SlideShare a Scribd company logo

Rapid malware defenses

Rahul Amabadkar
Rahul Amabadkar
Technology
1 of 8
Rapid Malware Defenses • Master IDS watches over network – “Infection” proceeds on part of network – Determines whether an attack or not – If so, IDS saves most of the network – If not, only a slight delay • Beneficial worm – Disinfect faster than the worm infects • Other approaches? Part 4  Software 1
Push vs Pull Malware • Viruses/worms examples of “push” • Recently, a lot of “pull” malware • Scenario – A compromised web server – Visit a website at compromised server – Malware loaded on you machine • Good paper: Ghost in the Browser Part 4  Software 2
Botnet • Botnet: a “network” of infected machines • Infected machines are “bots” – Victim is unaware of infection (stealthy) • Botmaster controls botnet – Generally, using IRC – P2P botnet architectures exist • Botnets used for… – Spam, DoS attacks, key logging, ID theft, etc. Part 4  Software 3
Botnet Examples • XtremBot – Similar bots: Agobot, Forbot, Phatbot – Highly modular, easily modified – Source code readily available (GPL license) • UrXbot – Similar bots: SDBot, UrBot, Rbot – Less sophisticated than XtremBot type • GT-Bots and mIRC-based bots – mIRC is common IRC client for Windows Part 4  Software 4
More Botnet Examples • Mariposa – Used to steal credit card info – Creator arrested in July 2010 • Conficker – Estimated 10M infected hosts (2009) • Kraken – Largest as of 2008 (400,000 infections) • Srizbi – For spam, one of largest as of 2008 Part 4  Software 5
Computer Infections • Analogies are made between computer viruses/worms and biological diseases • There are differences – Computer infections are much quicker – Ability to intervene in computer outbreak is more limited (vaccination?) – Bio disease models often not applicable – “Distance” almost meaningless on Internet • But there are some similarities… Part 4  Software 6
Computer Infections • Cyber “diseases” vs biological diseases • One similarity – In nature, too few susceptible individuals and disease will die out – In the Internet, too few susceptible systems and worm might fail to take hold • One difference – In nature, diseases attack more-or-less at random – Cyber attackers select most “desirable” targets – Cyber attacks are more focused and damaging Part 4  Software 7
Future Malware Detection? • Likely that malware outnumbers “good ware” – Metamorphic copies of existing malware – Many virus toolkits available – Trudy: recycle old viruses, different signature • So, may be better to “detect” good code – If code not on “good” list, assume it’s bad – That is, use white list instead of blacklist Part 4  Software 8

Recommended

Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horse
jyoti_lakhani
 
Security
SecuritySecurity
Security
Renu Ananya
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
Greater Noida Institute Of Technology
 
computer viruses
computer virusescomputer viruses
computer viruses
ishan2shawn
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
vivek pratap singh
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12
kiranlohakare2
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti viruses
Mohit Jaiswal
 

Recommended

Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horse
jyoti_lakhani
 
Security
SecuritySecurity
Security
Renu Ananya
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
Greater Noida Institute Of Technology
 
computer viruses
computer virusescomputer viruses
computer viruses
ishan2shawn
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
vivek pratap singh
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12
kiranlohakare2
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti viruses
Mohit Jaiswal
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
vipinkumar940
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
Sadaf Walliyani
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
MDAZAD53
 
Malwares
MalwaresMalwares
Malwares
Ishaq Ticklye
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
sandeep shergill
 
Eh34803812
Eh34803812Eh34803812
Eh34803812
IJERA Editor
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
Hossein Yavari
 
Viruses And Hacking
Viruses And HackingViruses And Hacking
Viruses And Hacking
Muhammad Fahd Un-Nabi Khan
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Abdul Wadood Khan
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
rajakhurram
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Malware
MalwareMalware
Malware
MohsinHusenManasiya
 
Virus
VirusVirus
Virus
argusacademy
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
tbrown123
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
Md.Tanvir Ul Haque
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Dark Side
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
Neha Kurale
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
diarfirstdiarfirst
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
malikmuzammil2326
 

More Related Content

What's hot

How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
Sadaf Walliyani
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
rajakhurram
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
tbrown123
 

What's hot (20)

computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malwares
MalwaresMalwares
Malwares
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Eh34803812
Eh34803812Eh34803812
Eh34803812
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Viruses And Hacking
Viruses And HackingViruses And Hacking
Viruses And Hacking
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Malicious
MaliciousMalicious
Malicious
 
Malware
MalwareMalware
Malware
 
Virus
VirusVirus
Virus
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 

Similar to Rapid malware defenses

Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 

Similar to Rapid malware defenses (20)

Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
10 malware
10 malware10 malware
10 malware
 
Computer worm
Computer wormComputer worm
Computer worm
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Lecture 19
Lecture 19Lecture 19
Lecture 19
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Computer viruses - A daily harm
Computer viruses - A daily harmComputer viruses - A daily harm
Computer viruses - A daily harm
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
Security
SecuritySecurity
Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Rapid malware defenses

  • 1. Rapid Malware Defenses • Master IDS watches over network – “Infection” proceeds on part of network – Determines whether an attack or not – If so, IDS saves most of the network – If not, only a slight delay • Beneficial worm – Disinfect faster than the worm infects • Other approaches? Part 4  Software 1
  • 2. Push vs Pull Malware • Viruses/worms examples of “push” • Recently, a lot of “pull” malware • Scenario – A compromised web server – Visit a website at compromised server – Malware loaded on you machine • Good paper: Ghost in the Browser Part 4  Software 2
  • 3. Botnet • Botnet: a “network” of infected machines • Infected machines are “bots” – Victim is unaware of infection (stealthy) • Botmaster controls botnet – Generally, using IRC – P2P botnet architectures exist • Botnets used for… – Spam, DoS attacks, key logging, ID theft, etc. Part 4  Software 3
  • 4. Botnet Examples • XtremBot – Similar bots: Agobot, Forbot, Phatbot – Highly modular, easily modified – Source code readily available (GPL license) • UrXbot – Similar bots: SDBot, UrBot, Rbot – Less sophisticated than XtremBot type • GT-Bots and mIRC-based bots – mIRC is common IRC client for Windows Part 4  Software 4
  • 5. More Botnet Examples • Mariposa – Used to steal credit card info – Creator arrested in July 2010 • Conficker – Estimated 10M infected hosts (2009) • Kraken – Largest as of 2008 (400,000 infections) • Srizbi – For spam, one of largest as of 2008 Part 4  Software 5
  • 6. Computer Infections • Analogies are made between computer viruses/worms and biological diseases • There are differences – Computer infections are much quicker – Ability to intervene in computer outbreak is more limited (vaccination?) – Bio disease models often not applicable – “Distance” almost meaningless on Internet • But there are some similarities… Part 4  Software 6
  • 7. Computer Infections • Cyber “diseases” vs biological diseases • One similarity – In nature, too few susceptible individuals and disease will die out – In the Internet, too few susceptible systems and worm might fail to take hold • One difference – In nature, diseases attack more-or-less at random – Cyber attackers select most “desirable” targets – Cyber attacks are more focused and damaging Part 4  Software 7
  • 8. Future Malware Detection? • Likely that malware outnumbers “good ware” – Metamorphic copies of existing malware – Many virus toolkits available – Trudy: recycle old viruses, different signature • So, may be better to “detect” good code – If code not on “good” list, assume it’s bad – That is, use white list instead of blacklist Part 4  Software 8