Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Types of Attacks and Malicious Software

No description

Nick Flores

on 29 July 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Types of Attacks and Malicious Software

Types of Attacks and Malicious Software
Describe various types of computer and network attacks, including DoS, spoofing, hijacking, and password guessing.

Identify the different types of malicious software that exist, including viruses, worms, Trojan horses, logic bombs, time bombs, and rootkits.

Describe the importance of auditing and what should be audited.

Avenues of Attack
Specific targets
Distributed Denial-of-Service Attack (DDoS)
Used to deny access or service to users
Uses other systems' resources to attack a network
Overwhelms target system
Ping of Death
Targets of opportunity
Unsecure systems

DoS attack which targets a specific protocol or operating system
Attacker sends ICMP > 64KB
Some systems cannot handle the packet and crash
1. Conducting reconnaissance
2. Scanning
3. Researching vulnerabilities
4. Performing the attack
5. Creating a backdoor
6. Covering tracks

Ensure necessary patches and upgrades are current
Change time-out period for TCP connections
Distribute workload across several systems
Block external ICMP packets at border
Hard-coded access built into the program
Ensures access
Creates vulnerability
Conducting Reconnaissance
Gather as much information as possible

Don't worry about whether it is relevant or not.
Are implanted in compromised systems
Installed with a Trojan
Ensures access in the future even if Trojan is removed
Identify target systems that are active and accessible.

Identify the operating system and other specific application programs running on system.

Null Sessions
A connection to a Windows IPC$
Systems prior to XP and Server 2003 are vulnerable
No patch is available
Must upgrade to XP or newer
Restrict access to ports 139 & 445
Researching Vulnerabilities
Wealth of information available through the World Wide Web
Performing the Attack
Matching an attack to an identified vulnerability.

Attacker can observe all network traffic
Software, hardware or combination of the two
Ability to target specific protocol, service, string of characters, etc.
May be used by network administrators to monitor the network
Physical security is key in preventing introduction of sniffers
Creating a Backdoor
Provides future access to the attacker.

Phishing and Pharming
Covering Their Tracks
In an effort to remain undetected, attackers endeavor to cover their tracks.

From address differs from sending system
Recipients rarely question authenticity
fraudulent emails that are used to gain confidential info
Websites that assume to be authentic in order to retrieve user info
Smurf Attack (IP Address Spoofing)
Attacks on Encryption
Steps in an Attack
An attempt to crack encryption
Common methods
Weak keys
Indirect attacks
Exhaustive search of key space
Password Attacks
Combination of a user ID and a password is the common form of system authentication
Compromised passwords occur due to not adhering to password procedures
Attacking Computer Systems
and Networks
Spoofing and Trusted Relationships
Limit trust relationships
Firewalls should be configured to discard packets from outside that have spoofed addresses indicating that it was originated from inside
Attacks on specific software

Attacks on a specific protocol or service

DoS Attacks
Injection Attacks
Exploit known identified vulnerabilities.

Purpose is to prevent normal system operations for authorized users.
Spoofing and Sequence Numbers
SQL injection
Command injection
LDAP injection
XML injection
Attacker must use correct sequence number:
TCP packet sequence numbers are 32-bit
Incremented by 1
Very difficult to guess
Insider attacks vs. external attacks
SYN Flood Attack
An example of a DoS attack targeting a specific protocol or service

Exploit a weakness inherent to the function of the TCP/IP protocol

Software Exploitation
Take advantage of software bugs/weakness
Buffer overflow attack
Man-in-the-Middle Attack
Reply Attack
Replicate and attach to executable code
Common types:
Boot Sector
Attacker intercepts part of an exchange between two hosts and retransmits message later
Used to bypass authentication mechanisms
Prevented by encrypting traffic, cryptographic authentication, and time-stamping messages
TCP/IP Hijacking
Some of the worst viruses known:
Melissa (1999)
The Klez Virus (2001)
acted like anti-virus software
attack contacts
SQL Slammer (2003)
Crashed BoA atm systems
Continental Airlines suffered through e-tickets and check-ins
Attacker assumes control of existing session
Allows attacker to circumvent authentication
Can be masked with DoS attack
Used against web and Telnet sessions
Drive-by Download Attack
Trojan Horses
Software that appears to do one thing but contains a hidden agenda
Do not run software of unknown origins
Always keep virus protection running at all times!
Unsolicited malware downloads
Hidden in legitimate ads or hosted from web sites that prey o unaware users
Storm Worm

The Storm Worm Trojan horse virus of 2006 enticed users to download malicious software through emails with subjects that were linked to current events. Once downloaded, the malicious software seized control of users' computers and used them to send millions of spam emails.
Software that is capable of recording and reporting user's actions
system monitoring and use
installed without user's knowledge
Logic Bombs
Triggered by a specified future event
Authorized user installation
Reinforces need for backups
Time bomb is similar except that it delivers payload at a predetermined time/date
Malware that modifies the OS kernel and supporting functions
Types of Rootkits:
Application level
Code that penetrates and replicates on systems
no need to attach to other files or code
spread through a variety of ways
e-mail, P2P sharing networks, infected sites
Morris worm, Love Bug, Code Red, and Samy
Oct. 2005
Fastest growing worm to date!
used MySpace's XSS (cross-site script)
“but most of all, Samy is my hero”
at end of profile
replicated by viewing the infected person's profile
Use firewalls
Install patches
Approach e-mail attachments with caution
Implement an intrusion detection system
Eliminate unnecessary services
Zombies and Botnets
Malware installed on machines creates zombies under the control of the attacker
Large networks of zombies are called botnets
Attacker's botnets have 1M+ zombies
Responsible for millions of spam messages daily
Security Auditing
Conducted on a regular basis
Mandated depending on the industry
May be contracted out to another party
Focus on:
Security perimeter
Policies, procedures, and guidelines governing security
Employee training
Full transcript