5. Malware and Social Engineering

Types of Malware

  • Viruses
    • Attached to host application which must be run to activate virus
    • Tries to infect other application
    • May delete files, cause reboots, join computer to a botnet, or allow backdoors.
    • Armored Virus
      • The first step to dissecting a virus is to decompile it. Armored viruses make this difficult
      • Complex Code
        • It’s unclear what the virus is trying to do because it runs so many weird loops
      • Encryption
        • Some compilers encrypt the code with the virus, so until this encryption is cracked, it can’t be decompiled
      • Hiding
        • Some viruses confuse the AV as to where they’re really located
      • Polymorphic Malware
        • Virus that changes as it executes, sometimes into 1000 forms.
        • Hard to detect, especially if its encryption changes
      • Worm
        • Self-replicating malware that travels without a host
        • Resides in memory and can ride transport protocols
        • Can replicate hundreds of times, draining network bandwidth
      • Logic Bomb
        • Script that activates in response to an event like a date or a program launch
      • Backdoor
        • Trojans commonly cause these
        • Provides another way to access a system
      • Trojans
        • Look useful, but really suck
        • Drive-By Downloads
          • Attackers take over a website
          • Install a Trojan into the Web site’s code
          • Attackers trick users into visiting the site
          • Web site tries to download the code
        • Fake antivirus called RogueWare
          • Runs a fake scan, and offers to fix fake issues for money
        • Botnet
          • Computers in a botnet are called zombies
          • Bot herders manage these zombies to use their processing power and anonymity
        • Ransomware
          • Pay to get your computer back or clean
        • Rootkit
          • Stealthy bugger
          • Modify system processes and the registry, as well as system access files
          • Prevents antivirus from making calls to the OS that would detect it
            • Antivirus can scan memory to discover this
          • Safe mode helps get around this, but not always
        • Spyware
          • Monitors stuff
          • Changing a user’s home page, redirecting web browsers, installing software
          • Privacy Invasive Software
            • Tries to get the good data to drain your bank and steal your identity
          • Keyloggers
        • Adware
          • Learn a users habits for ad-targetting
          • Pop ups!

Recognizing Common Attacks

  • Social Engineering
    • Using social tactics to trick users into doing something unusual or revealing info
      • Flattering and Conning
      • Assuming a Position of Authority
      • Encouraging Someone to Perform a Risky Action
      • Encouraging Someone to Reveal Sensitive Info
      • Impersonating Someone
      • Tailgating w/o credentials
    • Shoulder Surfing
      • Privacy screens, man
    • Hoaxes
      • Trick people into deleting system programs, lololol
    • Tailgating and Mantraps
    • Dumpster Diving
      • Company directories are especially good treasure
      • Detailed company, personnel, or client info should be destroyed
    • Spam
      • Often has malicious attachments or links
    • Phishing
      • Like social engineering, but over email
      • Many people use fake accounts to look like your friends
      • Sometimes links are beacons and when you click that link, the tail-text tells that server that your email is active
      • Spear Phishing
        • More targeted at a user or user group
      • Whaling
        • Targetting CEOs and big wigs
        • Might install a keylogger
        • Might threaten subpoenas or other very specific things
      • Spim
        • IM spam
      • Vishing
        • VOIP spam
        • Spoofs caller ID and asks for sensitive info
      • Privilege Escalation
        • Trying to get higher system privileges to access more stuff

Blocking Malware and Other Attacks

  • Anti-Malware on Mail Servers
  • Anti-Malware on All Systems
  • Boundaries or Firewalls
  • Antivirus Software
    • Signature Based Detection
      • Detects Known Patterns by checking against signature files
    • Heuristic-Based Detection
      • Watches for “viral behavior” rather than specific signatures
    • Checking File Integrity
      • If System file hashes change, you can tell they’ve been modified and there might be a virus
    • Pop-up blockers
    • Spam Filters
      • UTM contains spam filter, and Email server also scans for spam
      • User system also scans for spam
      • Don’t throw the baby out with the bathwater
    • Anti-Spyware
      • Specifically protects user info

Why Social Engineering Works

  • Authority
    • Impersonation
    • Whaling
    • Vishing
    • If someone looks legit, users don’t want to question them.
  • Intimidation
    • Bullying tactics, making things seem urgent and critical
    • Make the risk of non-compliance high
  • Consensus/Social Proof
    • Fake testimonials/reviews
    • Fake popularity
  • Scarcity
    • Limited quantities imply urgency
  • Urgency
    • Give people limited time to respond to panic them
  • Familiarity/Likability
  • Trust
Advertisements
Advertisements

I post all things that interest me. Mainly computers.

%d bloggers like this: