Scribd
Upload
34 views38 pages

Lecture 12 Malicious Software

The document discusses various types of malicious software including viruses, worms, Trojan horses, and zombies. It describes how viruses and worms operate and spread, and covers techniques used in anti-virus software and for mitigating distributed denial of service attacks.

Uploaded by

Shahzad Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
34 views38 pages

Lecture 12 Malicious Software

The document discusses various types of malicious software including viruses, worms, Trojan horses, and zombies. It describes how viruses and worms operate and spread, and covers techniques used in anti-virus software and for mitigating distributed denial of service attacks.

Uploaded by

Shahzad Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 38

Milicious Software

Ali Ahmad Siddiqui


Welcome!!
Insert the title of your subtitle Here
Chapter 19 – Malicious Software

What is the concept of defense: The parry-


ing of a blow. What is its characteristic fea-
ture: Awaiting the blow.
—On War, Carl Von Clausewitz
Viruses and Other Malicious Con-
tent
Malicious Software
Backdoor or Trapdoor
Logic Bomb
Trojan Horse
Zombie
Viruses
Virus Operation
Virus Structure
program V :=
{goto main;
1234567;
subroutine infect-executable := {loop:
file := get-random-executable-file;
if (first-line-of-file = 1234567) then goto loop
else prepend V to file; }
subroutine do-damage := {whatever damage is to be done}
subroutine trigger-pulled := {return true if condition holds}
main: main-program := {infect-executable;
if trigger-pulled then do-damage;
Types of Viruses
Macro Virus
Email Virus
• spread using email with attachment con-
taining a macro virus
– cf Melissa
• triggered when user opens attachment
• or worse even when mail viewed by using
scripting features in mail agent
• hence propagate very quickly
• usually targeted at Microsoft Outlook mail
Worms
Worm Operation
Morris Worm
Recent Worm Attacks
• new spate of attacks from mid-2001
• Code Red - used MS IIS bug
– probes random IPs for systems running IIS
– had trigger time for denial-of-service attack
– 2nd wave infected 360000 servers in 14 hours
• Code Red 2 - installed backdoor
• Nimda - multiple infection mechanisms
• SQL Slammer - attacked MS SQL server
• Sobig.f - attacked open proxy servers
Worm Techology
Virus Countermeasures
Anti-Virus Software
• first-generation
– scanner uses virus signature to identify virus
– or change in length of programs
• second-generation
– uses heuristic rules to spot viral infection
– or uses crypto hash of program to spot changes
• third-generation
– memory-resident programs identify virus by actions
• fourth-generation
– packages with a variety of antivirus techniques
– eg scanning & activity traps, access-controls
Advanced Anti-Virus Techniques
Digital Immune System
Behavior-Blocking Software
Distributed Denial of Service At-
tacks (DDoS)
• Distributed Denial of Service (DDoS) at-
tacks form a significant security threat
• making networked systems unavailable
• by flooding with useless traffic
• using large numbers of “zombies”
• growing sophistication of attacks
Distributed Denial of Service At-
tacks (DDoS)
Contructing the DDoS Attack
Network
• must infect large number of zombies
• needs:
1. software to implement the DDoS attack
2. an unpatched vulnerability on many systems
3. scanning strategy to find vulnerable systems
– random, hit-list, topological, local subnet
DDoS Countermeasures
• three broad lines of defense:
1. attack prevention & preemption (before)
2. attack detection & filtering (during)
3. attack source traceback & ident (after)
• huge range of attack possibilities
• hence evolving countermeasures
Summary
SSL
• An industry standard security technology for establishing an encrypted
link between a web server and a browser

• A certificate is required to established a trust. Web server requires an


SSL certificate to create secure connection
SSL Certificate
• Contains a public key of the owner
• Certificate owner ID
• Name of the issuer
• Signature of the Certificate Authority
How to get the digital SSL Certificate

• To get a certificate, you must


create a Certificate Signing Request (CSR) on your server
• This process creates a private key and public key on your server
• The CSR file that you send to CA only contains public key
• CA checks the identity of the sender, puts a stamp (digital signature)
on the certificate and send it back to the owner
• Once you get the certificate, you have to install it on the server
How SSL certificate works

• When a browser attempts to access a website that is secured by


SSL, the browser and the web server establish an SSL connection
using a process called an “SSL Handshake”

• three keys are used to set up the SSL connection: the public, private
and session keys

• Public key algorithm is only used during SSL handshake to create


symmetric key. All transmitted data is encrypted using symmetric
session key
• Browser connects to a web server (website) secured with SSL (https). Browser re-
quests that the server identify itself
• Server sends a copy of its SSL Certificate, including the server’s public key
• Browser checks the certificate root against a list of trusted CAs and that the certificate
is unexpired, unrevoked, and that its common name is valid for the website that it is
connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a
symmetric session key using the server’s public key
• Server decrypts the symmetric session key using its private key and sends back an ac-
knowledgement encrypted with the session key to start the encrypted session
• Server and Browser now encrypt all transmitted data with the session key
SSL vs TLS

• TLS (Transport Layer Security) is the newer version of SSL

• SSL 2.0 and SSL 3.0 were released

• SSL 4.0 is referred to as TLS


Private/Public Key Mechanism
– Example: PGP (Pretty Good Privacy)
6. verify the sig-
1. signed with the 5. decrypted with the nature using the
sender’s private key session key sender’s public
2. encrypted with key
the session key

4. decrypted with the re-


3. encrypted with the re-
cipient’s private key
cipient’s public key
Thank you
Insert the title of your subtitle Here

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy