Networking Chapter 5 Instructors Manual Materials Accompany Computer Security Fundamentals Malware Objectives When

Instructor’s Manual Materials to Accompany

COMPUTER SECURITY FUNDAMENTALS

CHAPTER 5

MALWARE

CHAPTER 5 OBJECTIVES

When students have finished reading this chapter, they will be able to:

• Understand viruses (worms) and how they propagate, including the Sobig and Sasser types.

• Have a working knowledge of several specific virus outbreaks.

• Understand how virus scanners operate.

• Understand what a Trojan horse is and how it operates.

• Have a working knowledge of several specific Trojan horse attacks.

• Grasp the concept behind the buffer overflow attack.

• Have a better understanding of spyware and how it enters a system.

• Defend against each of these attacks through sound practices, antivirus software, and anti-spyware

software.

CHAPTER OVERVIEW

In this chapter, you will learn about the how and why of virus outbreaks and Trojan horses. Other malware will be

explored, such as buffer overflow attacks and spyware. Your ability to defend against such attacks will be

enhanced by expanding your knowledge of how they work. In the exercises at the end of the chapter, you will

have the opportunity to research preventative methods for viruses and try out antivirus methods from McAfee and

Norton.

The major sections in this chapter are:

2. Trojan Horses. Explores Trojan horses and how to prevent them.

2

3. Buffer Overflow. Explores buffer overflows and how to prevent them.

4. Spyware. Covers spyware and discusses the use of spyware and key loggers.

6. Detecting and Eliminating Viruses and Spyware. Describes some tools that can be used to detect and

eliminate malware; discusses several useful Web sites and utilities.

CHAPTER OUTLINE

I. Chapter 5 Objectives

II. Introduction

III. Viruses

How a Virus Spreads

Types of Viruses

Macro

Multi-Partite

Armored

Memory Resident

Sparse Infector

Polymorphic

Recent Virus Examples

W32/Netsky-P

1.Troj/Invo-Zip

3. The Sobig Virus

4. The Mimail Virus

The Bagle Virus

A Nonvirus Virus

Rules for Avoiding Viruses

IV. Trojan Horses

V. The Buffer Overflow Attack

VI. The Sasser Virus/Buffer Overflow

VII. Spyware

Legal Uses of Spyware

How Is Spyware Delivered to a Target System?

Obtaining Spyware Software

VIII. Other Forms of Malware

Rootkit

Malicious Web-Based Code

Logic Bombs

Spam

APT

IX. Detecting and Eliminating Viruses and Spyware

Antivirus Software

Antispyware Software

X. Summary

XI. Test Your Skills

XII. Exercises

XIII. Projects

KEY TERMS

adware Software loaded onto your machine, often without your knowledge, which causes ads to pop up on your

screen. This technology often works in a different manner than web page pop-ups; thus, pop-up blockers will not

stop it.

APT Advanced Persistent Threat

back door A hole in the security system deliberately left by the creator of the system.

buffer overflow An attack that involves loading a buffer with more data than it is designed to hold.

code The source code for a program or the act of programming, as in “to code an algorithm.”

cookie A small file containing information from a Web site.

key logger Software that logs key strokes on a computer.

malware Any software that has a malicious purpose, such as a virus or Trojan horse.

on-demand virus scanners Virus scanning that runs when requested by the user.

port A numerical designation for a connection point on a computer. There are well-defined ports for specific

protocols such as FTP port 21, HTTP port 80, and so forth.

Trojan horse Software that appears to have a valid and benign purpose but actually has a malicious purpose.

virus Software that is self-replicating and spreads like a biological virus.

TEACHING NOTES

I. Viruses

Teaching Tips: Ask students whether any of them have had their PC infected with a virus.

What was the result? How did they recover?

II. Trojan Horses

Teaching Tips: Many Trojan horses are used to pick up IDs and passwords. Demonstrate that,

in Windows, you can press [Alt] [Ctrl] and [Del] to be sure you are logging into the Microsoft authentication

program.

III. Buffer Overflow

Teaching Tips: Keep typing into a web page past the end of the field to see what the web

page does.

IV. Spyware

PROJECTS/EXERCISES

I. Discussion Questions

A. Discussion Question 1

Should parents install spyware on their PC to monitor their children’s activities?

B. Discussion Question 2

Do pop-up blockers block an advertiser’s freedom of speech?

II. Web Projects

A. Web Project 1

Cell phones are actually mobile computers. It didn’t take long before someone wrote

malware for one. Go to Google.com and enter “cell phone virus.” Are there many cell phone

viruses “out in the wild” yet? What do they do? How to they propagate? What cell phones are

vulnerable?

B. Web Project 2

Go to http://www.kazaa.com/us/index.htm for the Kazaa Peer to Peer file sharing system.

Click the Privacy button. Click Our Privacy Statement. Find out what information is collected by

the different software programs installed with Kazaa. What do these programs do to your

computer? Can you “opt out”? Is Kazaa spyware or adware?

C. Web Project 3

Go to Google.com and enter “hardware keylogger.” You can record keystrokes without

installing software by using a device that attaches between the keyboard cable and behind your

PC. How much do these devices cost? How many keystrokes can they record? How can you

detect if one is attached without looking at the back of your computer? Check out

http://keystroke-loggers.staticusers.net/hardware.shtml.

D. Web Project 4

When is it legal to use spyware? In Florida, a wife used spyware to gather evidence. The

wife who installed spyware on her husband’s computer to secretly record evidence of an

extramarital affair violated Florida law. The Florida Appeals Court said that she “illegally

obtained” records of her husband’s online conversations with another woman. If you can’t spy on

your family, who can you spy on? Go to Google.com and type in your state and “spyware court.”

See if you can find out what the laws in your state say about legal use of spyware.

WEB RESOURCES

• http://www.f-secure.com/virus-info/virus-news/ Virus news and information from the F-Secure Corporation

• http://www.cert.org/nav/index_red.html Virus information from the CERT® Coordination Center of

Carnegie-Mellon University, a reporting center for Internet security problems

• http://www.spywareguide.com Information on spyware and adware, product reviews, and privacy tips from

the SpywareGuide site

• http://www.spectorsoft.com — Spector Pro Internet monitoring and reporting software from the SpectorSoft

Corporation

CHAPTER REVIEW/ANSWERS TO TEST YOUR SKILLS

Multiple Choice Questions

1. Which of the following is the best definition of virus?

2. What is the most common damage caused by virus attacks?

3. What is the most common way for a virus to spread?

4. Which of the following is the primary reason that Microsoft Outlook is so often a target for virus attacks?

5. Which of the following virus attacks used a multimodal approach?

6. What factor about the Sobig virus made it most intriguing to security experts?

7. What was most interesting to security experts about the Mimail virus?

8. Which of the following reasons most likely made the Bagle virus spread so rapidly?

9. What made the Bagle virus so dangerous?

10. Which of the following is a way that any person can use to protect against virus attacks?

11. Which of the following is the safest way to send and receive attachments?

12. Which of the following is true regarding e-mailed security alerts?

9

B

13. Which of the following is something a Trojan horse might do?

14. What is a buffer overflow attack?

15. What virus exploited buffer overflows?

16. What can you do with a firewall to help protect against virus attacks?

17. A key logger is what type of malware?

18. Which of the following is a step that all computer users should take to protect against virus attacks?

19. What is the primary way a virus scanner works?

20. What other way can a virus scanner work?

Exercises

EXERCISE 5.1: USING NORTON ANTIVIRUS AND EXERCISE 5.2: USING MCAFFEE ANTIVIRUS

EXERCISE 5.3: PREVENTING SASSER, EXERCISE 5.4: PREVENTING SOBIG, AND EXERCISE 5.5:

LEARNING ABOUT CURRENT VIRUS ATTACKS

These exercises ask students to use well-known Web resources to identify information about potential virus

Projects

PROJECT 5.1: ANTI–VIRUS POLICIES

This activity can be completed by a student working alone, or as a group project. Students are asked to write an

original antivirus policy for a small business or school. Check that the policies are written to cover both technical

and procedural guidelines. The successful completion of this project should include a policy list that covers the

following five areas.

PROJECT 5.2: THE WORST VIRUS ATTACKS

Students are asked to discuss the virus that they consider to have been the worst in history. Successful students

PROJECT 5.3: WHY WRITE A VIRUS?

This project asks students to speculate about virus writers’ motives. There is no clear right or wrong answer. The

Case Study

This case study requires students to consider how to secure a network from virus attacks. To do the case study,

students need to apply all the knowledge presented in this chapter and gathered from the previous exercises and

projects. Look to see if students can determine where the school’s system is still unsecured. Students should