Trojan horse
Download
Report
Transcript Trojan horse
Level 2 Diploma
Unit 11 IT Security
Covered
last week
• Weak external security
• Unauthorised uses
• Unauthorised removal or copying
This
week
• Malware
• Theft or loss
• Poor folder and file permissions
Malware - short for malicious software
a variety of forms of hostile, intrusive, or annoying
software or program code
•
•
•
•
•
•
•
•
•
•
Virus
Worm
Trojan horse
Rootkit
Backdoor
Spyware
Botnet
Keystroke logger
Dialer
Adware
Started
as experiments or pranks, such as
the Melissa virus
Then changed to destroy files on a hard
disk
Worms vandalised web pages
Originally spread on diskettes or in Word
documents
Released
26th March 1999
Used stolen e-mail address
Caused $80 million dollars damage
E-mailed itself to 1st fifty addresses
‘Outlook’ with attachment such as list.doc
Looked like e-mail from known associate
Opened document infected normal.dot
template
Sent
document from your pc – data security
breach, damage to trust, e-mail delays, cost of
removal
When the day number equals the number of
minutes in the current time (e.g., at 11:06 on the
6th day of the month), the Melissa virus inserted
the following text in whatever document was
then being edited in Word on the victim's
computer: Twenty-two points, plus triple-wordscore, plus fifty points for using all my letters.
Game's over. I'm outta here.
Given
Internet access, malicious software
is now designed for a profit
• take control of users' computers for black-
market exploitation
• Infected "zombie computers" are used to
send email spam,
to host contraband data such as child pornography
engage in distributed denial-of-service attacks as a
form of extortion
Spyware
programs
• monitor a users' web browsing
display unsolicited advertisements
redirect money or advertising revenue to
the spyware creator
• Spyware programs do not spread like viruses
• they are installed by
exploiting security holes
or are packaged with user-installed software, such as
peer-to-peer applications
Give a definition and example of one of the
following:
•
•
•
•
•
•
•
•
•
•
•
Virus
Worm
Trojan horse
Rootkit
Backdoor
Spyware
Botnet
Keystroke logger
Dialler
Adware
Phishing
Virus
• a program that has infected some executable software
and, when run, causes the virus to spread to other executables.
• Viruses may contain a payload that performs other actions,
often malicious.
• A virus requires a user to trigger it spreading
Worm
• a program that actively transmits itself over a network to infect
other computers.
• It may carry a payload
• It does not require a user to do anything
Concealment
helps get the malware installed
When a malicious program is disguised as
something innocuous or desirable, users may
be tempted to install it without knowing what it
does.
Typical e-mail subject: "This is The Free
Download Sex Movies, you can find it Here"
This is the technique of the Trojan
horse or Trojan.
Torpig
• affects Windows, turning off anti-virus
•
•
•
•
•
applications.
allows access to the computer
modifies data
steals confidential information (such as user
passwords and other sensitive data)
installs more malware on the victim's computer
has stolen the details of about 500,000 online
bank accounts and credit and debit cards
Once
malware is installed, it needs to
remain concealed
A rootkit:
• Modifies the operating system kernel
• Makes itself invisible in the task and process lists
• May use the name of legitimate files
• Makes its own files unreadable
• Can run copies of itself and restart them if they
are stopped
A
backdoor is
• a method of bypassing normal authentication
• malware can install one or more backdoors
• allows easier access in the future for
Installation of more malware
Collecting saved key logger data
Triggering spam attacks
Spyware
collects small pieces of information
about users without their knowledge
Spyware programs can
• collect Internet surfing habits
• collect sites that have been visited
• install additional software
• redirect Web browsers
• change computer settings, resulting in
slow connection speeds
different home pages
a
collection of compromised computers
(called zombie computers)
installed via worms, Trojans or backdoors
remotely controlled
botnets are rented out to
• send out spam messages
• perform denial of service attacks
• billions of messages can be created per day
Hardware
• Connected between keyboard and PC
• Can be wirelessly interrogated
Software
• Malware based
• Captures passwords, form submissions,
clipboard, screen shots
• Transmit data to web sites, e-mail or wireless
diallers
connect non-broadband PCs
fraudulent diallers connect to premiumrate numbers
some diallers promise special content,
such as:
• software for download (usually illegal)
• trojans posing as MP3s
• trojans posing as pornography,
• programs such as cracks and keygens
Software
which automatically plays,
displays, or downloads advertisements to
a computer
Some adware can be classified
as spyware e.g. BonziBUDDY
• corrupted many of the user's system files
• displayed obscene advertisements
• logged browsing details and sent them to
various third parties
Devices
and data which are easily lost or
stolen
• Laptops
• Mobile phones
• USB drives and smart cards (flash memory)
• CDs and DVDs
Failing
to apply security patches
• Automatic update turned off
• Especially important for
Operating systems
Browsers
complexity
increases the probability of
operating system design flaws
default permissions grant every program and
every user full access to the entire system
exploitable bugs in a software program
unchecked user input can allow unintended
direct execution of commands or SQL
statements
To
complete task 1 of your assignment
you need to do some research.
Go
to :
http://www.freeopenbook.com/win-xptoolkit/32ch04d.htm (for this step only)
Access
the Word document on Wiki,
lesson 3
You
have been put in charge of the
security of the computing department’s
IT systems
You have been asked to write a report
• Describe the potential security threats that might
damage the system and compromise its data
(P1)
• Evaluate which of these threats are the most
likely to occur and give your reasons (M1)
• Explain what the impact of these threats would
be on the users of the system (D1)