07-11-2016, 10:58 AM
[attachment=74704]
Malicious Programs
• Two categories:
– Those that need a host program –
fragments of programs - parasitic
– Those that are independent – self
contained
• Some replicate – used as a differentiator
Malicious Programs
• Logic Bombs: logic embedded in a program that checks
for a set of conditions to arise and executes some
function resulting in unauthorized actions
• Trapdoors: secret undocumented entry point into a
program, used to grant access without normal methods
of access authentication (e.g.,War Games)
Malicious Programs
• Trojan Horse: secret undocumented routine embedded
within a useful program, execution of the program results
in execution of the routine
• Common motivation is data destruction
Malicious Programs
• Zombie: a program that secretly takes over an Internet
attached computer and then uses it to launch an
untraceable attack
• Very common in Distributed Denial-Of-Service attacks
Viruses
• Viruses: code embedded within a program that
causes a copy of itself to be inserted in other
programs and performs some unwanted function
• Infects other programs
• Code is the DNA of the virus
Worms
• Worms: program that can replicate itself and send copies
to computers across the network and performs some
unwanted function
• Uses network connections to spread from system to
system
Bacteria
• Bacteria: consume resources by replicating
themselves
• Do not explicitly damage any files
• Sole purpose is to replicate themselves
• Reproduce exponentially
• Eventually taking up all processors, memory or disk
space
Trapdoors
• A trapdoor is a deliberate hole built in to a computer
program, which can be used to gain unauthorised access
to a computer or network.
Backdoors
• Standard service on non-standard port, or on standard
port associated with different service. Examples
o SSH
o Rlogin
o Telnet
o FTP/SMTP
o Root shell
Rootkits
• A rootkit is a malicious program/computer virus designed
to take total control over a computer or IT system. The
rootkit stands above system administrators, which
means that not even the operating system is aware of its
existence.
Nature of Viruses
Four stages of virus lifetime
• Dormant phase: virus idle
• Propagation phase: cloning of virus
• Triggering phase: virus activation
• Execution phase: unwanted function performed
Avoiding Detection
• Infected version of program is longer than the
corresponding uninfected one
• Solution: compress the executable file so infected
and uninfected versions are identical in length
Types of Viruses
• Parasitic Virus: attached to executables, replicates
when program is executed
• Memory-resident virus: part of a resident system
program, affects every program executed
• Boot sector virus: infects a master boot record and
spreads when system is booted from infected disk
Types of Viruses
• Stealth virus: virus designed to hide itself from
detection by antivirus software (compression,
interception of I/O logic)
• Polymorphic virus: mutates with every infection
making detection by “signature” impossible (mutation
engine)
• Macro virus: infects Microsoft Word docs; 2/3’s of all
viruses
Macro Viruses
• 2/3s of all viruses
• Mainly Microsoft products – platform independent
• Affect documents not executables
• Easily spread by e-mail
• Autoexecuting macro is the culprit
Worms
• Uses network connections to spread from system to
system
• Similar to a virus – has same phases: dormant,
propagation, trigger and execution
• Morris Worm – most famous
• Recent: OSX.Leap.A, Kama Sutra,Code Red
Malicious Programs
• Two categories:
– Those that need a host program –
fragments of programs - parasitic
– Those that are independent – self
contained
• Some replicate – used as a differentiator
Malicious Programs
• Logic Bombs: logic embedded in a program that checks
for a set of conditions to arise and executes some
function resulting in unauthorized actions
• Trapdoors: secret undocumented entry point into a
program, used to grant access without normal methods
of access authentication (e.g.,War Games)
Malicious Programs
• Trojan Horse: secret undocumented routine embedded
within a useful program, execution of the program results
in execution of the routine
• Common motivation is data destruction
Malicious Programs
• Zombie: a program that secretly takes over an Internet
attached computer and then uses it to launch an
untraceable attack
• Very common in Distributed Denial-Of-Service attacks
Viruses
• Viruses: code embedded within a program that
causes a copy of itself to be inserted in other
programs and performs some unwanted function
• Infects other programs
• Code is the DNA of the virus
Worms
• Worms: program that can replicate itself and send copies
to computers across the network and performs some
unwanted function
• Uses network connections to spread from system to
system
Bacteria
• Bacteria: consume resources by replicating
themselves
• Do not explicitly damage any files
• Sole purpose is to replicate themselves
• Reproduce exponentially
• Eventually taking up all processors, memory or disk
space
Trapdoors
• A trapdoor is a deliberate hole built in to a computer
program, which can be used to gain unauthorised access
to a computer or network.
Backdoors
• Standard service on non-standard port, or on standard
port associated with different service. Examples
o SSH
o Rlogin
o Telnet
o FTP/SMTP
o Root shell
Rootkits
• A rootkit is a malicious program/computer virus designed
to take total control over a computer or IT system. The
rootkit stands above system administrators, which
means that not even the operating system is aware of its
existence.
Nature of Viruses
Four stages of virus lifetime
• Dormant phase: virus idle
• Propagation phase: cloning of virus
• Triggering phase: virus activation
• Execution phase: unwanted function performed
Avoiding Detection
• Infected version of program is longer than the
corresponding uninfected one
• Solution: compress the executable file so infected
and uninfected versions are identical in length
Types of Viruses
• Parasitic Virus: attached to executables, replicates
when program is executed
• Memory-resident virus: part of a resident system
program, affects every program executed
• Boot sector virus: infects a master boot record and
spreads when system is booted from infected disk
Types of Viruses
• Stealth virus: virus designed to hide itself from
detection by antivirus software (compression,
interception of I/O logic)
• Polymorphic virus: mutates with every infection
making detection by “signature” impossible (mutation
engine)
• Macro virus: infects Microsoft Word docs; 2/3’s of all
viruses
Macro Viruses
• 2/3s of all viruses
• Mainly Microsoft products – platform independent
• Affect documents not executables
• Easily spread by e-mail
• Autoexecuting macro is the culprit
Worms
• Uses network connections to spread from system to
system
• Similar to a virus – has same phases: dormant,
propagation, trigger and execution
• Morris Worm – most famous
• Recent: OSX.Leap.A, Kama Sutra,Code Red