slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Windows Malware: Detection And Removal PowerPoint Presentation
Download Presentation
Windows Malware: Detection And Removal

Loading in 2 Seconds...

play fullscreen
1 / 25

Windows Malware: Detection And Removal - PowerPoint PPT Presentation

  • Uploaded on

Windows Malware: Detection And Removal. TechBytes Tim Ramsey. Computer Security!. What is “malware”? How does malware get on my PC? How do I get rid of malware? Resources. What Is “Malware”?. “ Mal icious Soft ware ” Includes: Viruses, worms, Trojan horses Spyware

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Windows Malware: Detection And Removal' - Rita

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
computer security
Computer Security!
  • What is “malware”?
  • How does malware get on my PC?
  • How do I get rid of malware?
  • Resources
what is malware
What Is “Malware”?
  • “Malicious Software”
  • Includes:
    • Viruses, worms, Trojan horses
    • Spyware
    • Remote-control software
    • “Botnets”
    • Rootkits
  • The lines are getting blurry
viruses worms trojan horses
Viruses, Worms, Trojan Horses
  • Viruses: modify executables and documents; we humans do the rest
  • Worms: self-replicating programs
  • Trojan Horses: still fooling us after all these years
  • Installed with or without your knowledge and consent
    • Do you read the entire EULA?
    • I do (except the French part)
  • Tracks URLs visited, information entered into forms
  • Can even monitor secure (https://) pages
spyware cont
Spyware, Cont.
  • Keyboard loggers: capture passwords, PINs, account numbers
  • Organized crime loves this stuff
remote control software
Remote–Control Software
  • Windows Remote Assistance
  • VNC, Radmin
  • Netbus, BackOrifice
  • “The single greatest threat facing humanity”
  • Quickly becoming a top problem on campus
  • Hordes of infected “drone” hosts
  • Used for spam relay, DDOS, scanning, infection
botnets cont
Botnets, Cont.
  • Spreading via IM, email, compromise
  • Installs remote-control software
  • Connects to central server to announce presence and await commands
  • Allows “Botmaster” to control 100, 1000, 10000+ infected hosts with simple commands
  • Continually evolving
botnets cont 2
Botnets, Cont. 2
  • Network connections are initiated by the drone hosts
  • Uses common protocols: HTTP, IRC, FTP
  • Starting to see stealth techniques employed to hide infection (rootkits), communications (SSL, steganography)
  • Tremendous incentives for Botmasters to grow, maintain, defend their horde
  • You don’t want this on your computer
how does malware get on my pc
How Does Malware Get On My PC?
  • Compromise
    • Security vulnerabilities
    • Browser vulnerabilities
    • Open file shares
  • Social Engineering
    • People click on the darndest things
    • Packaged with other software
how do i get rid of malware
How Do I Get Rid Of Malware?
  • Best: Don’t get infected
    • Antivirus
    • OS and application patches
    • Enable Windows Firewall
    • Healthy paranoia
      • Don’t run files that friends or strangers send to you!
      • Don’t install random software from the Web
  • Um, yeah. I still got infected. What now?
malware removal
Malware Removal
  • Safest: “R/R”
  • Reformat / Reinstall are necessary if the infection contains a remote control component
    • No telling what has been installed, changed
    • SIRT policy
    • A botnet infection means R/R is mandatory
  • Otherwise, try to identify the infection
identifying the infection
Identifying The Infection
  • Anti-Virus software scan
  • Anti-Spyware scan
    • Spybot Search & Destroy
    • Microsoft Windows AntiSpyware (Beta)
    • AdAware
  • Other, more specialized, tools
removing the infection
Removing The Infection
  • Are you sure you wouldn’t rather R/R?
  • If you’ve identified the infection, look for a removal tool
    • Symantec, McAfee, other AV vendors
    • Google search (but be careful)
  • When in doubt, reformat and reinstall
a note about reformat reinstall
A Note About Reformat / Reinstall
  • Back up your data first
  • Practically every OS is vulnerable to network compromise during installation
    • Unplug the computer from the network
    • Install OS, service packs, patches from CD
    • Enable Windows Firewall
    • Install SAV from CD
    • Set administrator password
    • Then plug back in
rootkits making life harder
Rootkits: Making Life Harder
  • Pre-packaged software to hide malware
  • Freely obtainable (
  • There are even commercial packages!
  • Insert hooks into system, kernel
  • Trap program calls to list directory contents, running processes, registry entries
  • Filter out what the bad guys don’t want you to see
detecting rootkits
Detecting Rootkits
  • Look for the hooks
  • Look for known file names, processes
  • Look for what’s being hidden
  • Difficult to do, getting more difficult
  • Tools exist to do this, but most don’t detect everything
  • Hot topic of research for both sides
removing rootkits
Removing Rootkits
  • Are you sure you wouldn’t rather R/R?
  • Removal tools exist for most rootkits
  • Deep magic, requiring wizardry and time
  • K-State provided antivirus software
  • Spybot Search & Destroy
  • Microsoft Windows Antispyware (Beta)
resources cont
Resources, Cont.
  • Rootkit Detection
  • K-State configuration for XP Firewall
  • SANS Top 20
thanks for coming

Thanks For Coming!

(I hope today wasn’t too taxing)