2020/09/17
Previously
• Ethics
Computer Security •
•
Computer basics
Hardware
Malware & Exploits • Software
COMP106 Computing for Natural Scientists
This lecture
• Understand the difference amongst different types of
malware
• Understand the importance of strong passwords
• Understand social engineering
Why do we need computer
Who attacks computers and why
security?
• Individuals or groups have malicious intentions • Criminals
• Make money
• Online activists
• Can steal your / your company’s information • Make political / ideological / religious points
• Can get access to bank accounts and steal money • Countries
• Can use you computer / email to attack other people • Spying and warfare
• Cause damage to computers and networks • Terrorists
• Spread fear and recruit members
• Individuals
• Bored, trying to prove themselves, disgruntled
What is Malware? Types of Malware
• Malicious Software => malware There are different types of malware:
• Shorthand for malicious software
• Viruses
• Software developed by malicious individuals or • Worms
groups with the specific intention of: • Trojans
• gaining illegal access to a computer or network, • Spyware
and/or
• causing damage to a computer or network. • Adware
• Rootkits https://www.ecomsecurity.org/application-security/mobile-app-security/
• Often the victim remains oblivious to the fact • Ransomware
there's been a compromise
1
� 2020/09/17
MALWARE vs Physical Weapon
How is malware classified? Exploit
Payload MALWARE •4x zero day
• How it spreads (propagation) •File Infection
•Command and
•2x stolen digital
cert
• Infection of existing content by viruses that is Cruise Control
subsequently spread to other systems •Backdoor
Propagation
• Exploit of software vulnerabilities to allow the Missile •DDoS
•Bitcoin miner •USB drives
malware to replicate Payload •Network
•Peer-to-peer
• Social engineering attacks that convince users to •454kg HE
•Shared files
bypass security mechanisms to install the malware •W80 200 kt nuclear warhead
•Range: unlimited
• What it does (payload)
• Corruption of system or data files
• Theft of service: take partial or full control Guidance Propulsion
• Theft of information from the system/keylogging • GPS • Williams F107-400
• TERCOM Turbofan
• Stealthing/hiding its presence on the system • DSMAC • 600lbs thrust
• Range: 1000 nm
Virus Virus components
• Earliest form of malware
Infection mechanism
• Piece of software that infects programs
• Modifies them to include a copy of the virus • Means by which a virus spreads or propagates
• Replicates and goes on to infect other content • Also referred to as the infection vector
• Easily spread through network environments
Trigger
• When attached to an executable program a virus can
• Event or condition that determines when the payload is activated or
do anything that the program is permitted to do delivered
• Executes secretly when the host program is run • Sometimes known as a logic bomb
• Specific to operating system and hardware
Payload
• Takes advantage of their details and weaknesses
• Often needs human activation • What the virus does (besides spreading)
• May involve damage or benign but noticeable activity
Virus phases
Dormant phase
Worms
Will eventually be activated by • Program that actively seeks out more machines to
Virus is idle Not all viruses have this stage
some event
infect and each infected machine serves as an
automated launching pad for attacks on other
machines
Triggering phase
• Exploits software vulnerabilities in client or server programs
Virus is activated to perform the function for which it
Can be caused by a variety of system events • Can use network connections to spread from system to system
was intended
• Spreads through shared media (USB drives, CD, DVD data disks)
• E-mail worms spread in macro or script code included in attachments and
Propagation phase
instant messenger file transfers
Virus places a copy of itself into other
May not be identical to the propagating
Each infected program will now contain • Upon activation the worm may replicate and propagate again
programs or into certain system areas a clone of the virus which will itself
version
on the disk enter a propagation phase • Usually carries some form of payload
• First known implementation was done in Xerox Palo Alto Labs in the early 1980s
Execution phase
Function is performed May be harmless or damaging
2
� 2020/09/17
How worms propagate Trojans
Electronic mail or instant
messenger facility
• Worm e-mails a copy of itself to other systems
• Sends itself as an attachment via an instant message service • Named after the Greek story of the Trojan
Horse
File sharing • Creates a copy of itself or infects a file as a virus on removable
media • It looks legitimate (and often has legitimate
functionality), but has hidden harmful
Remote execution • Worm executes a copy of itself on another system components
capability
• Users are often tricked into installing it, then:
Remote file access or • Worm uses a remote file access or transfer service to copy • Can download other malware
transfer capability itself from one system to the other
• Irritate the user
• Worm logs onto a remote system as a user and then uses • Cause damage
Remote login capability commands to copy itself from one system to the other
Spyware Ransomware
• Malware that attempts to steal information • Encrypts all files on a hard drive (and
• An example are keyloggers, which records sometimes any connected drives)
everything you type • Asks for a ransom to unlock (usually in
• Usually steals usernames and passwords bitcoins) – its not cheap!!!
(especially for bank accounts)
• Can also take files, and check your contacts
• Some can turn on webcams
Adware Back Doors
• Displays annoying popups
• Can hijack computer resources, change desktop • An undocumented way of accessing a system
background, redirect your browser • Bypasses normal authentication (login)
• Can be a symptom on something else…
• Some are placed by the designer as a method
to access the system if there is a problem
• Sometimes delivered by a worm or virus
Scareware • Used by hackers to give them continued access
• Like adware, but tries to scare you that you have a
virus, and invites you to download (and pay for) a
fake anti-virus software
3
� 2020/09/17
Passwords Passwords
• Your username identifies you Examples of bad passwords
• A password is a secret word/phrase that • Commonly known information about you:
allows you to prove that you really are who • Birthdays
you say you are • Names of family
• Common words or patterns of words:
• QWERTY
• Passwords should be difficult to guess or find • 12345
by random trying • password
Passwords Most Common Passwords in 2017
Good passwords: The top 10 passwords on the 2017 list.
• Are 8 characters or longer 1. 123456
• Have a combination of: 2. Password
• Uppercase letters (A, B, C, …, X, Y, Z) 3. 12345678
• Lowercase letters (a, b, c, …, x, y, z) 4. qwerty
• Numbers (0, 1, 2, …, 7, 8, 9) 5. 12345
• Special characters (@, !, &, %, _, -, etc) 6. 123456789
• Should not be too difficult to remember (don’t write 7. letmein
them down!) 8. 1234567
Examples of good passwords: 9. football
• Qm2i@DrP 10. iloveyou
• W0mb@T5*
http://fortune.com/2017/12/19/the-25-most-used-hackable-passwords-2017-star-wars-freedom/
Social Engineering Social Engineering
• An attempt to trick someone into doing
something that will benefit the attacker
• Revealing sensitive info (e.g. password)
• Installing malware
• Opening an email
• Transferring money
• Greed, curiosity, trust, good will are exploited
• The victim is often put under pressure
4
� 2020/09/17
How to Protect Yourself Anti-virus/malware software
• Never give out your passwords (or sensitive • Use one that is reputable (AVG, Kaspersky,
information)
McAffee, Windows Defender etc)
• Only open emails from sources you know are
legitimate • No solution will detect 100% of malware
• Verify anything that looks suspicious • Software does not necessarily protect you
• Transferring money from all forms of malware, or all threats
• Keep your software up to date
• Modern software usually does have
• Get an antivirus or Internet Security software
components for various aspects (e.g. malware,
• Use a software firewall
spyware, ransomware, Internet security)
• Backup your files and keep them safe!!!!
Software Updates (patches)
• Anti-malware is useless if it does not have the
latest updates
• In 2016 there were 6.83 million new malware
specimens: about 18 000 per day.
• Operating systems have updates (for Windows
was on the 2nd Tuesday); these often fix
security problems
• Various applications also have updates when a
vulnerability is discovered.
