying message:

Or be much more harmful

Examples of virus actions

Cause a computer to repeatedly crash

Erase files from or reformat hard drive

Turn off computer’s security settings

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Spreads (cont’d.)

*

Figure 2-4 Annoying virus message

© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Spreads (cont’d.)

Security+ Guide to Network Security Fundamentals, Fourth Edition

Virus cannot automatically spread to another computer

Relies on user action to spread

Viruses are attached to files

Viruses are spread by transferring infected files

Recent Postal Service example

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Spreads (cont’d.)

Types of computer viruses

Program

Infects executable files

Macro

Executes a script

Resident

Virus infects files opened by user or operating system

Boot virus

Infects the Master Boot Record

Companion virus

Adds malicious copycat program to operating system

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Spreads (cont’d.)

Types of computer viruses (cont’d.)

Tunneling virus

Installs under anti-virus system & intercepts OS calls

Armored virus

Thwarts attempts to examine its code

Multipartite virus

Can infect exe files & boot sectors

Polymorphic virus

Changes tis virus signature

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Spreads (cont’d.)

Worm

Malicious program

Exploits application or operating system vulnerability

Sends copies of itself to other network devices

Worms may:

Consume resources or

Leave behind a payload to harm infected systems

Examples of worm actions

Deleting computer files

Allowing remote control of a computer by an attacker

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Conceals

Trojans

Program that does something other than advertised

Typically executable programs

Contain hidden code that launches an attack

Typically created using Visual Basic scripting language

Sometimes made to appear as data file

Example

User downloads “free calendar program”

Program scans system for credit card numbers and passwords

Transmits information to attacker through network

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Conceals (cont’d.)

Rootkits

Software tools used by an attacker to hide actions or presence of other types of malicious software

Hide or remove traces of log-in records, log entries

May alter or replace operating system files with modified versions:

Specifically designed to ignore malicious activity

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Conceals (cont’d.)

Rootkits can be detected using programs that compare file contents with original files

Rootkits that operate at operating system’s lower levels:

May be difficult to detect

Removal of a rootkit can be difficult

Rootkit must be erased

Original operating system files must be restored

Reformat hard drive and reinstall operating system

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Malware That Conceals (cont’d.)

Logic bomb: eg: Michelangelo Virus (March 6)

Computer code that lies dormant

Triggered by a specific logical event

Then performs malicious activities

Difficult to detect before it is triggered

Backdoor

Software code that circumvents normal security to give program access

Common practice by developers

Intent is to remove backdoors in final application

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Table 2-2 Famous logic bombs

Malware That Conceals (cont’d.)

Roll Summary Video

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Profits

Botnets

Computer is infected with program that allows it to be remotely controlled by attacker

Often payload of Trojans, worms, and viruses

Infected computer called a zombie

Groups of zombie computers together called botnet

Early botnet attackers used Internet Relay Chat to remotely control zombies

HTTP is often used today

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Botnets

Botnets’ advantages for attackers

Operate in the background:

Often with no visible evidence of existence

Provide means for concealing actions of attacker

Can remain active for years

Large percentage of zombies are accessible at a given time

Due to growth of always-on Internet services

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Table 2-3 Uses of botnets

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Profits (cont’d.)

Spyware

Software that gathers information without user consent

Usually used for:

Advertising

Collecting personal information

Changing computer configurations

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Profits (cont’d.)

Spyware’s negative effects

Slows computer performance

Causes system instability

May install new browser menus or toolbars

May place new shortcuts

May hijack home page

Causes increased pop-ups

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Profits (cont’d.)

Adware

Program that delivers advertising content:

In manner unexpected and unwanted by the user

Typically displays advertising banners and pop-up ads

May open new browser windows randomly

Can also perform tracking of online activities

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Profits (cont’d.)

Keyloggers

Program that captures user’s keystrokes

Information later retrieved by attacker

Attacker searches for useful information

Passwords

Credit card numbers

Personal information

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

Malware That Profits (cont’d.)

Keyloggers (cont’d.)

Can be a small hardware device

Inserted between computer keyboard and connector

Unlikely to be detected

Attacker physically removes device to collect information

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks

Directly gathering information from individuals

Relies on trusting nature of individuals

Psychological approaches

Goal: persuade the victim to provide information or take action

Flattery or flirtation

Conformity

Friendliness

Youtube: “Mitnick fakes way into LA Telco Central Office”

See also “Freedom Downtime”

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks (cont’d.)

Attacker will ask for only small amounts of information

Often from several different victims

Request needs to be believable

Attacker “pushes the envelope” to get information:

Before victim suspects anything

Attacker may smile and ask for help

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks

Kevin Mitnick Video Example

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Impersonation

Attacker pretends to be someone else

Help desk support technician

Repairperson

Trusted third party

Individuals in roles of authority

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks (cont’d.)

Phishing

Sending an email claiming to be from legitimate source

May contain legitimate logos and wording

Tries to trick user into giving private information

Variations of phishing

Pharming

Automatically redirects user to fraudulent Web site

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks (cont’d.)

Variations of phishing (cont’d.)

Spear phishing

Email messages target specific users

Whaling

Going after the “big fish”

Targeting wealthy individuals

Vishing (voice phishing)

Attacker calls victim with recorded “bank” message with callback number

Victim calls attacker’s number and enters private information

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

SIGNS

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks (cont’d.)

Spam

Unsolicited e-mail

Primary vehicles for distribution of malware

Sending spam is a lucrative business

Spim: targets instant messaging users

Image spam

Uses graphical images of text

Circumvents text-based filters

Often contains nonsense text

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks (cont’d.)

Hoaxes

False warning or claim

May be first step in an attack

Physical procedures

Dumpster diving

Digging through trash to find useful information

Tailgating

Following behind an authorized individual through an access door

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Table 2-5 Dumpster diving items and their usefulness

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Social Engineering Attacks (cont’d.)

Methods of tailgating

Tailgater calls “please hold the door”

Waits outside door and enters when authorized employee leaves

Employee conspires with unauthorized person to walk together through open door

Shoulder surfing

Casually observing user entering keypad code

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Summary

Malware is software that enters a computer system without the owner’s knowledge or consent

Malware that spreads include computer viruses and worms

Malware that conceals include Trojans, rootkits, logic bombs, and backdoors

Malware with a profit motive includes botnets, spyware, adware, and keyloggers

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Summary (cont’d.)

Social engineering is a means of gathering information for an attack from individuals

Types of social engineering approaches include phishing, impersonation, dumpster diving, and tailgating

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

Security+ Guide to Network Security Fundamentals, Fourth Edition

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

Applied Sciences

Architecture and Design

Biology

Business & Finance

Chemistry

Computer Science

Geography

Geology

Education

Engineering

English

Environmental science

Spanish

Government

History

Human Resource Management

Information Systems

Law

Literature

Mathematics

Nursing

Physics

Political Science

Psychology

Reading

Science

Social Science

Home

Blog

Archive

Contact

google+twitterfacebook

Copyright © 2019 Homework