Security+ Guide to Network Security Fundamentals,
Fourth Edition
Chapter 2
Malware and Social Engineering Attacks
*
Objectives
Describe the differences between a virus and a worm
List the types of malware that conceals its appearance
Identify different kinds of malware that is designed for profit
Describe the types of social engineering psychological attacks
Explain physical social engineering attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Attacks Using Malware
Malicious software (malware)
Enters a computer system:
Without the owner’s knowledge or consent
Refers to a wide variety of damaging or annoying software
Primary objectives of malware
Infecting systems
Concealing its purpose
Making profit
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Spreads
Viruses
Malicious computer code that reproduces itself on the same computer
Virus infection methods
Appender infection
Virus appends itself to end of a file
Moves first three bytes of original file to virus code
Replaces them with a jump instruction pointing to the virus code
*
Women’s Health Magazine
*
Malware That Spreads (cont’d.)
Virus infection methods (cont’d.)
Swiss cheese infection
Viruses inject themselves into executable code
Original code transferred and stored inside virus code
Host code executes properly after the infection
Split infection
Virus splits into several parts
Parts placed at random positions in host program
Head of virus code starts at beginning of file
Gives control to next piece of virus code
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Spreads (cont’d.)
When infected program is launched:
Virus replicates itself by spreading to another file on same computer
Virus activates its malicious payload
Viruses may display an annoying message:
Or be much more harmful
Examples of virus actions
Cause a computer to repeatedly crash
Erase files from or reformat hard drive
Turn off computer’s security settings
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Spreads (cont’d.)
*
Figure 2-4 Annoying virus message
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Spreads (cont’d.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
Virus cannot automatically spread to another computer
Relies on user action to spread
Viruses are attached to files
Viruses are spread by transferring infected files
Recent Postal Service example
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Spreads (cont’d.)
Types of computer viruses
Program
Infects executable files
Macro
Executes a script
Resident
Virus infects files opened by user or operating system
Boot virus
Infects the Master Boot Record
Companion virus
Adds malicious copycat program to operating system
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Spreads (cont’d.)
Types of computer viruses (cont’d.)
Tunneling virus
Installs under anti-virus system & intercepts OS calls
Armored virus
Thwarts attempts to examine its code
Multipartite virus
Can infect exe files & boot sectors
Polymorphic virus
Changes tis virus signature
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Spreads (cont’d.)
Worm
Malicious program
Exploits application or operating system vulnerability
Sends copies of itself to other network devices
Worms may:
Consume resources or
Leave behind a payload to harm infected systems
Examples of worm actions
Deleting computer files
Allowing remote control of a computer by an attacker
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Conceals
Trojans
Program that does something other than advertised
Typically executable programs
Contain hidden code that launches an attack
Typically created using Visual Basic scripting language
Sometimes made to appear as data file
Example
User downloads “free calendar program”
Program scans system for credit card numbers and passwords
Transmits information to attacker through network
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Conceals (cont’d.)
Rootkits
Software tools used by an attacker to hide actions or presence of other types of malicious software
Hide or remove traces of log-in records, log entries
May alter or replace operating system files with modified versions:
Specifically designed to ignore malicious activity
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Conceals (cont’d.)
Rootkits can be detected using programs that compare file contents with original files
Rootkits that operate at operating system’s lower levels:
May be difficult to detect
Removal of a rootkit can be difficult
Rootkit must be erased
Original operating system files must be restored
Reformat hard drive and reinstall operating system
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Malware That Conceals (cont’d.)
Logic bomb: eg: Michelangelo Virus (March 6)
Computer code that lies dormant
Triggered by a specific logical event
Then performs malicious activities
Difficult to detect before it is triggered
Backdoor
Software code that circumvents normal security to give program access
Common practice by developers
Intent is to remove backdoors in final application
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Table 2-2 Famous logic bombs
Malware That Conceals (cont’d.)
Roll Summary Video
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Profits
Botnets
Computer is infected with program that allows it to be remotely controlled by attacker
Often payload of Trojans, worms, and viruses
Infected computer called a zombie
Groups of zombie computers together called botnet
Early botnet attackers used Internet Relay Chat to remotely control zombies
HTTP is often used today
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Botnets
Botnets’ advantages for attackers
Operate in the background:
Often with no visible evidence of existence
Provide means for concealing actions of attacker
Can remain active for years
Large percentage of zombies are accessible at a given time
Due to growth of always-on Internet services
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Table 2-3 Uses of botnets
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Profits (cont’d.)
Spyware
Software that gathers information without user consent
Usually used for:
Advertising
Collecting personal information
Changing computer configurations
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Profits (cont’d.)
Spyware’s negative effects
Slows computer performance
Causes system instability
May install new browser menus or toolbars
May place new shortcuts
May hijack home page
Causes increased pop-ups
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Profits (cont’d.)
Adware
Program that delivers advertising content:
In manner unexpected and unwanted by the user
Typically displays advertising banners and pop-up ads
May open new browser windows randomly
Can also perform tracking of online activities
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Profits (cont’d.)
Keyloggers
Program that captures user’s keystrokes
Information later retrieved by attacker
Attacker searches for useful information
Passwords
Credit card numbers
Personal information
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
Malware That Profits (cont’d.)
Keyloggers (cont’d.)
Can be a small hardware device
Inserted between computer keyboard and connector
Unlikely to be detected
Attacker physically removes device to collect information
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks
Directly gathering information from individuals
Relies on trusting nature of individuals
Psychological approaches
Goal: persuade the victim to provide information or take action
Flattery or flirtation
Conformity
Friendliness
Youtube: “Mitnick fakes way into LA Telco Central Office”
See also “Freedom Downtime”
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks (cont’d.)
Attacker will ask for only small amounts of information
Often from several different victims
Request needs to be believable
Attacker “pushes the envelope” to get information:
Before victim suspects anything
Attacker may smile and ask for help
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks
Kevin Mitnick Video Example
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Impersonation
Attacker pretends to be someone else
Help desk support technician
Repairperson
Trusted third party
Individuals in roles of authority
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks (cont’d.)
Phishing
Sending an email claiming to be from legitimate source
May contain legitimate logos and wording
Tries to trick user into giving private information
Variations of phishing
Pharming
Automatically redirects user to fraudulent Web site
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks (cont’d.)
Variations of phishing (cont’d.)
Spear phishing
Email messages target specific users
Whaling
Going after the “big fish”
Targeting wealthy individuals
Vishing (voice phishing)
Attacker calls victim with recorded “bank” message with callback number
Victim calls attacker’s number and enters private information
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
SIGNS
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks (cont’d.)
Spam
Unsolicited e-mail
Primary vehicles for distribution of malware
Sending spam is a lucrative business
Spim: targets instant messaging users
Image spam
Uses graphical images of text
Circumvents text-based filters
Often contains nonsense text
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks (cont’d.)
Hoaxes
False warning or claim
May be first step in an attack
Physical procedures
Dumpster diving
Digging through trash to find useful information
Tailgating
Following behind an authorized individual through an access door
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Table 2-5 Dumpster diving items and their usefulness
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Social Engineering Attacks (cont’d.)
Methods of tailgating
Tailgater calls “please hold the door”
Waits outside door and enters when authorized employee leaves
Employee conspires with unauthorized person to walk together through open door
Shoulder surfing
Casually observing user entering keypad code
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Summary
Malware is software that enters a computer system without the owner’s knowledge or consent
Malware that spreads include computer viruses and worms
Malware that conceals include Trojans, rootkits, logic bombs, and backdoors
Malware with a profit motive includes botnets, spyware, adware, and keyloggers
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Summary (cont’d.)
Social engineering is a means of gathering information for an attack from individuals
Types of social engineering approaches include phishing, impersonation, dumpster diving, and tailgating
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
Security+ Guide to Network Security Fundamentals, Fourth Edition
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
Applied Sciences
Architecture and Design
Biology
Business & Finance
Chemistry
Computer Science
Geography
Geology
Education
Engineering
English
Environmental science
Spanish
Government
History
Human Resource Management
Information Systems
Law
Literature
Mathematics
Nursing
Physics
Political Science
Psychology
Reading
Science
Social Science
Home
Blog
Archive
Contact
google+twitterfacebook
Copyright © 2019 Homework