Patterns of malware and digital attacks : A guideline for the security enthusiast / Patterns of malware and digital attacks : A guideline for the security enthusiast

Güven, Wolf

January 2018

Context: In today’s era, many things are dependent on the internet thus the devices and applications that are using it proliferates. Every day, many devices are getting targeted by malevolent virus authors. To protect the data from malicious factors becomes a preposterous dispute. A ransomware named CryptoLocker has caused many individuals, hospitals, and institutions thousands if not millions of dollars in damage due to encrypting the computer files thus demanding a ransom in return. Once the ransomware strikes a system, the recoverability is almost non-existent if no backup or system restore is present due to the private key which was used to encrypt files is encrypted and sent to the attacker’s database. Without the key, there is no recovery for restoring files. Objective: Exploratory research is conducted to reveal unique methods ransomware and keylogger may use to strike a system. The goal is to disclose protection policies of the Windows systems for the security enthusiasts and computer users. Three main objectives are present; how viruses hide in a system without servicing any rootkits to hide the malware, how ransomware and keylogger can be used together to deliver damage, and how to covert CPU usage of the ransomware during the encryption routine. Method: To answer the questions and exploit new features, ransomware, keylogger and a trojan horse is built. Original CryptoLocker architecture has been analyzed, and some methods have been derived. The final application is running on the Windows operating system; Windows 10. Win32 API, C++, and C# are used for the construction of the malware programs. Visual Studio 2017 has been used as an IDE. Results: The testing results reveal that running encryption routine as a background thread covert the CPU usage except the operation time increases by five times. The experiments show that disguising a malware program among the task manager process list is possible by setting Win32 API flag within the execution of the program. Changing the malware name, signature, and description of the program further enhance the sustainability rate from the everyday users.

malware

ransomware

keylogger

virus

antivirus

encryption

infection

protection

user guideline

digital attack

Software Engineering

Programvaruteknik

Into the Gates of Troy : A Comparative Study of Antivirus Solutions for the Detection of Trojan Horse Malware.

Hinne, Tom

January 2024

In the continuously evolving field of malware investigation, a Trojan horse, which appears as innocent software from the user's perspective, represents a significant threat and challenge for antivirus solutions because of their deceptive nature and the various malicious functionalities they provide. This study will compare the effectiveness of three free antiviruses for Linux systems (DrWeb, ClamAV, ESET NOD32) against a dataset of 1919 Trojan malware samples. The evaluation will assess their detection capabilities, resource usage, and the core functionalities they offer. The results revealed a trade-off between these three aspects: DrWeb achieved the highest detection rate (93.43%) but consumed the most resources and provided the most comprehensive functionalities. While ClamAV balanced detection and resource usage with less functionality, ESET NOD32 prioritised low resource usage but showcased a lower detection rate than the other engines (80.93%). Interestingly, the results showed that the category of Trojan horse malware and the file format analysed can affect the detection capabilities of the evaluated antiviruses. This suggests that there is no “silver bullet” for Linux systems against Trojans, and further research in this area is needed to assess the detection capabilities of antivirus engines thoroughly and propose advanced detection methods for robust protection against Trojans on Linux systems.

Malware analysis

Antivirus

Linux

Malware

Static analysis

Dynamic Analysis

Hybrid Analysis

Trojan horse

Computer Systems

Datorsystem

Transmission mère-enfant du virus de l'immunodéficience humaine de type 1 Rôle des anticorps neutralisants et caractéristiques moléculaires des variants transmis. /

Samleerat, Tanawan Barin, Francis. Leechanachai, Pranee

January 2008

Thèse de doctorat : Sciences de la vie et de la santé : Tours : 2008. Thèse de doctorat : Sciences de la vie et de la santé : CHIANG MAI UNIVERSITY : 2008. / Thèse soutenue en co-tutelle. Titre provenant de l'écran-titre.

Antivirusinių programų failinės sistemos realaus laiko stebėjimo algoritmai / Real-time Tracking System for Antivirus Engines

Talmontienė, Jūratė

19 June 2013

Šiame baigiamajame darbe yra nagrinėjami antivirusinėse programose taikomi failinės sistemos realaus laiko stebėjimo metodai – API sąsajos funkcijų perėmimas, failinių sistemų filtravimo tvarkyklės, dėklinės failinės sistemos, FUSE technologijos panaudojimas. Pateikiami metodų privalumai ir trūkumai. Darbo pabaigoje aprašoma C/C++ programavimo kalbomis sukurta realaus laiko failinės sistemos stėbėjimo programa - failinės sistemos filtravimo tvarkyklė ir vartotojo lygio modulis. Darbą sudaro šešios pagrindinės dalys: įvadas, teorinė, analitinė ir programavimo dalys, išvados ir literatūros sąrašas. Darbo apimtis – 54 p. teksto be priedų, 16 pav., 3 lent., 28 bibliografiniai šaltiniai. Atskirai pridedami darbo priedai. / In this final work antivirus file system real-time file system tracking methods – usage of file system filter drivers, API hooking, stackable file systems, FUSE technology for antivirus are analyzed. The pros and cons of these methods are given. At the end of the thesis real-time file system tracking program developed in the C/C++ programming languages is presented. Created program consists of two parts – file system filter driver and user-mode module. Structure of the work: introduction, theoretical, analysis and programming parts, conclusions, references. Thesis consists of: 54 p. text without appendixes, 16 pictures, 3 tables, 28 bibliographical entries. Appendixes included.

Informatics Engineering

Antivirusinė programa

API perėmimas

Failinė sistema

Filtravimo tvarkyklė

Libclamav

Antivirus

API hooking

File system

Filter driver

Libclamav

Säkerhetshot och lösningar för privatpersoner med bredband / Security threats and solutions for people with broadband

Bilan, Carolina, Hedberg, Carl

January 2001

As more and more people gain access to broadband in their properties, the security threats get bigger. A lot more people also have computers that they carry home from work where they store important information concerning the company. The information stored on theese computers can be very easy to retrieve if you have the will and the skill to do it. Very few people have any knowledge how to protect themselves from theese threats.

Bredband

Brandvägg

Säkerhet

Virus

Antivirus

Personlig Brandvägg

Hackning

Hackare

Broadband

Firewall

Security

Hacking

Hackers

Computer Sciences

Datavetenskap (datalogi)

Analýza trhu bezpečnostního softwaru / Market analysis of security software

Doležal, Ladislav

January 2013

In this thesis, I analyze the global supply of security software (for operating system Win-dows) with a focus on anti-virus programs, which currently mostly implicitly include vari-ous modules of security software. In the first part of my thesis, I will focus on the clarification of issues related to IS / IT se-curity and cybercrime. I describe here the security IS / IT in general, describes the basic concepts and information safety, so that readers gain a basic understanding of this issue. I explain the concept of cybercrime and characterize its main crime. The second part will focus on the clarification of issues relating to security and safety not only domestic, but also corporate computers. I further characterize the greatest threats of our time for PC users and the possibility of prevention. In the third part, I will analyze the security software market analysis due to their market shares and qualifying tests conducted by recognized independent organizations, so to currently provide their full offer. Using the survey I will find out what is the awareness on the selection and use of antivirus software, and on this basis determine what antivirus software are most popular by users.

Rozhraní pro jádro antivirového software / Interface for Core of Antivir Software

Valouch, Tomáš

January 2008

This master's thesis is dealing with problematics of antivirus program development. It describe evolution of viruses, antiviruses and it is trying to estimate the future development in this area of interest. There is described a design of graphic user interface for antivirus program. Finally are dicussed possible approaches for implementing the graphics user interface for forementioned antivirus program. Important part of this thesis is part which is dealing with description of implementation of mentioned user interface.

On the (in)security of behavioral-based dynamic anti-malware techniques

Ersan, Erkan

21 April 2017

The Internet has become the primary vector for the delivery of malicious code in cyber attacks, and malware has rapidly become a pervasive critical threat. Anti- malware products offer effective protection from malware threats for servers and endpoint devices using a variety of techniques. Advanced enterprise-level anti-malware products rely on state-of-art behavioral-based detection algorithms, in addition to traditional signature-based mechanisms. These dynamic detection techniques have been around for more than a decade and in response hackers have developed methods to evade them. However, currently known bypass methods require intensive manual labor. Moreover, this manual work has to be repeated whenever a parameter of the environment (such as the payload, operating system, Antivirus version, etc) changes, making these methods impractical. This may lead to the belief that dynamic techniques provide a good deterrence, and hence good protection. In this thesis we evaluate dynamic techniques. Specifically, we build tools to implement generic unhooking and funneling, and using these tools we show how dynamic techniques can be bypassed with considerably less effort than by fully manual methods. We also extend the repertoire of existing bypass methods and introduce a new malicious function call technique which exploits detection techniques that monitor a limited collection of critical system functions, as well as a method for bypassing guard-page protections. We demonstrate the effectiveness of all our techniques by conducting attacks against two enterprise antivirus products. Our results lead us to conclude that that dynamic techniques do not provide sufficient protection. / Graduate / 2018-02-07 / 0984 / erkanersan@gmail.com

Malware

Malware Detection

Computer Security

Anti-malware

Antivirus

Cyber Attacks

Behavioral-based Detection

EMET

Hooking

Unhooking

Guard Pages

Bypassing Techniques

Evasion Techniques

Evasion

funneling

Control Flow Integrity

CFI

Web-based malware

ROP

Return-Oriented Programming

Shellcode

Payload

Windows

Anti-malware Evaluation

Antivirus Evaluation

Anti-malware Effectiveness

Antivirus Effectiveness

Návrh elektronického obchodu / Concept of E-shop

Morávek, David

January 2008

This thesis deals with a creation of a company´s electronic shopping. On the basis of the knowledge and information acquired from a theoretical part, the suggestion involves the best possibilities of electronic shopping that will lead to a stable and firm position on this kind of market, and to increase of the capital as well as the reputation of the company with potential customers.