22-08-2012, 03:17 PM
MALICIOUS SOFTWARE
MALICIOUS.pdf (Size: 819.51 KB / Downloads: 159)
TYPES OF MALICIOUS SOFTWARE
The terminology in this area presents problems because of a lack of universal agreement
on all of the terms and because some of the categories overlap. Table 21.1 is a
useful guide.
Malicious software can be divided into two categories: those that need a host
program, and those that are independent. The former, referred to as parasitic, are
essentially fragments of programs that cannot exist independently of some
actual application program, utility, or system program. Viruses, logic bombs.
Backdoor
A backdoor, also known as a trapdoor, is a secret entry point into a program that
allows someone who is aware of the backdoor to gain access without going through
the usual security access procedures. Programmers have used backdoors legitimately
for many years to debug and test programs; such a backdoor is called a
maintenance hook. This usually is done when the programmer is developing an
application that has an authentication procedure, or a long setup, requiring the user
to enter many different values to run the application. To debug the program, the
developer may wish to gain special privileges or to avoid all the necessary setup and
authentication. The programmer may also want to ensure that there is a method of
activating the program should something be wrong with the authentication procedure
that is being built into the application. The backdoor is code that recognizes
some special sequence of input or is triggered by being run from a certain user ID or
by an unlikely sequence of events.
Backdoors become threats when unscrupulous programmers use them to
gain unauthorized access. The backdoor was the basic idea for the vulnerability
portrayed in the movie War Games.Another example is that during the development
of Multics, penetration tests were conducted by an Air Force “tiger team”
(simulating adversaries). One tactic employed was to send a bogus operating
system update to a site running Multics. The update contained a Trojan horse
(described later) that could be activated by a backdoor and that allowed the
tiger team to gain access. The threat was so well implemented that the Multics
developers could not find it, even after they were informed of its presence.
Logic Bomb
One of the oldest types of program threat, predating viruses and worms, is the
logic bomb.The logic bomb is code embedded in some legitimate program that is
set to “explode” when certain conditions are met. Examples of conditions that
can be used as triggers for a logic bomb are the presence or absence of certain
files, a particular day of the week or date, or a particular user running the application.
Once triggered, a bomb may alter or delete data or entire files, cause a
machine halt, or do some other damage.A striking example of how logic bombs
can be employed was the case of Tim Lloyd, who was convicted of setting a logic
bomb that cost his employer.
Mobile Code
Mobile code refers to programs (e.g., script, macro, or other portable instruction)
that can be shipped unchanged to a heterogeneous collection of platforms and
execute with identical semantics [JANS01]. The term also applies to situations
involving a large homogeneous collection of platforms (e.g., Microsoft Windows).
Multiple-Threat Malware
Viruses and other malware may operate in multiple ways. The terminology is far
from uniform; this subsection gives a brief introduction to several related concepts
that could be considered multiple-threat malware.
A multipartite virus infects in multiple ways.Typically, the multipartite virus is
capable of infecting multiple types of files, so that virus eradication must deal with
all of the possible sites of infection.