Scribd
Upload
6 views

Lect9

.

Uploaded by

kmf6004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

Lect9

.

Uploaded by

kmf6004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Information Security &

Privacy
AlBaha University
Faculty of Computer Science and Information Technology
Department of Computer Science

Dr. Sonia ABDELKARIM

1.1
Malicious Software
Chapter 9

AlBaha University Faculty of Computer Science and Information Technology Dr. Sonia Abdelkarim 1.2
Viruses and Other Malicious Content
computer viruses have got a lot of publicity
one of a family of malicious software
effects usually obvious
have figured in news reports, fiction, movies
(often exaggerated)
getting more attention than deserve
are a concern though
3
Malicious Software

4
Backdoor or Trapdoor

• secret entry point into a program


• allows those who know access bypassing usual security
procedures
• have been commonly used by developers
• a threat when left in production programs allowing
exploited by attackers
• very hard to block in O/S
• requires good s/w development & update

5
Logic Bomb

• one of oldest types of malicious software


• code embedded in legitimate program
• activated when specified conditions met
• eg presence/absence of some file
• particular date/time
• particular user
• when triggered typically damage system
• modify/delete files/disks, halt machine, etc

6
Trojan Horse

• program with hidden side-effects


• which is usually superficially attractive
• eg game, s/w upgrade etc
• when run performs some additional tasks
• allows attacker to indirectly gain access they do not have directly
• often used to propagate a virus/worm or install a backdoor
• or simply to destroy data

7
Mobile Code

program/script/macro that runs unchanged


on heterogeneous collection of platforms
on large homogeneous collection (Windows)
transmitted from remote system to local system & then
executed on local system
often to inject virus, worm, or Trojan horse
or to perform own exploits
unauthorized data access, root compromise

8
Multiple-Threat Malware
malware may operate in multiple ways
multipartite virus infects in multiple ways
eg. multiple file types
blended attack uses multiple methods of infection or
transmission
to maximize speed of contagion and severity
may include multiple types of malware
eg. Nimda has worm, virus, mobile code
can also use IM & P2P

9
Viruses
piece of software that infects programs
modifying them to include a copy of the virus
so it executes secretly when host program is run
specific to operating system and hardware
taking advantage of their details and weaknesses
a typical virus goes through phases of:
dormant
propagation
triggering
execution

10
Virus Structure
components:
infection mechanism - enables replication
trigger - event that makes payload activate
payload - what it does, malicious or benign
prepended / postpended / embedded
when infected program invoked, executes virus code then
original program code
can block initial infection (difficult)
or propogation (with access controls)

11
Virus Structure
12
Compression Virus
13
Virus Classification
boot sector
file infector
macro virus
encrypted virus
stealth virus
polymorphic virus
metamorphic virus

14
Macro Virus
became very common in mid-1990s since
platform independent
infect documents
easily spread
exploit macro capability of office apps
executable program embedded in office doc
often a form of Basic
more recent releases include protection
recognized by many anti-virus programs

15
E-Mail Viruses

more recent development


e.g. Melissa
exploits MS Word macro in attached doc
if attachment opened, macro activates
sends email to all on users address list
and does local damage
then saw versions triggered reading email
hence much faster propagation

16
Virus Countermeasures

• prevention - ideal solution but difficult


• realistically need:
• detection
• identification
• removal
• if detect but can’t identify or remove, must
discard and replace infected program

17
Anti-Virus Evolution

virus & antivirus tech have both evolved


early viruses simple code, easily removed
as become more complex, so must the countermeasures
generations
first - signature scanners
second - heuristics
third - identify actions
fourth - combination packages

18
Thank You

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy