Malware 101Malware 101“Basics”Berman Enconado
Malware 101Malware is malicious softwareHow to identify? Stealing informationUnauthorized accessExploitsFooling the unsuspecting user
Malware 101en.wikipedia.org/wiki/Malware
Malware 101Classification of MalwareMalwareGraywareGoodware
VirusesFile HeaderEntry PointMalware 101File HeaderFile HeaderHost CodeHost CodeEntry PointHost CodeUninfectedHostVirus CodeVirus CodeInsertionEntry PointVirus CodeInfectedHost(HeaderUpdated)
ExploitsExploited WinAmpPlaylist (m3u file)Malware 101
Trojan / BackdoorMalware 101Network/InternetServerComponentClient ComponentVictimAttacker
Trojan / Backdoor Malware 101Dropped files– Usually in %windows% or %system% directories Autostart– HKEY LOCAL Run– HKEY LOCAL RunOnce– HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon– %USERPROFILE%\Start Menu\Programs\Startup
RootkitMalware 101
WormsThe famous “LoveBug” aka ”I loveyou” worm. Not avirus but a worm.(Filipino-made)Malware 101
Malware 101Brief History of MalwareTheories forselfreplicatingprograms arecreatedFirst Applevirus found“in the wild”- Spreadsthroughpirated gamesMacro nganddestructiveviruses startsto becamerampantILoveYou“virus”Sends viaemailMelissa-Emailspammer- uses MSWorddocumentsSlammerWormConfickerWorm- fastestspreadingworm to date;infecting75,000computers inapproximatelyten minutes- Mostnumber ofcomputersinfected sinceSlammer in2003TDLStuxnetRustockRootkitsMobile
Malware Researcher NotesMalware 101A malware installs itself in the systemwithout any notification or dialogsA legit application gets installed by asetup with a sequence of notificationsor dialogs
Malware 101Tools anyone can use to determine systeminfection.
Malware 101Process Explorer
Malware 101Installrite
Malware 101Wireshark4sysops.com
Malware 101Autoruns
Malware 101GMERLavasoft.com
Malware 101Malware 101“Clean-up”Reginald Wong
Malware 101Installation SetupLegit AppversusMalwareInstalls using a dialogNo dialog. May show fake error orimage such as pornUsually installs its components inProgram Files folderUsually installs itself in the Windowsfolder(s)Can be manually run from StartPrograms MenuIt is already running and triggered at asystem event such as startup.
Comparison: ProcessBeforeAfterMalware 101
Malware 101Comparison: FileBeforeAfter
Comparison: RegistryBeforeAfterMalware 101
Comparison: RegistryMalware 101BeforeAfter
Comparison: RegistryBeforeAfterMalware 101
Malware 101
Malware 101Assuming we do not have any third-partytools, and we only have our plain oldWindows NT-based OS .
Common Malware File LocationsMalware 101 Located in– Windows folder or subfolders like System32.i.e. C:\Windows\System32– Recycle(r) folders– Desktop And can be found set to run at startup
Looking for Suspicious FilesClick onStart- RunThen type,MSCONFIGAnd hitENTERMalware 101
Looking for Suspicious FilesClick onStart- RunThen type,TASKMGRAnd hitENTEROrPressCTRLSHIFT-ESCMalware 101
Suspicious Files: File PropertiesMalware 101 Version Information– Google is your very best friend File version Company Name Copyright Icon– Trying to mimic a folder, explorer, or any legitapplication. Check out the path.– No icon
Suspicious Files: File PropertiesMalware 101
Suspicious Files: File PropertiesMalware 101
Looking for Suspicious FilesMalware 101
Looking for Suspicious FilesMalware 101
Looking for Suspicious FilesStill notshowing up?!?Malware 101
Looking for Suspicious FilesMalware 101Unhide using ATTRIB(command line app)
Looking for Suspicious FilesMalware 101
Looking for Suspicious FilesMalware 101
Removal: Attempt to Delete FileMalware 101
Removal: Attempt to Terminate ProcessMalware 101Unfortunately Failsto Terminate
Removal: Attempt to Delete FileMalware 101HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\Session ManagerClick onStart- RunTypeREGEDITHit ENTER
Removal: Attempt to Delete FileMalware 101
Removal: Attempt to Delete FileMalware 101
Removal: Attempt to Delete FileMalware 101Pad 2 0x00 bytes which means Renaming the file tonothing. In other words, delete.
Removal: Attempt to Delete FileMalware 101
Removal: Attempt to Delete FileMalware 101
Removal: Attempt to Delete FileVerify that thefile wasdeleted. Dothe sameprocess whenlooking for themalware file.Malware 101
Removal: Attempt to Delete FileAlso checkthat themalware fileis not in theprocess list.Malware 101
RemovalMalware 101
Removal: Clean up RemnantsMalware 101
Removal: Clean up RemnantsClick onStart- RunTypeREGEDITThen hitENTERClick on “My Computer”Click on Edit- Find/SearchIn the search box, type the name of themalware file then click on FindMalware 101
Removal: Clean up RemnantsMalware 101
Warning!Malware 101Do NOT delete registry entries that containsthe malware file name.Do NOT delete file names similar to that ofthe malware file name. It could havemimicked a system file name.Research about it first. If you think handlingthe malware is still difficult, send the file toyour favorite Antivirus vendor.
ehttps://twitter.com/gfilabsph
Trojan / Backdoor. Rootkit Malware 101. Malware 101 The famous “Love Bug” aka ”I love you” worm. Not a virus but a worm. (Filipino-made) Worms. Malware 101 Theories for self- . Rustock Rootkits Mobile Brief History of Malware. Malware 101 A malware installs itself
Kernel Malware vs. User Malware Kernel malware is more destructive Can control the whole system including both hardware and software Kernel malware is more difficult to detect or remove Many antivirus software runs in user mode lower privilege than malware cannot scan or modify malware in kernel mode
– Macro virus – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware . – AVG Anti-spyware – STOPzilla – Spysweeper. CSCA0101 Computing Basics 32 Malware Anti-Spam
Verkehrszeichen in Deutschland 05 101 Gefahrstelle 101-10* Flugbetrieb 101-11* Fußgängerüberweg 101-12* Viehtrieb, Tiere 101-15* Steinschlag 101-51* Schnee- oder Eisglätte 101-52* Splitt, Schotter 101-53* Ufer 101-54* Unzureichendes Lichtraumprofil 101-55* Bewegliche Brücke 102 Kreuzung oder Einmündung mit Vorfahrt von rechts 103 Kurve (rechts) 105 Doppelkurve (zunächst rechts)
Today, machine learning boosts malware detection using various kinds of data on host, network and cloud-based anti-malware components. An efficient, robust and scalable malware recognition module is the key component of every cybersecurity product. Malware recognition modules decide if an
2.the malware download ratio (percentage of all downloads of the collected apps belonging to apps that are detected as malware); 3.the survival period of malware (how long apps de-tected as malicious remain in the app store). 3.1 Data Collection F-Secure’s 2014 Theat Report covers the trends in An-droid malware over the second half of 2013 .
Anti-Malware for Mac User Guide 1 About Malwarebytes Anti-Malware for Mac Malwarebytes Anti-Malware for Mac is an application for Mac OS X designed to remove malware and adware from your computer. It is very simple to use, and for most problems, should clean up your system in less than a minute, from start to finish.Just open
FISHFINDER 340C : RAM-101-G2U RAM-B-101-G2U . RAM-101-G2U most popular. Manufacturer Model RAM Recommended Mount The Mount Depot Note . GARMIN FISHFINDER 400C . RAM-101-G2U RAM-B-101-G2U . RAM-101-G2U most popular. GARMIN FISHFINDER 80 . RAM-101-G2U RAM-B-101-G2U . RAM-101-
Animal nutrition, life stage, diet, breed-specific, neutered AVAST array of life-stage diets are available, and these can be subdivided to encompass neutered pet diets, breed-specific diets and those with different requirements (whether a mobility or hairball diet). So, do pets require these different life-stage diets, or is it all a marketing ploy by nutrition companies? Selecting the right .