issc342 discussion response

issc342 discussion response

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Instructions:

1. Discuss tools and techniques to remove Malware from infected machines; using a popular product to make your point.

2. Discuss the vulnerabilities that computer memory and computer process have that malware can take advantage of and exploit.

3. List any observations, tips or questions about this lab that would prove helpful to fellow students prior to midnight on Wednesday and comment on other student posts with value added comments (not simply agreeing) by midnight Sunday for full credit consideration.

Student one:

Class,

Here’s my submission for this week’s forum:

1. Discuss tools and techniques to remove Malware from infected machines; using a popular product to make your point.

Anti-malware programs multiple techniques to scan files and applications for malware. Programs like Bitdefender Total Security use a variety of techniques to scan and detect viruses. Malware detection software has changed from an add-on tool to a must-have system requirement. Beyond the standard anti-malware capabilities, Bitdefender also comes with VPN and ransomware protection, anti-theft for Windows, Android, and iOS as well as remote control and monitoring (Rubenking, 2018).

2. Discuss the vulnerabilities that computer memory and computer process have that malware can take advantage of and exploit.

Malware can take advantage of computer memory and processes and exploit them. For instance, worms can be considered a special type of malware that can replicate and consume memory, but not attach to other programs. One example would be the ElkCloner virus of 1982. This virus spread rapidly and remained in the computer’s memory to hide and cause further infection. It would then infect floppy disks which were inserted at a later time. Such malware can even take advantage of system processes with the ability infect a system before the antimalware even has a chance to kick in as it strikes during the startup process (Oriyano, 2011).

3. List any observations, tips or questions about this lab that would prove helpful to fellow students prior to midnight on Wednesday and comment on other student posts with value added comments (not simply agreeing) by midnight Sunday for full credit consideration.

There wasn’t anything particularly tricky about this lab. It was time consuming only due to the fact that you have to do a number of different scans which always tend to add up by the time you go through both sections. If there is anything to add, don’t forget during the process of adding Windows Defender through Server Manager that there’s an option to simply allow the server to restart on its own. Not a big deal but then you don’t have to go through the step of restarting it via command in the next step. Also, during the scans, take that time to answer your forums so you can kill two birds with one stone as it ends up being 15+ minutes. Unfortunately, I opted to play games on my phone but in my defense, I beat my high score, haha.

Respectfully,

Shonnie

Work Cited:

Oriyano, Sean, and Michael Gregg. Hacker techniques, tools, and incident handling. Sudbury, MA: Jones & Bartlett Learning, 2011. Print.

Rubenking, N. J. (2018, July 31). Bitdefender Total Security. Retrieved from https://www.pcmag.com/review/325833/bitdefender-to…

Student two:

To have the highest probable chance of removing malware I feel the user should always use an offline approach during the malware removal process. Once a system is known to have malware, it should be unplugged from the Internet and powered off immediately to minimize damage by stopping the malware from running in memory. If the malware removal was using an online approach the malware could be coded to prevent the user from running security tools, provide false feedback, or do further damage such as sending the user’s files to a remote location or encrypting it using ransomware. Since an attacker that has planted a backdoor in a user’s system needs to have it stored in persistent memory to maintain control of the victim’s system, if the computer is shutdown, then the attacker who has control of the backdoor cannot do any further damages to the victim.

Malware analysis can be performed to determine its behavior by using some offline analysis techniques such as using a live cd to work with the infected filesystem, removing the hard drive and mounting it in another machine that is dedicated specifically for malware analysis, or cloning the filesystem and running it in a sandboxed environment. Additionally, using a separate computer to research the characteristics of the malware using the Internet could also deem helpful in footprinting the type of malware that is currently on the infected filesystem.

However, there is never a guarantee that malware is removed from a system. The malware can be a rootkit on the kernel level, which can remain undetected for the remaining systems life cycle or there could be continuous hardware or firmware issues. To have the highest chance of malware removal the system should be wiped clean and the user’s data should be restored from backup. An alternative method could be if the user has an automated recovery solution such as a containment system or snapshot. Some popular automated malware removal products are Norton, Windows Malicious Software Removal Tool, Kaspersky, Malwarebytes, and Webroot. Though an anti-virus is only as effective as its signature database, and for every malware caught (e.g. from file submissions such as VirusTotal.com) there are thousands still left undetected in the wild or the original malware on the system could of been a polymorphic virus to avoid the detection of its previous signature. Therefore, I feel wiping the system and restoring it from a previous backup is the only way to reach the highest chance of removing the malware.

A vulnerability that computer memory and processes have that malware can take advantage of and exploit is a buffer overflow. A buffer overflow is a programming error that can be exploited to introduce malware into a system. This occurs when a program or a system process attempts to write more data to a fixed length block of memory than the buffer is allocated to store. A buffer can only hold a certain amount of memory, and if there is more memory than what it can hold it overflows into an adjacent memory location. Malicious code can exploit this to cause malicious activities such as causing system crashes, slowing down applications, or inject custom tailored malware through a buffer overflow into the victim’s system.

I also have not done this weeks lab yet. There is no excuse for my actions. My Oculus Quest VR system was delivered to me a week ago and has taken a huge chunk of my time…I will be back on track for next week!

References

Cypress Data Defense. (2017, September 21). Buffer Overflow Attacks – All You Need to Know. Retrieved from https://www.cypressdatadefense.com/education-training/buffer-overflow-attacks-need-know/

Berkeley. (n.d.). Cleaning an Infected Computer of Malware. Retrieved from https://security.berkeley.edu/resources/best-practices-how-articles/compromised-systems/cleaning-infected-computer-malware

Jacobs, M., Leo, T., Leo, Huff, T., Fussell, J., Jacobs, M., . . . Tilley, C. (2017, March 16). Offline Anti-Malware Tools. Retrieved from https://askleo.com/offline-anti-malware-tools/

Phillips, G. (2017, November 30). The Complete Malware Removal Guide. Retrieved from https://www.makeuseof.com/tag/download-operation-cleanup-complete-malware-removal-guide/

Smith, C. (2018, March 12). Undetected for 6 years, sophisticated malware can spy on PCs through your router. Retrieved from https://bgr.com/2018/03/12/slingshot-malware-routers-infected-pcs/

-Justin