malware viruses worms trojan horses spyware what they are how to deal with them
Skip this Video
Download Presentation
Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them

Loading in 2 Seconds...

play fullscreen
1 / 25

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them - PowerPoint PPT Presentation

  • Uploaded on

Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them. Jay Stamps, [email protected] , 723-0018 ITSS Help Desk Level 1 Training, November 18, 2004. Course Objectives. Understand what malware is, where it comes from, and what it does

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Malware: Viruses, Worms, Trojan Horses, & Spyware What They Are & How to Deal with Them' - milos

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
malware viruses worms trojan horses spyware what they are how to deal with them
Malware: Viruses, Worms, Trojan Horses, & SpywareWhat They Are & How to Deal with Them

Jay Stamps, [email protected], 723-0018

ITSS Help Desk Level 1 Training, November 18, 2004

course objectives
Course Objectives
  • Understand what malware is, where it comes from, and what it does
  • Diagnose compromised or infected computers based on reported symptoms
  • Basic troubleshooting techniques for possibly compromised computers
  • Research & diagnostic tools
  • Prevention: Worth a pound of cure!
  • But that was the last picture you’re going to see in this presentation!
  • The good news is that your instructor loves questions, and you’re cordially invited to interrupt him at any time, or save your questions for later
  • It’s a cliché, but there are no “dumb questions”: The point is to learn
  • And if I don’t have a good answer, I’ll suggest that you make finding one part of your homework assignment!
what s malware
What’s “Malware”?
  • Shortened form of “malicious software”
    • But it’s not always really malicious
  • So “malware” is a general term for:
    • Computer and macro viruses of any kind
    • Internet and mass-mailing worms
    • Trojan horses, backdoors and rootkits
    • Other computer exploits, bots, zombies
    • Spyware, adware, and other software installed on a computer without the user’s knowledge or informed consent
    • And then there are the “hoax viruses”…
why use the word virus
Why Use the Word “Virus”?
  • The analogy with biological viruses
    • Computer viruses exist to self-replicate
    • They can often adapt (mutate) to survive
    • They might or might not harm the host
    • They “infect” by inserting themselves into a “healthy” system (be it a computer program or living organism)
  • The term “virus” is heavily overused
    • That’s why we’re talking about “malware”
  • But when someone’s PC is misbehaving…
    • They call 5-HELP and say, “I’ve got a virus!”
are only pcs affected
Are Only PCs Affected?
  • The answer is “No”
  • Are Macintoshes immune?
    • The answer is “yes and no” - sort of…
    • The first virus in 1982 infected Apple IIs
    • A great deal of malware - some of it not so malicious - existed for Mac OS “Classic”
    • Are there any Mac OS X malware programs? Well, not in the wild, not yet…
  • What about Unix and Linux OSes?
    • Lots of malware is in circulation for these platforms - lots!
why does malware exist
Why Does Malware Exist?
  • When “viruses” first became common…
    • And “normal people” began to use personal computers…
    • If a “virus” struck, they were confused, alarmed, felt violated…
    • They’d ask, “Where do these things come from?” and “How did I get infected?”
      • Often they’d feel embarrassed, like they’d picked up an STD in a reckless moment…
    • When told, “People deliberately create viruses,” they’d properly ask, “Why?”
  • What do you think? Why does malware exist? (Possible homework assignment!)
brief history of malware
Brief History of Malware
  • “Viruses” appeared in early 1980s
    • Very soon after first personal computers
    • They spread by floppy disks, later via “bootleg” & other software on “BBSes”
    • They often weren’t meant to be destructive
  • Internet “worms” arrived in late 1980s
    • “There may be a virus loose on the internet.” - Andy Sudduth of Harvard University, 34 minutes past midnight, November 3, 1988
brief history continued
Brief History Continued
  • First mass-mailing worm came in 1999
    • Usually called the “Melissa virus”
    • It was also a “macro virus”
    • Infected file had to be opened in MS Word
  • Spyware hits the scene around 2000
    • “Adware” claims to be legitimate, legal
    • “Browser hijacking” is common symptom
  • Other exploits, trojans, backdoors…
    • Have been around for a long time
    • Hackers target entities for malicious attack, or may want “free” computing resources
we ll stick to ms windows
We’ll Stick to MS Windows
  • The majority of computer users at Stanford have Microsoft Windows PCs
  • The majority of malware “in the wild” today attacks only Windows PCs
    • Malware is very platform-dependent
  • Microsoft has only recently made computer security a priority
  • In the past…
    • MS tended to “enable everything by default”
    • Network-connected “services” running on a computer are an open invitation to hackers
why so much malware
Why So Much Malware?
  • Is malware becoming more common?
  • Yes!!! It is!!! (and harder to fight off)
  • Why might that be?
  • The Internet! Plus all the high-powered PCs in homes & offices connected to it
  • Why does that make a difference?
  • As with biological viruses, lots of people (or computers) are rubbing up against each other in a common space; and computers (like people) don’t always cover their mouths when they sneeze…
help i ve got a virus
“Help! I’ve Got a Virus!”
  • A lot of people self-diagnose (wrongly)
    • “Doc, I think I’ve got the flu.” “How much did you drink last night?” “Uh, three six packs. I think. I don’t really remember…”
  • Only a few years ago…
    • Most folks who thought their PC had a viral infection were wrong!
    • When PCs behaved strangely, usually there was a problem with the OS or an application that was not at all virus-related
  • Today that’s still true, but…
today that s true but
Today That’s True, But…
  • Malware is more common, while OSes and applications are both more feature-laden and (often) more robust
    • More features mean more potential vulnerabilities for hackers to exploit
    • Greater robustness means strange behavior is somewhat likelier to be caused by malware
  • Plus more people use protective software
    • Few people these days are unaware of the necessity of running antivirus software
    • Some people even use it correctly!
you answer a call to 5 help
You Answer a Call to 5-HELP
  • And the caller begins to explain…
    • “I think my PC has a virus”
      • Maybe it does, and maybe it doesn’t
      • We’ll look at diagnostic approaches presently
    • “I got an email from the Security Office…”
      • Get the details, but…
      • A referral to the Level 2 Help Desk, or local or contract support is probably the right move
      • If Networking or the Security Office has noticed a problem, the computer is almost certainly hacked
  • If the caller has self-diagnosed, or if you suspect malware is involved, you ask…
the usual questions 1
The Usual Questions 1
  • If a caller’s PC might have an infection, or otherwise be compromised:
    • Ask what version of Windows they’re using
    • Ask them if they’re keeping it patched
    • Ask them if they’re using antivirus software, and if it’s up-to-date
    • For Windows 2000 & XP, ask them if they have good passwords for all user accounts
    • Ask them if they use a firewall
  • The caller may not know the answers to some of these questions, of course…
the usual questions 2
The Usual Questions 2
  • So you may need to guide the caller to learn the answers to these questions
    • To check if Windows is properly updated, have the caller visit:
    • Launch Symantec AntiVirus to check the date of the virus definitions file
    • To check password strength, use the Stanford Security Self-Help tool
    • Windows XP has a built-in firewall, as do many broadband routers
the answers
The Answers
  • If a user can’t access the network, that problem is likely not caused by malware
  • If a user can’t run, install or update SAV or other security software, that’s a clue that the PC has been infected by a worm
  • If Windows isn’t patched, and/or AV software is out of date, and/or user accounts have weak passwords, the PC is definitely vulnerable to compromise
  • If the web browser (especially IE) goes to unexpected sites, suspect spyware
more symptoms
More Symptoms
  • We’ve just looked at a couple of common symptoms of malware
  • Here are some other possible signs:
    • Sluggishness
    • One or more unexpected restarts
    • Frequent system crashes
    • Constant hard disk activity
    • Generalized “strange behavior”
  • Hackers try to hide their presence: If they’re good, they will succeed
  • Worms and some viruses do likewise
steps to recovery
Steps to Recovery
  • Most symptoms of malware also have other, more mundane causes
  • If there’s any reason to suspect the presence of malware on a user’s PC, update virus definitions, disconnect the network cable, and run a full antivirus scan of all hard drives
  • Install and run SpySweeper
  • And always, always teach computer users how to protect themselves from malware! Prevention is key!
mass mailing worms
Mass-Mailing Worms
  • Mass-mailing worms are one of the most common vectors for malware
  • Most people know not to open “suspicious” email attachments
    • But the worm writers are getting a lot craftier, and the attachments often look less “suspicious” these days
  • Many people are still confused by sender address “spoofing”
    • Mass-mailing worms mail themselves out using randomly chosen sender addresses
i got a suspicious email
I Got a “Suspicious” Email
  • A caller might say:
    • I got a strange email message from my bank (or a bank I don’t even use), etc.
    • I got a message from my “system administrator” telling me to do something
    • I got a message from a friend telling me there’s some file I’m supposed to delete
  • Such messages are usually “phishing” attacks, or “hoax viruses”
    • Delete the email message; don’t do what it says; never give out private information
top 6 pc security must dos
Top 6 PC Security Must-Dos
  • Patch Windows automatically
    • New patches 2nd Tuesday of each month
    • Use BigFix & Windows Automatic Updates
  • Use strong passwords (even better, pass phrases) for all user accounts
  • Use a firewall, such as Windows XP’s built-in software firewall
  • Use and properly maintain good antivirus software
  • Don’t open suspicious email attachments
  • Disable Windows File & Printer Sharing
tools for prevention
Tools for Prevention
  • Essential Stanford Software
    • Symantec AntiVirus
    • BigFix client
    • SpySweeper
    • Security Self-Help Tool
    • Use the Firefox web browser (not IE)
  • Stanford Secure Computing web site
  • Microsoft Baseline Security Analyzer
questions research tools
Questions? Research Tools
  • If you’ve been saving up questions, now’s your chance!
  • Tools for research & troubleshooting: