7/28/2019 PPT Ch02 Updated
1/48
SECURITY+ GUIDE TO NETWORK
SECURITY FUNDAMENTALS,
FOURTH EDITION
Chapter 2Malware and Social Engineering Attacks
7/28/2019 PPT Ch02 Updated
2/48
Objectives
Security+ Guide to Network Security Fundamentals, Fourth Edition
2
Describe the differences between a virus and
a worm
List the types of malware that conceals its
appearance
Identify different kinds of malware that is
designed for profit
Describe the types of social engineeringpsychological attacks
Explain physical social engineering attacks
7/28/2019 PPT Ch02 Updated
3/48
Attacks Using Malware
Security+ Guide to Network Security Fundamentals, Fourth Edition
3
Malicious software (malware)
Enters a computer system:
Without the owners knowledge or consent
Refers to a wide variety of damaging or annoyingsoftware
Primary objectives of malware
Infecting systemsConcealing its purpose
Making profit
7/28/2019 PPT Ch02 Updated
4/48
Malware That Spreads
Security+ Guide to Network Security Fundamentals, Fourth Edition
4
Viruses
Malicious computer code that reproduces itself on
the same computer
Virus infection methodsAppended infection
Virus appends itself to end of a file
Moves first three bytes of original file to virus code
Replaces them with a jump instruction pointing to the
virus code
7/28/2019 PPT Ch02 Updated
5/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
5
Virus infection methods (contd.)
Swiss cheese infection
Viruses inject themselves into executable code
Original code transferred and stored inside virus code Host code executes properly after the infection
Split infection
Virus splits into several parts
Parts placed at random positions in host program
Head of virus code starts at beginning of file
Gives control to next piece of virus code
7/28/2019 PPT Ch02 Updated
6/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
6
When infected program is launched:
Virus replicates itself by spreading to another fileon same computer
Virus activates its malicious payload Viruses may display an annoying message:
Or be much more harmful
Examples of virus actions
Cause a computer to repeatedly crash
Erase files from or reformat hard drive
Turn off computers security settings
7/28/2019 PPT Ch02 Updated
7/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
7
Figure 2-4 Annoying virus message Cengage Learning 2012
7/28/2019 PPT Ch02 Updated
8/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
8
Virus cannot automatically spread to another
computer
Relies on user action to spread
Viruses are attached to files
Viruses are spread by transferring infected
files
7/28/2019 PPT Ch02 Updated
9/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
9
Types of computer viruses
Program
Infects executable files
Macro Executes a script
Resident
Virus infects files opened by user or operating system
7/28/2019 PPT Ch02 Updated
10/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
10
Types of computer viruses (contd.)
Boot virus
Infects the Master Boot Record
Companion virusAdds malicious copycat program to operating system
7/28/2019 PPT Ch02 Updated
11/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
11
Worm
Malicious program
Exploits application or operating system
vulnerability Sends copies of itself to other network devices
Worms may:
Consume resources or
Leave behind a payload to harm infected systems Examples of worm actions
Deleting computer files
Allowing remote control of a computer by anattacker
7/28/2019 PPT Ch02 Updated
12/48
Malware That Spreads (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
12
Table 2-1 Difference between viruses and worms
7/28/2019 PPT Ch02 Updated
13/48
Malware That Conceals
Security+ Guide to Network Security Fundamentals, Fourth Edition
13
Trojans
Program that does something other than
advertised
Typically executable programs Contain hidden code that launches an attack
Sometimes made to appear as data file
Example
User downloads free calendar program
Program scans system for credit card numbers and
passwords
Transmits information to attacker through network
7/28/2019 PPT Ch02 Updated
14/48
Malware That Conceals
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
14
Rootkits
Software tools used by an attacker to hide actions
or presence of other types of malicious software
Hide or remove traces of log-in records, logentries
May alter or replace operating system files with
modified versions:
Specifically designed to ignore malicious activity
7/28/2019 PPT Ch02 Updated
15/48
Malware That Conceals
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
15
Rootkits can be detected using programs that
compare file contents with original files
Rootkits that operate at operating systems
lower levels:May be difficult to detect
Removal of a Rootkits can be difficult
Rootkit must be erasedOriginal operating system files must be restored
Reformathard drive and reinstall operating
system
7/28/2019 PPT Ch02 Updated
16/48
Malware That Conceals
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
16
Logic bomb
Computer code that lies dormant Triggered by a specific logical event
Then performs malicious activities
Difficult to detect before it is triggered
Backdoor
Software code that circumvents normal security to
give program accessCommon practice by developers
Intent is to remove backdoors in final application
7/28/2019 PPT Ch02 Updated
17/48
Malware That Conceals
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
17
Table 2-2 Famous logic bombs
7/28/2019 PPT Ch02 Updated
18/48
Malware That Profits
Security+ Guide to Network Security Fundamentals, Fourth Edition
18
Types of malware designed to profit attackers
Botnets
Spyware
Adware
Keyloggers
7/28/2019 PPT Ch02 Updated
19/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
19
Botnets
Computer is infected with program that allows it to
be remotely controlled by attacker
Often payload of Trojans, worms, and viruses
Infected computer called a zombie
Groups of zombie computers together called
botnets Early botnet attackers used InternetRelay
Chat (IRC)to remotely control zombies
HTTP is often used today
7/28/2019 PPT Ch02 Updated
20/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
20
Botnets advantages for attackers
Operate in the background:
Often with no visible evidence of existence
Provide means for concealing actions of attacker
Can remain active for years
Large percentage of zombies are accessible at a
given timeDue to growth of always-on Internet services
7/28/2019 PPT Ch02 Updated
21/48
Security+ Guide to Network Security Fundamentals, Fourth Edition
21
Table 2-3 Uses of botnets
7/28/2019 PPT Ch02 Updated
22/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
22
Spyware
Software that gathers information without user
consent
Usually used for:
Advertising
Collecting personal information
Changing computer configurations
7/28/2019 PPT Ch02 Updated
23/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
23
Spywares negative effects
Slows computer performance
Causes system instability
May install new browser menus or toolbars
May place new shortcuts
May hijack home page
Causes increased pop-ups
7/28/2019 PPT Ch02 Updated
24/48
Security+ Guide to Network Security Fundamentals, Fourth Edition
24
Table 2-4 Technologies used by spyware
7/28/2019 PPT Ch02 Updated
25/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
25
Adware
Program that delivers advertising content:
In manner unexpected and unwanted by the user
Typically displays advertising banners and pop-up
ads
May open new browser windows randomly
Can also perform tracking of online activities
7/28/2019 PPT Ch02 Updated
26/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
26
Downsides of adware for users
May display objectionable content
Frequent pop-up ads cause lost productivity
Pop-up ads slow computer or cause crashes
Unwanted ads can be a nuisance
7/28/2019 PPT Ch02 Updated
27/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
27
Keyloggers
Program that captures users keystrokes
Information later retrieved by attacker
Attacker searches for useful information
Passwords
Credit card numbers
Personal information
7/28/2019 PPT Ch02 Updated
28/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
28
Keyloggers (contd.)
Can be a small hardware device
Inserted between computer keyboard and connector
Unlikely to be detected
Attacker physically removes device to collect
information
7/28/2019 PPT Ch02 Updated
29/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
29
Figure 2-6 Hardware keylogger Cengage Learning 2012
r
7/28/2019 PPT Ch02 Updated
30/48
Malware That Profits (contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
30
Figure 2-7 Information captured by a software keylogger Cengage Learning 2012
7/28/2019 PPT Ch02 Updated
31/48
Social Engineering Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition
31
Directly gathering information from individuals
Relies on trusting nature of individuals
Psychological approaches
Goal: persuade the victim to provide informationor take action
Flattery or flirtation
Conformity Friendliness
S i l E i i Att k
7/28/2019 PPT Ch02 Updated
32/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
32
Attacker will ask for only small amounts of
information
Often from several different victims
Request needs to be believable
Attacker pushes the envelope to get
information:
Before victim suspects anythingAttacker may smile and ask for help
7/28/2019 PPT Ch02 Updated
33/48
Social Engineering Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition
33
True example of social engineering attack
One attacker called human resources office
Asked for and got names of key employees
Small group of attackers approached door tobuilding
Pretended to have lost key code
Let in by friendly employee
Entered another secured area in the same way
Group had learned CFO was out of town
Because of his voicemail greeting message
7/28/2019 PPT Ch02 Updated
34/48
Social Engineering Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition
34
True example of social engineering attack
(contd.)
Group entered CFOs office
Gathered information from unprotected computerDug through trash to retrieve useful documents
One member called help desk from CFOs office
Pretended to be CFO
Asked for password urgently
Help desk gave password
Group left building with complete network access
S i l E i i Att k
7/28/2019 PPT Ch02 Updated
35/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
35
Impersonation
Attacker pretends to be someone else
Help desk support technician
Repairperson Trusted third party
Individuals in roles of authority
S i l E i i Att k
7/28/2019 PPT Ch02 Updated
36/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
36
Phishing
Sending an email claiming to be from legitimate
source
May contain legitimate logos and wording Tries to trick user into giving private information
Variations of phishing
Pharming
Automatically redirects user to fraudulent Web site
S i l E i i Att k
7/28/2019 PPT Ch02 Updated
37/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
37
Variations of phishing (contd.)
Spear phishing
Email messages target specific users
WhalingGoing after the big fish
Targeting wealthy individuals
Vishing (voice phishing)
Attacker calls victim with recorded bank message
with callback number
Victim calls attackers number and enters private
information
7/28/2019 PPT Ch02 Updated
38/48
Security+ Guide to Network Security Fundamentals, Fourth Edition
38
Figure 2-8 Phishing message Cengage Learning 2012
Social Engineering Attacks
7/28/2019 PPT Ch02 Updated
39/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
39
Ways to recognize phishing messages
Deceptive Web links
@ sign in middle of address
Variations of legitimate addresses Presence of vendor logos that look legitimate
Fake senders address
Urgent request
Social Engineering Attacks
7/28/2019 PPT Ch02 Updated
40/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
40
Spam
Unsolicited e-mail
Primary vehicles for distribution of malware
Sending spam is a lucrative business
Spim: targets instant messaging users
Image spam
Uses graphical images of textCircumvents text-based filters
Often contains nonsense text
Social Engineering Attacks
7/28/2019 PPT Ch02 Updated
41/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
41
Spammer techniques
GIF layering
Image spam divided into multiple images
Layers make up one complete legible messageWord splitting
Horizontally separating words
Can still be read by human eye
Geometric variance Uses speckling and different colors so no two emails
appear to be the same
7/28/2019 PPT Ch02 Updated
42/48
Security+ Guide to Network Security Fundamentals, Fourth Edition
42
Figure 2-10 Image spam Cengage Learning 2012
Social Engineering Attacks
7/28/2019 PPT Ch02 Updated
43/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
43
Hoaxes
False warning or claim
May be first step in an attack
Physical proceduresDumpster diving
Digging through trash to find useful information
Tailgating Following behind an authorized individual through an
access door
7/28/2019 PPT Ch02 Updated
44/48
Security+ Guide to Network Security Fundamentals, Fourth Edition
44
Table 2-5 Dumpster diving items and their usefulness
Social Engineering Attacks
7/28/2019 PPT Ch02 Updated
45/48
Social Engineering Attacks
(contd.)
Security+ Guide to Network Security Fundamentals, Fourth Edition
45
Methods of tailgating
Tailgater calls please hold the door
Waits outside door and enters when authorized
employee leaves Employee conspires with unauthorized person to
walk together through open door
Shoulder surfing
Casually observing user entering keypad code
7/28/2019 PPT Ch02 Updated
46/48
Exercise
Security+ Guide to Network Security Fundamentals, Fourth Edition
46
Use the http://www.symantec.com web site and
search for TEN recent viruses, their risk and the
removal procedures. Tabulate your results on atable.
Use the Google and News Network search
engines to look for one of the famous attacks on
the Internet.
Bring your results Next class and share the
information.
7/28/2019 PPT Ch02 Updated
47/48
Summary
Security+ Guide to Network Security Fundamentals, Fourth Edition
47
Malware is software that enters a computer
system without the owners knowledge or
consent
Malware that spreads include computerviruses and worms
Malware that conceals include Trojans,
rootkits, logic bombs, and backdoors Malware with a profit motive includes botnets,
spyware, adware, and keyloggers
7/28/2019 PPT Ch02 Updated
48/48
Summary (contd.)48
Social engineering is a means of gathering
information for an attack from individuals
Types of social engineering approaches
include phishing, impersonation, dumpsterdiving, and tailgating