Malware 101 “Basics” - ROOTCON

1y ago
2.99 MB
55 Pages
Last View : 1m ago
Last Download : 11m ago
Upload by : Grant Gall

Malware 101Malware 101“Basics”Berman Enconado

Malware 101Malware is malicious softwareHow to identify? Stealing informationUnauthorized accessExploitsFooling the unsuspecting user


Malware 101Classification of MalwareMalwareGraywareGoodware

VirusesFile HeaderEntry PointMalware 101File HeaderFile HeaderHost CodeHost CodeEntry PointHost CodeUninfectedHostVirus CodeVirus CodeInsertionEntry PointVirus CodeInfectedHost(HeaderUpdated)

ExploitsExploited WinAmpPlaylist (m3u file)Malware 101

Trojan / BackdoorMalware 101Network/InternetServerComponentClient ComponentVictimAttacker

Trojan / Backdoor Malware 101Dropped files– Usually in %windows% or %system% directories Autostart– HKEY LOCAL Run– HKEY LOCAL RunOnce– HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon– %USERPROFILE%\Start Menu\Programs\Startup

RootkitMalware 101

WormsThe famous “LoveBug” aka ”I loveyou” worm. Not avirus but a worm.(Filipino-made)Malware 101

Malware 101Brief History of MalwareTheories forselfreplicatingprograms arecreatedFirst Applevirus found“in the wild”- Spreadsthroughpirated gamesMacro nganddestructiveviruses startsto becamerampantILoveYou“virus”Sends viaemailMelissa-Emailspammer- uses MSWorddocumentsSlammerWormConfickerWorm- fastestspreadingworm to date;infecting75,000computers inapproximatelyten minutes- Mostnumber ofcomputersinfected sinceSlammer in2003TDLStuxnetRustockRootkitsMobile

Malware Researcher NotesMalware 101A malware installs itself in the systemwithout any notification or dialogsA legit application gets installed by asetup with a sequence of notificationsor dialogs

Malware 101Tools anyone can use to determine systeminfection.

Malware 101Process Explorer

Malware 101Installrite


Malware 101Autoruns


Malware 101Malware 101“Clean-up”Reginald Wong

Malware 101Installation SetupLegit AppversusMalwareInstalls using a dialogNo dialog. May show fake error orimage such as pornUsually installs its components inProgram Files folderUsually installs itself in the Windowsfolder(s)Can be manually run from StartPrograms MenuIt is already running and triggered at asystem event such as startup.

Comparison: ProcessBeforeAfterMalware 101

Malware 101Comparison: FileBeforeAfter

Comparison: RegistryBeforeAfterMalware 101

Comparison: RegistryMalware 101BeforeAfter

Comparison: RegistryBeforeAfterMalware 101

Malware 101

Malware 101Assuming we do not have any third-partytools, and we only have our plain oldWindows NT-based OS .

Common Malware File LocationsMalware 101 Located in– Windows folder or subfolders like System32.i.e. C:\Windows\System32– Recycle(r) folders– Desktop And can be found set to run at startup

Looking for Suspicious FilesClick onStart- RunThen type,MSCONFIGAnd hitENTERMalware 101

Looking for Suspicious FilesClick onStart- RunThen type,TASKMGRAnd hitENTEROrPressCTRLSHIFT-ESCMalware 101

Suspicious Files: File PropertiesMalware 101 Version Information– Google is your very best friend File version Company Name Copyright Icon– Trying to mimic a folder, explorer, or any legitapplication. Check out the path.– No icon

Suspicious Files: File PropertiesMalware 101

Suspicious Files: File PropertiesMalware 101

Looking for Suspicious FilesMalware 101

Looking for Suspicious FilesMalware 101

Looking for Suspicious FilesStill notshowing up?!?Malware 101

Looking for Suspicious FilesMalware 101Unhide using ATTRIB(command line app)

Looking for Suspicious FilesMalware 101

Looking for Suspicious FilesMalware 101

Removal: Attempt to Delete FileMalware 101

Removal: Attempt to Terminate ProcessMalware 101Unfortunately Failsto Terminate

Removal: Attempt to Delete FileMalware 101HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\Session ManagerClick onStart- RunTypeREGEDITHit ENTER

Removal: Attempt to Delete FileMalware 101

Removal: Attempt to Delete FileMalware 101

Removal: Attempt to Delete FileMalware 101Pad 2 0x00 bytes which means Renaming the file tonothing. In other words, delete.

Removal: Attempt to Delete FileMalware 101

Removal: Attempt to Delete FileMalware 101

Removal: Attempt to Delete FileVerify that thefile wasdeleted. Dothe sameprocess whenlooking for themalware file.Malware 101

Removal: Attempt to Delete FileAlso checkthat themalware fileis not in theprocess list.Malware 101

RemovalMalware 101

Removal: Clean up RemnantsMalware 101

Removal: Clean up RemnantsClick onStart- RunTypeREGEDITThen hitENTERClick on “My Computer”Click on Edit- Find/SearchIn the search box, type the name of themalware file then click on FindMalware 101

Removal: Clean up RemnantsMalware 101

Warning!Malware 101Do NOT delete registry entries that containsthe malware file name.Do NOT delete file names similar to that ofthe malware file name. It could havemimicked a system file name.Research about it first. If you think handlingthe malware is still difficult, send the file toyour favorite Antivirus vendor.


Trojan / Backdoor. Rootkit Malware 101. Malware 101 The famous “Love Bug” aka ”I love you” worm. Not a virus but a worm. (Filipino-made) Worms. Malware 101 Theories for self- . Rustock Rootkits Mobile Brief History of Malware. Malware 101 A malware installs itself

Related Documents:

Kernel Malware vs. User Malware Kernel malware is more destructive Can control the whole system including both hardware and software Kernel malware is more difficult to detect or remove Many antivirus software runs in user mode lower privilege than malware cannot scan or modify malware in kernel mode

Verkehrszeichen in Deutschland 05 101 Gefahrstelle 101-10* Flugbetrieb 101-11* Fußgängerüberweg 101-12* Viehtrieb, Tiere 101-15* Steinschlag 101-51* Schnee- oder Eisglätte 101-52* Splitt, Schotter 101-53* Ufer 101-54* Unzureichendes Lichtraumprofil 101-55* Bewegliche Brücke 102 Kreuzung oder Einmündung mit Vorfahrt von rechts 103 Kurve (rechts) 105 Doppelkurve (zunächst rechts)

– Macro virus – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware . – AVG Anti-spyware – STOPzilla – Spysweeper. CSCA0101 Computing Basics 32 Malware Anti-Spam

Today, machine learning boosts malware detection using various kinds of data on host, network and cloud-based anti-malware components. An efficient, robust and scalable malware recognition module is the key component of every cybersecurity product. Malware recognition modules decide if an

2.the malware download ratio (percentage of all downloads of the collected apps belonging to apps that are detected as malware); 3.the survival period of malware (how long apps de-tected as malicious remain in the app store). 3.1 Data Collection F-Secure’s 2014 Theat Report covers the trends in An-droid malware over the second half of 2013 .

Anti-Malware for Mac User Guide 1 About Malwarebytes Anti-Malware for Mac Malwarebytes Anti-Malware for Mac is an application for Mac OS X designed to remove malware and adware from your computer. It is very simple to use, and for most problems, should clean up your system in less than a minute, from start to finish.Just open

FISHFINDER 340C : RAM-101-G2U RAM-B-101-G2U . RAM-101-G2U most popular. Manufacturer Model RAM Recommended Mount The Mount Depot Note . GARMIN FISHFINDER 400C . RAM-101-G2U RAM-B-101-G2U . RAM-101-G2U most popular. GARMIN FISHFINDER 80 . RAM-101-G2U RAM-B-101-G2U . RAM-101-

Business Accounting Volume 1is the world’s best-selling textbook on bookkeeping and accounting. Now in its tenth edition, it has become the standard introductory text for accounting students and professionals alike. New to this edition: Over 120 brand new review questions for exam practice Coverage of International Accounting Standards 2005 Additional and updated worked examples for areas of .