CII3E3/

Cyber Security
Week 8 – Malware
FAR
Malware
The collective name for software that has been
designed to disrupt or damage data, software or
hardware.
Several types of malware : viruses, worms and
Trojans
Evolved from its beginnings as demonstrations of
prowess by individual programmers to sophisticated
technologies developed by organised crime

2
Viruses
A piece of software that has been written to insert
copies of itself into applications and data and onto
crucial parts of a computer’s hard disk.
Attach themselves to specific applications on a
computer and are activated when the program is
first run
Majority of these programs are designed to harm
users, by corrupting their data or attacking the
operating system itself or providing an exploitable
‘back door’, giving attackers access to the computer
3
Worms
Self-replicating malware, but unlike a virus, a
worm is a standalone application
Spread through network connections, accessing
uninfected machines
(+) as ways of testing networks or distributing
software patches across a network
(-) consumes resources and can affect the
performance of a computer system

4
Trojans
Legitimate program but behind the scenes it is
causing damage (allowing someone else to gain
control of the computer)
Not self-replicating
Rely on their apparent usefulness to spread
between computers.
Work in isolation or rely on networks (either to
transmit stolen information or to act as back doors
to compromised computers)

5
How malware gets into your computer
Involve exploiting a combination of human and
technical factors.
 put a link in an email
 attach the malware to an email
 packaged with illegal copies of standard software

People choose to use these illegal copies rather

than pay for the genuine versions.

6
What is malware for?
1988 Morris Worm – the first worm to spread over
the internet
– To gauge the number of machines connected to the
network  do not intend to do harm
– The result : slow down the operation of infected machines
to the point of being unusable

It did not appear to do any actual harm to data.

Intellectual curiosity, financial gain or corporate
espionage

7
Phishing
Any attempt by attackers to steal valuable information
by pretending to be a trustworthy party
– Web phishing ; Email phishing ; Social media phising

Negative impact : bank accounts emptied, credit

references destroyed or lose personal or sensitive
information

8
E-Mail
email is moved around the world using the Simple
Mail Transfer Protocol (SMTP)
– a standard template of commands and formatting that
allow different mail programs, on a huge range of
computers, to understand one another.

Protocols  specify a set of special messages that

should be exchanged between computers to
achieve a particular functionality, in this case the
delivery of email.

9
Spam
Spammer programs : Used to send large volumes
of unwanted e-mail
Late 2003 saw the arrival of the Sobig.f worm,
which exploited open proxy servers to turn
infected machines into spam engines.
– one in every 17 messages and produced more than one
million copies of itself within the first 24 hours

10
Spoofing
Spammers who attack a mail system by changing
the information stored in email ‘envelopes’ which
enclose the messages themselves.
Disguise their actual address by writing new
addresses for the sender and the destination for
receipts.

11
Botnet
A group of computers that coordinate their activity
over the Internet
Harmless botnets  Internet Relay Chat (IRC)
text messaging program
A single piece of malware  enormous damage
Thousands, or even millions of computers run the
same program  can be devastating

12
How to face Phishing?
If you do receive an email that worries you from
an organisation such as a bank or shop that you
use, do not click on or follow the links in the
message
– Type in their web address
– Use their published phone number

Published policy : not asking for sensitive

information (your password) through email or
over the phone

13
How to avoid Phishing?
Spelling mistakes
Who is it to?
Poor quality images
Content of the email
Links

14
Keeping yourself protected
Installing antivirus software
Keeping up to date software
 May contain bugs, some of which could compromise your
security.
 continually being developed and replaced by a new version.

Looking out for the signs of phishing emails

Implementing new security developments
 Sandboxes
 Code signing

15
Antivirus software
Aims to detect, isolate and if necessary, delete
malware on a computer before it can harm data
– Signature : distinctive pattern of data either in memory or in
a file
 only detect malware for which a signature has been identified and
published by the antivirus program’s authors
 more sophisticated malware has the ability to change its program
disguising itself without affecting its operation
– Heuristics : use rules to identify viruses based on previous
experience of known viruses.
 not require specific knowledge about individual types of malware
 only draw conclusions based on past experience; radically new
malware (which appears all too regularly) can pass unnoticed

16
Sandboxes
A way for computers to run programs in a
controlled environment.
Offers a constrained amount of memory and only
allows very limited access to resources such as
operating system files, disks and the network.
Widely used in modern web browsers, browser
plugins, and the Adobe Acrobat PDF viewer.

17
Code Signing
A use of cryptography where software companies
issue digitally signed copies of their programs
that can be checked by recipients for its
authenticity.
Microsoft Windows, Mac OS and Linux 
guarantee that operating system updates are
genuine even if they are distributed using flash
memory cards rather than directly from the
publisher

18
References
Open University, Introduction to cyber security:
stay safe online, 2016.
Stallings, William, Cryptography and Network
Security: Principles and Practice, Pearson, 2017.

19
THANK YOU