• Home

  • Documents

  • Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example:...
24
Chapter 9 Security 9.7 - 9.8 Malware Defenses

Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

  • View
    216

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Chapter 9Security

9.7 - 9.8MalwareDefenses

Page 2: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Malware

Can be used for a form of blackmail.

Example: Encrypts files on victim disk, then displays message …

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Greetings from General Encryption

To purchase a decryption key for your hard disk, please send $100 in smallunmarked bills to Box 2154, Panama City, Panama.

Thank you. We appreciate your business.

Page 3: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Types of Viruses

• Companion virus• Executable program virus• Parasitic virus• Memory-resident virus• Boot sector virus• Device driver virus• Macro virus• Source code virus

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 4: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-27. A recursive procedure that finds executable files on a UNIX system.

Executable Program Viruses (1)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

. . .

Page 5: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-27. A recursive procedure that finds executable files on a UNIX system.

Executable Program Viruses (2)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

. . .

Page 6: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-28. (a) An executable program. (b) With a virus at the front. (c) With a virus at the end. (d) With a virus spread over free

space within the program.

Parasitic Viruses

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 7: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-29. (a) After the virus has captured all the interrupt and trap vectors. (b) After the operating system has retaken the printer interrupt vector. (c) After the virus has noticed the loss of the

printer interrupt vector and recaptured it.

Boot Sector Viruses

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 8: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Spyware (1)

Description:

• Surreptitiously loaded onto a PC without the owner’s knowledge

• Runs in the background doing things behind the owner’s back

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 9: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Spyware (2)

Characteristics:

• Hides, victim cannot easily find• Collects data about the user• Communicates the collected information back to its

distant master• Tries to survive determined attempts to remove it

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 10: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

How Spyware Spreads

Possible ways:

• Same as malware, Trojan horse• Drive-by download, visit an infected web site• Web pages tries to run an .exe file• Unsuspecting user installs an infected toolbar• Malicious activeX controls get installed

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 11: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Actions Taken by Spyware

• Change the browser’s home page.• Modify the browser’s list of favorite (bookmarked) pages.• Add new toolbars to the browser.• Change the user’s default media player.• Change the user’s default search engine.• Add new icons to the Windows desktop.• Replace banner ads on Web pages with those the spyware picks.• Put ads in the standard Windows dialog boxes• Generate a continuous and unstoppable stream of pop-up ads.

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 12: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Types of Rootkits (1)

• Firmware rootkits• Hypervisor rootkits• Kernel rootkits• Library rootkits• Application rootkits

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 13: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-30. Five places a rootkit can hide.

Types of Rootkits (2)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 14: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-31. A simplified view of a hardware firewall protecting a LAN with three computers.

Firewalls

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 15: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-32. (a) A program. (b) An infected program. (c) A compressed infected program. (d) An encrypted virus. (e)

A compressed virus with encrypted compression code.

Virus Scanners (1)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 16: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-33. Examples of a polymorphic virus.

Virus Scanners (2)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 17: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Antivirus and Anti-Antivirus Techniques

• Virus scanners• Integrity checkers• Behavioral checkers• Virus avoidance

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 18: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-34. How code signing works.

Code Signing

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 19: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-35. The operation of a jail.

Jailing

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 20: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-36. (a) A program. (b) System call graph for (a).

Model-Based Intrusion Detection

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 21: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-37. (a) Memory divided into 16-MB sandboxes. (b) One way of checking an instruction for validity.

Sandboxing

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 22: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-38. Applets can be interpreted by a Web browser.

Interpretation

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 23: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Java Security (1)

JVM byte code verifier checks if the applet obeys certain rules:

• Does the applet attempt to forge pointers?• Does it violate access restrictions on private-class

members?• Does it try to use a variable of one type as another type?• Does it generate stack overflows? underflows?• Does it illegally convert variables of one type to another?

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639

Page 24: Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message

Figure 9-39. Some examples of protection that can be specified with JDK 1.2.

Java Security (2)

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639


Competing Theories of Blackmail: An Empirical Research Critique of

Competing Theories of Blackmail: An Empirical Research Critique of

Documents
BLACKMAIL, EXTORTION, AND EXCHANGE

BLACKMAIL, EXTORTION, AND EXCHANGE

Documents
Windows Malware Firewall: Remove Windows Malware Firewall

Windows Malware Firewall: Remove Windows Malware Firewall

Technology
VARONIS WHITEPAPER: Ransomware Guide · Ransomware Guide Overview Ransomware – malware that encrypts a victim’s data, extorting a ransom to be paid within a short time frame or

VARONIS WHITEPAPER: Ransomware Guide · Ransomware Guide Overview Ransomware – malware that encrypts a victim’s data, extorting a ransom to be paid within a short time frame or

Documents
Ellsberg, Theory and Practice of Blackmail

Ellsberg, Theory and Practice of Blackmail

Documents
Legalizing Blackmail

Legalizing Blackmail

Documents
Ch 12: Covert Malware Launching - samsclass.info · Practical Malware Analysis Ch 12: Covert Malware Launching Last revised: 4-10-17. Hiding Malware • Malware used to be visible

Ch 12: Covert Malware Launching - samsclass.info · Practical Malware Analysis Ch 12: Covert Malware Launching Last revised: 4-10-17. Hiding Malware • Malware used to be visible

Documents
Summary - febc.pro · encryption and privacy technologies, encrypts user data, organization data and sensitive data, encrypts noise, and then transmits it on a peer-to-peer network

Summary - febc.pro · encryption and privacy technologies, encrypts user data, organization data and sensitive data, encrypts noise, and then transmits it on a peer-to-peer network

Documents
ShieldFS: The Last Word In Ransomware Resilient Filesystems · Ransomware [20] is a class of malware that encrypts valuable files found on the victim’s machine and asks for a ransom

ShieldFS: The Last Word In Ransomware Resilient Filesystems · Ransomware [20] is a class of malware that encrypts valuable files found on the victim’s machine and asks for a ransom

Documents
Malware Analysis Analysis.pdf · Definisi Malware Analysis • What is a malware? • Malware (malicious software) ... Malware Sinkronisasi Token • Pelaku: Zeus Banking Trojan •

Malware Analysis Analysis.pdf · Definisi Malware Analysis • What is a malware? • Malware (malicious software) ... Malware Sinkronisasi Token • Pelaku: Zeus Banking Trojan •

Documents
Cyber Security Workshop - cdn.ymaws.com · Malware infects PC silently • Encrypts files using an RSA-2048 key (Unbreakable) • Holds files ransom for 10 days waiting for user to

Cyber Security Workshop - cdn.ymaws.com · Malware infects PC silently • Encrypts files using an RSA-2048 key (Unbreakable) • Holds files ransom for 10 days waiting for user to

Documents
Introduction to Mobile Malware. Outline ➢ Introduction ➢ Types of Malware ➢ Malware examples ➢ How Malware Spreads ➢ Prevention ➢ AndroRAT Hands-on Lab

Introduction to Mobile Malware. Outline ➢ Introduction ➢ Types of Malware ➢ Malware examples ➢ How Malware Spreads ➢ Prevention ➢ AndroRAT Hands-on Lab

Documents
RANSOMWARE PREVENTION ADVISORY - AKS IT Services IT_Ransomware Preventio… · Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from

RANSOMWARE PREVENTION ADVISORY - AKS IT Services IT_Ransomware Preventio… · Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from

Documents
THE EVOLUTION OF MALWARE & FUTURE MALWARE MITIGATION

THE EVOLUTION OF MALWARE & FUTURE MALWARE MITIGATION

Documents
Improving accuracy of malware detection by …...FFRI, Inc. Background – malware and its detection 4 Increasing malware Targeted Attack (Unknown malware) Malware generators Obfuscators

Improving accuracy of malware detection by …...FFRI, Inc. Background – malware and its detection 4 Increasing malware Targeted Attack (Unknown malware) Malware generators Obfuscators

Documents
Chapter 8 Malware - FTMS · – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware ... Malware Types of Malware

Chapter 8 Malware - FTMS · – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware ... Malware Types of Malware

Documents
Intrusion Detection and Malware Analysis - Malware collection

Intrusion Detection and Malware Analysis - Malware collection

Documents
Awkward Transitions - Hitchcock's 'Blackmail' and the Dynamics of Early Film Sound

Awkward Transitions - Hitchcock's 'Blackmail' and the Dynamics of Early Film Sound

Documents
Intro to Reverse Engineering and Malware Analysis · Malware Types (What) Ransomware •Encrypts all files and demands ransom •Example: WannaCry, (Not)Petya, TeslaCrypt RAT/Backdoor

Intro to Reverse Engineering and Malware Analysis · Malware Types (What) Ransomware •Encrypts all files and demands ransom •Example: WannaCry, (Not)Petya, TeslaCrypt RAT/Backdoor

Documents
Falso Chantaje.(False Blackmail)

Falso Chantaje.(False Blackmail)

Documents
Nowhere to Turn: Blackmail and Extortion of LGBT People in Sub-Saharan Africa

Nowhere to Turn: Blackmail and Extortion of LGBT People in Sub-Saharan Africa

Documents
The Enigma Cipher Machine - ut · • encrypts GKL twice using the global starting position (given in a code-book). • turns the rotors to GKL and encrypts the actual message. •

The Enigma Cipher Machine - ut · • encrypts GKL twice using the global starting position (given in a code-book). • turns the rotors to GKL and encrypts the actual message. •

Documents
Ransomware - peakresources.com...•Ransomware is Malware -Malicious software that encrypts and holds data/systems hostage for a ransom payment. •Organizations will use Bitcoin or

Ransomware - peakresources.com...•Ransomware is Malware -Malicious software that encrypts and holds data/systems hostage for a ransom payment. •Organizations will use Bitcoin or

Documents
Lesson 3 Blackmail. Contents: The background About the author Epitome Jaguar Characters

Lesson 3 Blackmail. Contents: The background About the author Epitome Jaguar Characters

Documents
Practical Malware Analysis: Ch 11: Malware Behavior

Practical Malware Analysis: Ch 11: Malware Behavior

Education
Ensc 427 Final Report - Simon Fraser University · 4 encrypts the header and the payload of each packet. Transport mode encrypts the payload. PPTP supports multi-protocol VPNs with

Ensc 427 Final Report - Simon Fraser University · 4 encrypts the header and the payload of each packet. Transport mode encrypts the payload. PPTP supports multi-protocol VPNs with

Documents
Android Malware Exposed-Evolution of Android Malware

Android Malware Exposed-Evolution of Android Malware

Documents
Malware & Anti-Malware

Malware & Anti-Malware

Engineering
Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware … · 2011-08-16 · Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware

Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware … · 2011-08-16 · Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware

Documents
Aggression And Blackmail As Normal

Aggression And Blackmail As Normal

Documents