SlideShare a Scribd company logo

Rapid malware defenses

Rahul Amabadkar
Rahul Amabadkar
Technology
1 of 8
Rapid Malware Defenses • Master IDS watches over network – “Infection” proceeds on part of network – Determines whether an attack or not – If so, IDS saves most of the network – If not, only a slight delay • Beneficial worm – Disinfect faster than the worm infects • Other approaches? Part 4  Software 1
Push vs Pull Malware • Viruses/worms examples of “push” • Recently, a lot of “pull” malware • Scenario – A compromised web server – Visit a website at compromised server – Malware loaded on you machine • Good paper: Ghost in the Browser Part 4  Software 2
Botnet • Botnet: a “network” of infected machines • Infected machines are “bots” – Victim is unaware of infection (stealthy) • Botmaster controls botnet – Generally, using IRC – P2P botnet architectures exist • Botnets used for… – Spam, DoS attacks, key logging, ID theft, etc. Part 4  Software 3
Botnet Examples • XtremBot – Similar bots: Agobot, Forbot, Phatbot – Highly modular, easily modified – Source code readily available (GPL license) • UrXbot – Similar bots: SDBot, UrBot, Rbot – Less sophisticated than XtremBot type • GT-Bots and mIRC-based bots – mIRC is common IRC client for Windows Part 4  Software 4
More Botnet Examples • Mariposa – Used to steal credit card info – Creator arrested in July 2010 • Conficker – Estimated 10M infected hosts (2009) • Kraken – Largest as of 2008 (400,000 infections) • Srizbi – For spam, one of largest as of 2008 Part 4  Software 5
Computer Infections • Analogies are made between computer viruses/worms and biological diseases • There are differences – Computer infections are much quicker – Ability to intervene in computer outbreak is more limited (vaccination?) – Bio disease models often not applicable – “Distance” almost meaningless on Internet • But there are some similarities… Part 4  Software 6
Computer Infections • Cyber “diseases” vs biological diseases • One similarity – In nature, too few susceptible individuals and disease will die out – In the Internet, too few susceptible systems and worm might fail to take hold • One difference – In nature, diseases attack more-or-less at random – Cyber attackers select most “desirable” targets – Cyber attacks are more focused and damaging Part 4  Software 7
Future Malware Detection? • Likely that malware outnumbers “good ware” – Metamorphic copies of existing malware – Many virus toolkits available – Trudy: recycle old viruses, different signature • So, may be better to “detect” good code – If code not on “good” list, assume it’s bad – That is, use white list instead of blacklist Part 4  Software 8

Recommended

Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horse
jyoti_lakhani
 
Security
SecuritySecurity
Security
Renu Ananya
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
Greater Noida Institute Of Technology
 
computer viruses
computer virusescomputer viruses
computer viruses
ishan2shawn
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
vivek pratap singh
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12
kiranlohakare2
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti viruses
Mohit Jaiswal
 

Recommended

Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horse
jyoti_lakhani
 
Security
SecuritySecurity
Security
Renu Ananya
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
Greater Noida Institute Of Technology
 
computer viruses
computer virusescomputer viruses
computer viruses
ishan2shawn
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
vivek pratap singh
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12
kiranlohakare2
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti viruses
Mohit Jaiswal
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
vipinkumar940
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
Sadaf Walliyani
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
MDAZAD53
 
Malwares
MalwaresMalwares
Malwares
Ishaq Ticklye
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
sandeep shergill
 
Eh34803812
Eh34803812Eh34803812
Eh34803812
IJERA Editor
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
Hossein Yavari
 
Viruses And Hacking
Viruses And HackingViruses And Hacking
Viruses And Hacking
Muhammad Fahd Un-Nabi Khan
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Abdul Wadood Khan
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
rajakhurram
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Malware
MalwareMalware
Malware
MohsinHusenManasiya
 
Virus
VirusVirus
Virus
argusacademy
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
tbrown123
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
Md.Tanvir Ul Haque
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Dark Side
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
Neha Kurale
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
diarfirstdiarfirst
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
malikmuzammil2326
 

More Related Content

What's hot

How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
Sadaf Walliyani
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
rajakhurram
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
tbrown123
 

What's hot (20)

computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malwares
MalwaresMalwares
Malwares
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Eh34803812
Eh34803812Eh34803812
Eh34803812
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Viruses And Hacking
Viruses And HackingViruses And Hacking
Viruses And Hacking
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Malicious
MaliciousMalicious
Malicious
 
Malware
MalwareMalware
Malware
 
Virus
VirusVirus
Virus
 
Sober Worm Presentation
Sober Worm PresentationSober Worm Presentation
Sober Worm Presentation
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 

Similar to Rapid malware defenses

Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 

Similar to Rapid malware defenses (20)

Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
10 malware
10 malware10 malware
10 malware
 
Computer worm
Computer wormComputer worm
Computer worm
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks
 
virus,worms & analysis
virus,worms & analysis virus,worms & analysis
virus,worms & analysis
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Lecture 19
Lecture 19Lecture 19
Lecture 19
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Computer viruses - A daily harm
Computer viruses - A daily harmComputer viruses - A daily harm
Computer viruses - A daily harm
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
Security
SecuritySecurity
Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Rapid malware defenses

  • 1. Rapid Malware Defenses • Master IDS watches over network – “Infection” proceeds on part of network – Determines whether an attack or not – If so, IDS saves most of the network – If not, only a slight delay • Beneficial worm – Disinfect faster than the worm infects • Other approaches? Part 4  Software 1
  • 2. Push vs Pull Malware • Viruses/worms examples of “push” • Recently, a lot of “pull” malware • Scenario – A compromised web server – Visit a website at compromised server – Malware loaded on you machine • Good paper: Ghost in the Browser Part 4  Software 2
  • 3. Botnet • Botnet: a “network” of infected machines • Infected machines are “bots” – Victim is unaware of infection (stealthy) • Botmaster controls botnet – Generally, using IRC – P2P botnet architectures exist • Botnets used for… – Spam, DoS attacks, key logging, ID theft, etc. Part 4  Software 3
  • 4. Botnet Examples • XtremBot – Similar bots: Agobot, Forbot, Phatbot – Highly modular, easily modified – Source code readily available (GPL license) • UrXbot – Similar bots: SDBot, UrBot, Rbot – Less sophisticated than XtremBot type • GT-Bots and mIRC-based bots – mIRC is common IRC client for Windows Part 4  Software 4
  • 5. More Botnet Examples • Mariposa – Used to steal credit card info – Creator arrested in July 2010 • Conficker – Estimated 10M infected hosts (2009) • Kraken – Largest as of 2008 (400,000 infections) • Srizbi – For spam, one of largest as of 2008 Part 4  Software 5
  • 6. Computer Infections • Analogies are made between computer viruses/worms and biological diseases • There are differences – Computer infections are much quicker – Ability to intervene in computer outbreak is more limited (vaccination?) – Bio disease models often not applicable – “Distance” almost meaningless on Internet • But there are some similarities… Part 4  Software 6
  • 7. Computer Infections • Cyber “diseases” vs biological diseases • One similarity – In nature, too few susceptible individuals and disease will die out – In the Internet, too few susceptible systems and worm might fail to take hold • One difference – In nature, diseases attack more-or-less at random – Cyber attackers select most “desirable” targets – Cyber attacks are more focused and damaging Part 4  Software 7
  • 8. Future Malware Detection? • Likely that malware outnumbers “good ware” – Metamorphic copies of existing malware – Many virus toolkits available – Trudy: recycle old viruses, different signature • So, may be better to “detect” good code – If code not on “good” list, assume it’s bad – That is, use white list instead of blacklist Part 4  Software 8