1. Introduction to
Malwares
NATIONAL CONFERENCE ON CYBER SECURITY AND DIGITAL
THREATS 2015
Are you a Victim ?
Abdelhamid Limami
IT Security Consultant @ ITDefence

2. Overview
 What Malwares Are ?
 Types of Malwares.
 How do they infect hosts ?
 How do they Hide ?
 How do they propagate?
 Statistic Data.
 How They can be Detected ?
 Demo (Real scenario).
 Conclusion.

3. What is A Malware ?
Malicious Software :
• any software that brings harm to a computer system
which steal protected data, delete documents or add
software without user permission.
• Generally they are stealthy and Invisible.

4. Types of Malwares
 Virus
 Backdoor
 Trojans
 Rootkit
 Adware
 Worm
 Ransomware
 …

5. Virus
 Virus is a computer program usually hidden within another
seemingly innocuous program that produces copies of itself and
inserts them into other programs or files, and that usually performs
a malicious action (such as destroying data or corrupting the
system).

6. Trojan Horse
 Known as "Trojans" , is a type of malware that disguises itself as a
normal file or program to trick users into downloading and
installing malware. A Trojan can give a malicious party remote
access to an infected computer.
 It is possible for the attacker to steal data (logins, financial data,
even electronic money), install more malware, modify files,
monitor user activity (screen watching, keylogging, etc), use the
computer in botnets.

7. Worm
 Computer worm is a program that replicates itself in order to spread
to other computers. Often, it uses a computer network to spread
itself, relying on security failures on the target computer to access it.
Unlike a computer virus, it does not need to attach itself to an
existing program.
 It doesn't need any user intervention.
 Worms often spread by sending mass emails with infected
attachments to users contacts.

8. Backdoors
 Backdoor is a technique in which a system security mechanism is
bypassed undetectably to access a computer or its data. It
exploits undocumented processes in the system's code to
secretly control a program, computer or network, while
attempting to remain undetected.
 Some backdoors are placed in the software by the original
programmer
 consists of 2 components -: the client and its server(s)

9. Rootkit
 A rootkit is a type of software designed to hide the fact that an
operating system has been compromised, sometimes by
replacing vital executable(s). Rootkits allow viruses and malware
to “hide in plain sight” by disguising as necessary files that your
antivirus software will overlook.
 An attacker can install it once they've obtained access on the
compromised machine.
 In other words, rootkits are all about hiding things.

10. How do they Infect us ?

11. Rogue Security Softwares

12. Ransomware

13. Drive-by downloads

14. Social Networks

15. How Do They Hide ?
 Hiding in plain sight:
• An entry in process list.
• Unknown process name.
• Unexpected Process.
• Process binary at unusual location.
• Process with unexpected user account/privilege.
 Hiding deep inside:
• No entry in process list.
• Unexpected library.
• Unusual usage of system resources.
• Re-appearance of some files after deletion.

16. How do they propagate?

17. File sharing & P2P

18. Adware

19. Email spoofing & phishing

20. Some Stats
MALWARE INFECTIONS BY TYPE IN Q1 2013 (PandaLabs)
Av-Test 2014 statistics

21. How they can be Detected ?

22. Malware Symptoms:
 Computer is running extremely slow (seems like a Virus).
 Antivirus and firewall protection is unexpectedly disabled.
 Modifications on the Registry
 Unwanted toolbars on your web Browser.
 Even if you remove them, they might return each time you restart your
computer.
 Unfamiliar and peculiar error messages.
 programs won't run or files won't open.
 can't access certain drives on your computer.
 File sizes

23. Detection
 Analyze program behavior:
 Network access
 File open
 Attempt to delete file
 Attempt to modify the boot sector
 Use Sandbox:
 Running the executable in a VM
 Observe it
 File activity & Network TCP/UDP
 Memory
 Detect change by comparing checksum.
 Beware of pop-ups!
 Have an Anti-virus & Anti-Malware that is up to date.
 “It is not possible to build a perfect virus/malware detector “ (Cohen)

24. Demo Time
NO PWN, NO PARTY !

25. Conclusion
 Do Not Fear Malwares, Understand how they work!
 It’s not just Computer malwares: There’s Mobiles, ATM, POS … Malwares.
 Be Updated.
 Don’t Trust Unknown sources.
 Avoid Malwares is easier then removing.

26. Thank You!