What is Malware

1
What is Malware?

• Definition
• A generic term used to describe any form of
  malicious software e.g., Virus, Trojan horse,
  Spyware, Adware, Malicious ActiveX web page,
  Rootkit, Zombie.

Jonathan Held Presented 9/13/2005
2
What Harm Can Malware Do?

• Install strange programs
• Slow internet connections
• Slow PC performance
• Cause system instabilities/ crashes
• Web popups

• Change IE settings
• View / Steal any information on the PC
• Open you up to identity theft
• Log all keystrokes typed
• Cause your PC to attack others (laptops)
• Render your PC unusable

3
How Bad is the Problem?

• 90 of home users are infected with malware.
• 20 of home computers are infected with a virus
• 88 of the infected users dont even know they
  are infected with malware.
• 2 of every 3 users dont have an activated
  firewall, 1 of the 3 firewall-using folks have
  their firewalls improperly configured
• Some worms have infected millions of computers
  within just a few minutes.
• Malware is responsible for a third of all Windows
  application crashes
• Viruses alone cost businesses around the world
  55 billion per year.

4
HOW TO TELL IF YOUR COMPUTER IS INFECTED WITH
MALWARE

• Sluggish system, Decrease in system performance.
• Computer boots up slower than usual.
• Pop-up ads, while you're not even running your
  web browser.
• Unwanted changes to Web Browser settings - home
  page, search page,
• new toolbars, new added Favorites.
• Hard Drive keeps losing free space.
• New messages, errors, and icons, for programs
  you never installed,especially on startup.
• Programs crash more often, even after rebooting.
• Suspicious or new Windows processes. (Advanced
  Users)

5
What are the different types of Malware?
How do they get onto my computer?
6
DAMAGE All malware will cause sluggish
performance and crashes, and here are some
additional annoyances
DIFFERENT TYPES OF MALWARE Best to Worst
ADWARE / POPUPS
SPYWARE
Nuisance
BROWSER HIJACK
VIRUS
Some viruses can cause data loss.
TROJAN Files
SPAM RELAY (SpamBot)
Your PC is used only to attack others
DDOS ZOMBIE
DIALER
Telephone fraud, 1-900 overseas s
Rogue FTP server
Hard Drive space will dwindle
KEYLOGGER
Any data on your computer can be viewed or
stolen, even your keystrokes. COMPLETE SYSTEM
COMPROMISE.
Remote Acc.Backdoor
ROOTKIT
7
Malware is usually Bundled This makes
some sophisticated Malware difficult to
remove. Windows reinstallation is sometimes
required, and recommended annually.
8
TERMS

• SPYWARE Any program which secretly collects and
  transmits user information (visited websites,
  search terms, etc) through the user's Internet
  connection without users knowledge, usually for
  advertising purposes.
• Aside from privacy issue, it also slows down
  computer and internet connection,
• and creates system instability and crashes.
• VIRUS A small parasite program that attached
  to a program or file on your
• computers hard drive without your knowledge, and
  runs against your wishes.
• Viruses replicate themselves when the file is
  shared with others. Their payload is
• usually harmful, deleting files, opening up the
  PC for other infections, Slowing the
• computer to a halt, etc.
• WORM Similar to a virus, but more powerful
  doesnt need a host file, and
• Spreads much more quickly over network.
• EXPLOIT / HACK small programs or methods which
  attacks particular unpatched
• security holes. Not self-replicating. An attack
  vector which opens up the PC for
• further infection. Once a computer is Hacked, the
  hacker has complete control over the PC, and can
  proceed to install viruses, spyware, FTP servers,
  and anything else.

9
TERMS

• BROWSER HIJACK Web sites that, when visited,
  set the user's default browser home
• page to an unwanted URL, change the default
  search engine, or add unwanted toolbars
• and other custom plugins/add-ons to the user's
  browser and system.

• FIREWALL Software which runs in the background
  and blocks suspicious
• activity to from a computers 65,000 network
  ports. Will block most Malware,
• But not all. Windows XP SP2 has a Firewall
  built-in.

• PATCH (WindowsUpdate.com) a small modification
  to the Windows OS code,
• to close up a recently discovered vulnerability.

10
Removal
11
I THINK MY PC IS INFECTED WITH MALWARE WHAT
NOW?
If it's an IFEM computer, tell Jon. Update and
run Spyware Scanner first, if you have time. Run
2 spyware scanners. Make sure to update them
first. They will detect and remove most of your
spyware. (Microsoft Anti-Spyware, Spybot
SearchDestroy, Ad-Aware) Run a full virus scan.
Update your virus definitions first. Go to
Control Panel, Add/Remove Programs, and
remove any programs you've never heard of, or you
don't need. (don't touch the Microsoft
programs!)
12
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Microsoft AntiSpyware. Easy to use, easy to
install, has straightforward friendly
"real-time" protection. Spybot
SearchDestroy. Catches more Malware than the
Microsoft product, but "real time" protection is
sub-par. Ad-Aware. Similar to SpybotSD above, a
little easier to use. Does not offer real-time
protection.
13
I THINK MY PC IS INFECTED WITH MALWARE WHAT NOW?
?If it's a browser Hijack, Run "Hijack This", or
MS AntiSpyware. ?Use a Process Viewer, such as
TaskInfo (Advanced users) Terminate suspicious
processes and Services, check Registry Start
section. As a last resort ? Reformat hard
drive, reinstall Windows all your
programs. (back up your files first!) OR ? Take
your PC to a repair service, such as
HomePCHelpers or Geeksquad.
14
MALWARE PROCESSES
Serv-U.exe GAIN.exe akjughwtlpztq.exe Slave.exe da
meware.exe fxsvc.exe Winshel.exe service.exe Mic
rosofts.exe
15
Installation files for these programs are in The
IFEM Shared Folder, for your use \\shiva\shared\
Malware Tools\
16
How does Malware spread?
17
How did I get Malware on my Computer? How does it
spread?

• Email attachments, and shared infected files.
• Bundled with a software installation (usually
  Shareware and Web toobars add-ons) (IFEM
  installs policy)
• An infected PC on the network
• Peer-To-Peer (P2P) applications and services
  (like Skype, Kazaa, Limewire, etc)
• Worm or Virus
• Exploit / Hack (Exploits of security flaws within
  the operating system or the web browser)

18
How did I get Malware on my Computer? How does it
spread?

• VISITING MALICIOUS WEB SITES
• Clicking a web popup.
• For example, Clicking close or
• OK on a pop-up or ad when its
• really a link to another web page.
• Automatic installations by
• visiting certain web sites
• (drive-by-download )

19
tricks users into installation by the use of
deceptive buttons and hyperlinks, false error
boxes and system notices, uncloseablepopups,or
other confusing GUI elements falsely
poses as Microsoft Windows Update
software,"anti-spyware" software, or other
software that may be desired by users.
20
SHAREWARE www.download.com
Software downloadable free of charge, but the
author usually requests that you pay a small fee
if you like the program. Shareware is
inexpensive because it is usually produced by a
single programmer and is offered directly to
customers. Some shareware is bundled with
spyware. Always check customer reviews or
Google Before you install shareware, and make
sure to run spyware scan after you install.
Different Types
Nagware
Limited Trial (15 days, etc)
Adware (Sponsored)
Honorware
Crippleware (Certain features are Disabled, or
limited Save cabability)
21
Prevention
22
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
? Keep your Anti-Virus program AND Anti-Spyware
Scanner up to date. Run them in background at all
times. Do full scans a few times per month. ?
Install all critical Windows Updates,
from www.windowsupdate.com, OR make sure it's set
to Automatic". Laptops must be updated manually,
every week or two. ? Install Windows XP Service
Pack 2 (look for "Windows Firewall" in CP) ?
MAKE SURE YOUR XP SP2 FIREWALL IS TURNED ON. A
firewall will protect against SOME malware, not
all.
23
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
? Dont view or open spam or unknown email
attachments. ? Don't click on ANY web
pop-ups! ? Set Internet Explorer browser
settings to High. (optional) ? MAKE SURE you
have a strong password for all accounts on your
PC. ? Be careful what software you install. Look
up the program on Google first, to check if the
program is safe. Always do a Spyware scan after
installing software. ? Never give out passwords
or other protected information, and don't leave
them lying around.
24
HOW DO I PROTECT MY COMPUTER IN THE FUTURE?
Microsoft AntiSpyware. Easy to use, easy to
install, has straightforward friendly
"real-time" protection. Spybot
SearchDestroy. Catches more Malware than the
Microsoft product, but "real time" protection is
sub-par. Ad-Aware. Similar to SpybotSD above, a
little easier to use. Does not offer real-time
protection.
25
WHY DO PEOPLE CREATE VIRUSES AND MALWARE?
? DDOS Attacks. ? Spamming relays. ? Paid by
advertising agencies and companies. ? To get
personal useful information, such as credit card
and SS numbers. ? for fun. ? To show off their
skills.
26
Will this stop?

• No, not in the near future. Currently, few laws
  are in place, and no one is being convicted, in
  any country.
• The income potential is attractive to those
  wishing to work from home, or make extra money.
• Prevention and awareness is the only protection!

27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
Spyware Scanner Screenshots
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
WindowsXP SP2 Internet Explorer ? added
protection from Popups and ActiveX installations!
41
This website attempted to install unsolicited
software or change settings
42
(No Transcript)