Malware viruses worms trojan horses spyware what they are how to deal with them
1 / 25

Malware: Viruses, Worms, Trojan Horses, Spyware What They Are How to Deal with Them - PowerPoint PPT Presentation

  • Uploaded on

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them. Jay Stamps, [email protected] , 723-0018 ITSS Help Desk Level 1 Training, November 18, 2004. Course Objectives. Understand what malware is, where it comes from, and what it does

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Malware: Viruses, Worms, Trojan Horses, Spyware What They Are How to Deal with Them' - milos

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Malware viruses worms trojan horses spyware what they are how to deal with them l.jpg
Malware: Viruses, Worms, Trojan Horses, & SpywareWhat They Are & How to Deal with Them

Jay Stamps, [email protected], 723-0018

ITSS Help Desk Level 1 Training, November 18, 2004

Course objectives l.jpg
Course Objectives

  • Understand what malware is, where it comes from, and what it does

  • Diagnose compromised or infected computers based on reported symptoms

  • Basic troubleshooting techniques for possibly compromised computers

  • Research & diagnostic tools

  • Prevention: Worth a pound of cure!

Sorry l.jpg

  • But that was the last picture you’re going to see in this presentation!

  • The good news is that your instructor loves questions, and you’re cordially invited to interrupt him at any time, or save your questions for later

  • It’s a cliché, but there are no “dumb questions”: The point is to learn

  • And if I don’t have a good answer, I’ll suggest that you make finding one part of your homework assignment!

What s malware l.jpg
What’s “Malware”?

  • Shortened form of “malicious software”

    • But it’s not always really malicious

  • So “malware” is a general term for:

    • Computer and macro viruses of any kind

    • Internet and mass-mailing worms

    • Trojan horses, backdoors and rootkits

    • Other computer exploits, bots, zombies

    • Spyware, adware, and other software installed on a computer without the user’s knowledge or informed consent

    • And then there are the “hoax viruses”…

Why use the word virus l.jpg
Why Use the Word “Virus”?

  • The analogy with biological viruses

    • Computer viruses exist to self-replicate

    • They can often adapt (mutate) to survive

    • They might or might not harm the host

    • They “infect” by inserting themselves into a “healthy” system (be it a computer program or living organism)

  • The term “virus” is heavily overused

    • That’s why we’re talking about “malware”

  • But when someone’s PC is misbehaving…

    • They call 5-HELP and say, “I’ve got a virus!”

Are only pcs affected l.jpg
Are Only PCs Affected?

  • The answer is “No”

  • Are Macintoshes immune?

    • The answer is “yes and no” - sort of…

    • The first virus in 1982 infected Apple IIs

    • A great deal of malware - some of it not so malicious - existed for Mac OS “Classic”

    • Are there any Mac OS X malware programs? Well, not in the wild, not yet…

  • What about Unix and Linux OSes?

    • Lots of malware is in circulation for these platforms - lots!

Why does malware exist l.jpg
Why Does Malware Exist?

  • When “viruses” first became common…

    • And “normal people” began to use personal computers…

    • If a “virus” struck, they were confused, alarmed, felt violated…

    • They’d ask, “Where do these things come from?” and “How did I get infected?”

      • Often they’d feel embarrassed, like they’d picked up an STD in a reckless moment…

    • When told, “People deliberately create viruses,” they’d properly ask, “Why?”

  • What do you think? Why does malware exist? (Possible homework assignment!)

Brief history of malware l.jpg
Brief History of Malware

  • “Viruses” appeared in early 1980s

    • Very soon after first personal computers

    • They spread by floppy disks, later via “bootleg” & other software on “BBSes”

    • They often weren’t meant to be destructive

  • Internet “worms” arrived in late 1980s

    • “There may be a virus loose on the internet.” - Andy Sudduth of Harvard University, 34 minutes past midnight, November 3, 1988

Brief history continued l.jpg
Brief History Continued

  • First mass-mailing worm came in 1999

    • Usually called the “Melissa virus”

    • It was also a “macro virus”

    • Infected file had to be opened in MS Word

  • Spyware hits the scene around 2000

    • “Adware” claims to be legitimate, legal

    • “Browser hijacking” is common symptom

  • Other exploits, trojans, backdoors…

    • Have been around for a long time

    • Hackers target entities for malicious attack, or may want “free” computing resources

We ll stick to ms windows l.jpg
We’ll Stick to MS Windows

  • The majority of computer users at Stanford have Microsoft Windows PCs

  • The majority of malware “in the wild” today attacks only Windows PCs

    • Malware is very platform-dependent

  • Microsoft has only recently made computer security a priority

  • In the past…

    • MS tended to “enable everything by default”

    • Network-connected “services” running on a computer are an open invitation to hackers

Why so much malware l.jpg
Why So Much Malware?

  • Is malware becoming more common?

  • Yes!!! It is!!! (and harder to fight off)

  • Why might that be?

  • The Internet! Plus all the high-powered PCs in homes & offices connected to it

  • Why does that make a difference?

  • As with biological viruses, lots of people (or computers) are rubbing up against each other in a common space; and computers (like people) don’t always cover their mouths when they sneeze…

Help i ve got a virus l.jpg
“Help! I’ve Got a Virus!”

  • A lot of people self-diagnose (wrongly)

    • “Doc, I think I’ve got the flu.” “How much did you drink last night?” “Uh, three six packs. I think. I don’t really remember…”

  • Only a few years ago…

    • Most folks who thought their PC had a viral infection were wrong!

    • When PCs behaved strangely, usually there was a problem with the OS or an application that was not at all virus-related

  • Today that’s still true, but…

Today that s true but l.jpg
Today That’s True, But…

  • Malware is more common, while OSes and applications are both more feature-laden and (often) more robust

    • More features mean more potential vulnerabilities for hackers to exploit

    • Greater robustness means strange behavior is somewhat likelier to be caused by malware

  • Plus more people use protective software

    • Few people these days are unaware of the necessity of running antivirus software

    • Some people even use it correctly!

You answer a call to 5 help l.jpg
You Answer a Call to 5-HELP

  • And the caller begins to explain…

    • “I think my PC has a virus”

      • Maybe it does, and maybe it doesn’t

      • We’ll look at diagnostic approaches presently

    • “I got an email from the Security Office…”

      • Get the details, but…

      • A referral to the Level 2 Help Desk, or local or contract support is probably the right move

      • If Networking or the Security Office has noticed a problem, the computer is almost certainly hacked

  • If the caller has self-diagnosed, or if you suspect malware is involved, you ask…

The usual questions 1 l.jpg
The Usual Questions 1

  • If a caller’s PC might have an infection, or otherwise be compromised:

    • Ask what version of Windows they’re using

    • Ask them if they’re keeping it patched

    • Ask them if they’re using antivirus software, and if it’s up-to-date

    • For Windows 2000 & XP, ask them if they have good passwords for all user accounts

    • Ask them if they use a firewall

  • The caller may not know the answers to some of these questions, of course…

The usual questions 2 l.jpg
The Usual Questions 2

  • So you may need to guide the caller to learn the answers to these questions

    • To check if Windows is properly updated, have the caller visit:


    • Launch Symantec AntiVirus to check the date of the virus definitions file

    • To check password strength, use the Stanford Security Self-Help tool

    • Windows XP has a built-in firewall, as do many broadband routers

The answers l.jpg
The Answers

  • If a user can’t access the network, that problem is likely not caused by malware

  • If a user can’t run, install or update SAV or other security software, that’s a clue that the PC has been infected by a worm

  • If Windows isn’t patched, and/or AV software is out of date, and/or user accounts have weak passwords, the PC is definitely vulnerable to compromise

  • If the web browser (especially IE) goes to unexpected sites, suspect spyware

More symptoms l.jpg
More Symptoms

  • We’ve just looked at a couple of common symptoms of malware

  • Here are some other possible signs:

    • Sluggishness

    • One or more unexpected restarts

    • Frequent system crashes

    • Constant hard disk activity

    • Generalized “strange behavior”

  • Hackers try to hide their presence: If they’re good, they will succeed

  • Worms and some viruses do likewise

Steps to recovery l.jpg
Steps to Recovery

  • Most symptoms of malware also have other, more mundane causes

  • If there’s any reason to suspect the presence of malware on a user’s PC, update virus definitions, disconnect the network cable, and run a full antivirus scan of all hard drives

  • Install and run SpySweeper

  • And always, always teach computer users how to protect themselves from malware! Prevention is key!

Mass mailing worms l.jpg
Mass-Mailing Worms

  • Mass-mailing worms are one of the most common vectors for malware

  • Most people know not to open “suspicious” email attachments

    • But the worm writers are getting a lot craftier, and the attachments often look less “suspicious” these days

  • Many people are still confused by sender address “spoofing”

    • Mass-mailing worms mail themselves out using randomly chosen sender addresses

I got a suspicious email l.jpg
I Got a “Suspicious” Email

  • A caller might say:

    • I got a strange email message from my bank (or a bank I don’t even use), etc.

    • I got a message from my “system administrator” telling me to do something

    • I got a message from a friend telling me there’s some file I’m supposed to delete

  • Such messages are usually “phishing” attacks, or “hoax viruses”

    • Delete the email message; don’t do what it says; never give out private information

Top 6 pc security must dos l.jpg
Top 6 PC Security Must-Dos

  • Patch Windows automatically

    • New patches 2nd Tuesday of each month

    • Use BigFix & Windows Automatic Updates

  • Use strong passwords (even better, pass phrases) for all user accounts

  • Use a firewall, such as Windows XP’s built-in software firewall

  • Use and properly maintain good antivirus software

  • Don’t open suspicious email attachments

  • Disable Windows File & Printer Sharing

Tools for prevention l.jpg
Tools for Prevention

  • Essential Stanford Software


    • Symantec AntiVirus

    • BigFix client

    • SpySweeper

    • Security Self-Help Tool

    • Use the Firefox web browser (not IE)

  • Stanford Secure Computing web site


  • Microsoft Baseline Security Analyzer


Questions research tools l.jpg
Questions? Research Tools

  • If you’ve been saving up questions, now’s your chance!

  • Tools for research & troubleshooting: