Malware CJ 290
Popular in Special Topics: Cybercriminology
Popular in Criminal Justice
This 5 page Class Notes was uploaded by Erica Kugler on Friday September 4, 2015. The Class Notes belongs to CJ 290 at University of Alabama - Tuscaloosa taught by Kellin Treadway in Fall 2015. Since its upload, it has received 66 views. For similar materials see Special Topics: Cybercriminology in Criminal Justice at University of Alabama - Tuscaloosa.
Reviews for Malware
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/04/15
Malware and Automated Computer Hacks Malware malicious software It s the range of programs used to automate attacks against computer systems Utilizes exploits that take advantage of vulnerabilities to automate the process of intrusion into systems Malware works bc there is no perfect system ie All systems have vulnerabilities Payload changes the malware makes to the infected system Malware is often contained within attachments or files that victims open without realizing that they are infecting their computerdevice O O This is an example of social engineering as the malware offender is able to get the victim to fall into their trap and spread the malware Why do people use malware Malware is designed and commonly used to for several malicious actions 0 0 Log keystrokes by users to gain passwords Deletecorrupt files Access private files Create backdoors in infected systems so that the offender can get back into the system at a later time Malware is very costly to remove and repair Malware programs 0 There are numerous types of malware programs Most common malware programs fall into 3 categories plus one catch all category 0 Viruses o 0 Virus Trojan Worm Blended catchall category gt program welements of different malware Most recognized form of malware Oldest form of malware Started out as benign programs that old school hackers created 0 Viruses must be attached to a host to spread Ex email wan attachment or file that has the virus on it 0 When the attachment or file is opened the virus is activated 0 Viruses can spread through Trojans o 0 Boot sector of PCs 0 Storage area on the hardware that deals with startup protocols Execution of an infected program Opening an infected file Concealment in email attachments pirated software and shareware files No automated replication Can conceal larger payloads ie Can make more changes to the system than virusworm I Once the Trojan is downloaded it can execute the payload silently so that the victim doesn t realize the system is being infected 0 Contains many functions that give attackers substantive control over infected systems I Keystroke logging I Webcam control I Access stored info via backdoors I Controldisable antivirus software 0 Worms 0 Selfreplicating do not need a attach to a file to spread o No need for a host 0 Essentially a DDoS attack the worm takes up storage memory and overloads the server 0 Ex ZipDecompression Bomb I Victim opens the file and the worm code appears I The worm then replicates and takes up space in the computer s storage rendering the computer system inactive and useless o Botnet Blended threat 0 Infect like a virus or worm but deliver a payload akin to a Trojan o Botnet network of infected systems 0 quotzombie computer computer taken over during a botnet attack that inadvertently aids in overloading the system 0 Botnets are used to carry out DDoS attacks and distribution of spam 0 RansomwareScareware 0 Computer hostage situation 0 Computer user is quotlockedquot out offender has complete control of the computerdevice o How it works offender takes over the computerdevice and demands ransom money in return for unlocking the computerdevice I quotLockedquot out computers can only be quotunlockedquot by an encryption key which only the offender is in possession of 0 Impact of Malware 0 82000 variations of malware identified per day in 2013 o Malware attacks are a global problem 0 Use of antivirus protection programs does not eliminate the risk of attack or harm o Hackers and malware writers aka Virus Writers 0 Motivated by I Attention I Desire to cause damage or disrupt things I May not see their actions as wrong claim quotjust playing around wcodes I Make S o Cybercrime market 0 Online black market for malware 0 Skilled malware writers often sell their products to lesser skilled hackers o Malware as crimeware is purchaser uses the program for illegal activity 0 Social forces in cybercrime market 0 3 norms structuring cybercrime market relationships and actions I Price 0 Bargainingprice negotiations between buyer and seller 0 Price expectations drive negotiations I Customer service 0 Buyers expect quick and hassle free service 0 Customer feedback drives customer service 0 Sellers use giftsservices to entice buyers 0 Sellers set us forums for customer comments and questions 0 No facetoface contact bwn buyer and seller means that the transaction is based on trust that the buyer will pay the price and the seller will provide the product Key words 0 AntiMalware Testing Standards Organization AMTSO 0 Organization that works to improve the process of malware identification and product testing by antimalware companies 0 Back Orifice 2000 BOZK 0 Type of Trojan written by the hacker group Cult of the Dead Cow CDC 0 Designed to infect Microsoft programs 0 Blended threat 0 When different forms of malware virus Trojan worm programs are combined 0 Boot sector 0 Region of any sort of storage media that can hold code that is loaded into memory by the computer s firmware 0 Boot sector virus 0 Virus that attempts to install its code into the boot sector of a storage device 0 Botnet 0 Type of blended threat gt combines Trojan and virus malware into a single program 0 The malware is sent via a fileattachment and when opened it executes its program and installs a quotbotquot program into the system I quotbotquot program allows users beside the system owner to control the computer 0 Code red worm 0 Type of worm that infect any web server using Microsoft IIS software 0 High rate of replication Caused major network outages 0 Computer contaminants 0 Term replacing the word quotmalwarequot in lawsstatues o Regarded as programs designed to damage destroy or transmit info win a system wo the permission of the owner 0 Computer Emergency Response Team CERT 0 Teams that provide rapid response to emergency network malware attacks 0 Called Computer Security Incident Response Teams CSIRT in other countries Concept virus 0 First macro virus 1995 Crimeware o Botnets that perform DDoS attacks distribute spam and attack system traffic Cryptoocker 0 Example of a ransomwarescareware that came as a downloadable attachment in emails and when opened it attacked Microsoft Window systems Cult of the dead cow Distributed denial of service DDoS attack 0 A system is targeted by a flood of network requires the system gets overloaded and can t operate Elk Cloner 0 Example of an early virus that infected home computers specifically Apple II computers 0 Developed as a prank by 15 year old Rich Skrenta Exploit 0 Piece of code that put on a system after a hacker gains access via a vulnerability Exploit packs 0 Exploit programs that allow hackers to remotely takeover computer systems Forum for Incident Response and Security Teams FIRST 0 Global organization that seeks to increase cooperation and coordination about information sharing bwn worldwide cyber response teams Macroprogramming language 0 Type of program that macro viruses run on 0 Program associated wspecific applications and embeds the virus code into certain files Macro virus 0 Virus that uses a vulnerabilityweakness in popular computer programs like Excel and Word to infest a system Malware malicious software 0 Term for range of destructive programs that can be used to harm computer systems gain access to sensitive info or engage in different types of cybercrime Melissa virus 0 Popular virus that infected the World Wide Web via macros in users computer programs like Microsoft Word Morris worm 0 One of the first worms developed by Robert Morris 0 Worm code infected all computers operating online on November 2 1988 0 Morris was found guilty of violating the Computer Fraud and Abuse Act MuTation Engine MtE o Polymorphic generator that encrypted viruses and randomized the way viruses replicate 0 Made it harder for viruses to be detected and removed Operation Bot Roast 0 Cybercrime operation that infected millions of computers and operated via botnets Payload 0 Changes to a computer system caused by malware Ransomwarescareware o Malware that threatens the target to pay a ransom to have the malware removed 0 The system will receive and execute payloads until the ransom is paid Trojan o Malware that cannot replicate on its own and requires user intervention for activation 0 Operates as a file that must be opened by the victim after it is openeddownloaded the Trojan releases its code and delivers its payload to the system US Computer Fraud and Abuse Act 0 Criminal law regarding cybercrimes and malware o Statues regarding malware in the Act fifth statue I Illegal to knowingly cause the transmission of a program info code or command and cause damage to a computer I Illegal to intentionally access a protected computer wo authorization and cause reckless damage I Illegal to intentionally access a protected computer wo authorization and cause damage or loss Worms 0 Form of malware that can automatically spreadreplicate on its own 0 Doesn t necessarily contain a payload instead it uses the system s memory to spread and render the system useless 0 Form of malware that cannot be activated nor execute its payload wo user intervention I Ex of user intervention clicking and opening a file or email 0 Oldest form of malware Vulnerability o Flaws in computer software s3 things that affect the market sale of malware price customer service and trust 3 things to improve trust in malware sale checks guarantor program and customer feedback
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'