Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh
-
Upload
molly-osborn -
Category
Documents
-
view
47 -
download
1
description
Transcript of Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh
![Page 2: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/2.jpg)
Malicious Software – “Presentation Outline”
• What is malicious software?• Categories of malicious software.• Different malicious software – viruses,
worms, Trojan Horse etc.• More description about viruses : Desirable properties of viruses. Identifying infected files and programs. Where do viruses reside. Identifying and detecting viruses – virus
signature. Effect of Virus attack on computer system.• Protection against attacks by malicious
software – preventing infection.• References.
![Page 3: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/3.jpg)
What is Malicious Software: Software deliberately designed to harm
computer systems.
Malicious software program causes undesired actions in information systems.
Spreads from one system to another through:1. E-mail (through attachments)2. Infected floppy disks3. Downloading / Exchanging of corrupted files4. Embedded into computer games
![Page 4: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/4.jpg)
Malicious Software - Categories
Malicious SoftwareMalicious Software
VirusesViruses TrapdoorTrapdoor WormsWormsSpywareSpywareTrojan HorseTrojan HorseHoaxesHoaxesRabbitRabbit
Time BombTime Bomb Logic BombLogic BombBoot VirusesBoot Viruses File VirusesFile Viruses
![Page 5: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/5.jpg)
Types of Malicious Software
• Virus : These are the programs that spread to other software in the system .i.e., program that incorporates copies of itself into other programs.
Two major categories of viruses:1. Boot sector virus : infect boot sector of systems.
become resident. activate while booting
machine2. File virus : infects program files.
activates when program is run.
![Page 6: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/6.jpg)
Categories of Viruses
Polymorphic
Virus Producesmodified &
fullyoperational
code. Produces
new& different
codeevery time
whenvirus is copied
&transmitted to
a new host. Difficult todetect &
remove.
StealthVirus Programmingtricks make the tracing andunderstanding the code
difficult. Complexprogramming methods used todesign code, sodifficult to repairinfected file.
Armored Virus Hides modifications
ithas made tofiles or to thedisk. Reportsfalse values to programs asthey read files or data fromstorage
media.
CompanionVirus Creates newprogram insteadof modifying existing program. Contains allvirus code. Executed byshell, instead oforiginal program.
![Page 7: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/7.jpg)
• Rabbit : This malicious software replicates itself without limits. Depletes some or all the system’s resources.
Re-attacks the infected systems – difficult recovery.
Exhausts all the system’s resources such as CPU time, memory, disk space.
Depletion of resources thus denying user access to those resources.
![Page 8: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/8.jpg)
•Hoaxes : False alerts of spreading viruses.
e.g., sending chain letters.
message seems to be important to recipient, forwards it to other users – becomes a chain.
Exchanging large number of messages (in chain) floods the network resources – bandwidth wastage.
Blocks the systems on network – access denied due to heavy network traffic.
![Page 9: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/9.jpg)
• Trojan Horse : This is a malicious program with unexpected additional functionality. It includes harmful features of which the user is not aware.
Perform a different function than what these are advertised to do (some malicious action e.g., steal the passwords).
Neither self-replicating nor self-propagating. User assistance required for infection. Infects when user installs and executes infected
programs. Some types of trojan horses include Remote
Access Trojans (RAT), KeyLoggers, Password-Stealers (PSW), and logic bombs.
![Page 10: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/10.jpg)
Transmitting medium :1. spam or e-mail2. a downloaded file3. a disk from a trusted source4. a legitimate program with the Trojan
inside.
Trojan looks for your personal information and sends it to the Trojan writer (hacker). It can also allow the hacker to take full control of your system.
Different types of Trojan Horses :1. Remote access Trojan takes full control of your
system and passes it to the hacker.2. The data-sending Trojan sends data back to the
hacker by means of e-mail.e.g., Key-loggers – log and transmit each keystroke.
![Page 11: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/11.jpg)
3. The destructive Trojan has only one purpose: to destroy and delete files. Unlikely to be detected by anti-virus software.
4. The denial-of-service (DOS) attack Trojans combines computing power of all computers/systems it infects to launch an attack on another computer system. Floods the system with traffic, hence it crashes.
5. The proxy Trojans allows a hacker to turn user’s computer into HIS (Host Integration Server) server – to make purchases with stolen credit cards and run other organized criminal enterprises in particular user’s name.
6. The FTP Trojan opens port 21 (the port for FTP transfer) and lets the attacker connect to your computer using File Transfer Protocol (FTP).
![Page 12: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/12.jpg)
7. The security software disabler Trojan is designed to stop or kill security programs such as anti-virus software, firewalls, etc., without you knowing it.
• Spyware :
Spyware programs explore the files in an information system.
Information forwarded to an address specified in Spyware.
Spyware can also be used for investigation of software users or preparation of an attack.
![Page 13: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/13.jpg)
•Trapdoor : Secret undocumented entry point to the program.
An example of such feature is so called back door, which enables intrusion to the target by passing userauthentication methods.
A hole in the security of a system deliberately left in place by designers or maintainers.
Trapdoor allows unauthorized access to the system. Only purpose of a trap door is to "bypass" internal
controls. It is up to the attacker to determine how this circumvention of control can be utilized for his benefit.
![Page 14: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/14.jpg)
Types of Trapdoor
Undetectable Trapdoor
Virtually undetectable.
HardwareTrapdoor
Security-related hardware flaws.
![Page 15: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/15.jpg)
• Worms : program that spreads copies of itself through a
network. Does irrecoverable damage to the computer system. Stand-alone program, spreads only through network. Also performs various malicious activities other than
spreading itself to different systems e.g., deleting files.
Attacks of Worms:1. Deleting files and other malicious actions on systems.2. Communicate information back to attacker e.g.,
passwords, other proprietary information.3. Disrupt normal operation of system, thus denial of
service attack (DoS) – due to re-infecting infected system.
4. Worms may carry viruses with them.
![Page 16: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/16.jpg)
Means of spreading Infection by Worms :
• Infects one system, gain access to trusted host lists on infected system and spread to other hosts.
• Another method of infection is penetrating a system by guessing passwords.
• By exploiting widely known security holes, in case, password guessing and trusted host accessing fails.
e.g., A well-known example of a worm is the ILOVEYOU worm, which invaded millions of computers through e-mail in 2000.
![Page 17: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/17.jpg)
VIRUSES – More Description
Desirable properties of Viruses : Virus program should be hard to detect by
anti-virus software. Viruses should be hard to destroy or deactivate. Spread infection widely. Should be easy to create. Be able to re-infect. Should be machine / platform independent, so that
it can spread on different hosts.
![Page 18: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/18.jpg)
Detecting virus infected files/programs :
Virus infected file changes – gets bigger.
Modification detection by checksum :> Use cryptographic checksum/hash function e.g., SHA, MD5.> Add all 32-bit segments of a file and store the sum (i.e., checksum).
![Page 19: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/19.jpg)
Identifying Viruses : A virus is a unique program. It as a unique object code. It inserts in a deterministic manner. The pattern of object code and where it is inserted
provides a signature to the virus program. This virus signature can be used by virus scanners to
identify and detect a particular virus. Some viruses try to hide or alter their signature: • Random patterns in meaningless places. • Self modifying code – metamorphic, polymorphic
viruses.• Encrypt the code, change the key frequently.
![Page 20: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/20.jpg)
Places where viruses live :
Boot sector Memory resident Disk – Applications and data stored on disk. Libraries – stored procedures and classes. Compiler Debugger Virus checking program infected by virus – unable
to detect that particular virus signature.
![Page 21: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/21.jpg)
Effect of Virus attack on computer system
Virus may affect user’s data in memory – overwriting.
Virus may affect user’s program – overwriting.
Virus may also overwrite system’s data or programs – corrupting it – disrupts normal operation of system.
“Smashing the Stack” – Buffer overflow due to execution of program directed to virus code.
![Page 22: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/22.jpg)
Preventing infection by malicious software :
Use only trusted software, not pirated software. Test all new software on isolated computer system. Regularly take backup of the programs. Use anti-virus software to detect and remove viruses. Update virus database frequently to get new virus
signatures. Install firewall software, which hampers or prevents
the functionality of worms and Trojan horses. Make sure that the e-mail attachments are secure. Do not keep a floppy disk in the drive when starting a
program, unless sure that it does not include malicious software, else virus will be copied in the boot sector.
![Page 23: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/23.jpg)
References:• Webopedia.com. Trojan Horse. Retrieved Nov 8, 2003 from website:
http://www.webopedia.com/TERM/T/Trojan_horse.html
• Staffordshire University, Information & Security Team (Jun 8, 2002). Information Systems Security Guidelines. RetrievedNov 10, 2003 from website:
http://www.staffs.ac.uk/services/information_technology/regs/security7.shtm
• M.E.Kabay, Norwich University, VT (2002). Malicious Software. Retrieved Nov 9, 2003 from website:
http://www2.norwich.edu/mkabay/cyberwatch/09malware.htm
• Computer Emergency Response Team (CERT), Information Security (Jul 2, 2002). Malicious Software – general. Retrieved Nov 10, 2003 from
website: http://www.ficora.fi/englanti/tietoturva/haittaohj.htm
![Page 24: Malicious Software By Kavita Khanna ( kavita_jairath@yahoo ) & Himani Singh](https://reader031.fdocuments.net/reader031/viewer/2022013004/568134cf550346895d9bf7ea/html5/thumbnails/24.jpg)
References Cont...• Rutgers, New Jersey (Oct 10, 2003). Trojan Horses. Retrieved Nov 10,
2003 from website: http://netsecurity.rutgers.edu/trojan.htm
• Dr. Roger R. Schell, Monterey CA (Apr 24, 2000). Malicious Software.Retrieved Nov 11, 2003 from website: www.sp.nps.navy.mil
• Edward F. Gehringer. Computer Abuse – Worms, Trojan Horses, Viruses. Retrieved Nov 12, 2003 from website:http://legacy.eos.ncsu.edu/eos/info/computer_ethics/abuse/wvt/
study.html
• Bullguard.com Computer Viruses. Retrieved Nov12, 2003 from website:
http://www.bullguard.com/antivirus/vi_info.aspx
• Google.com. Program Security. Retrieved Nov 12, 2003 from website:http://www.sm.luth.se/csee/courses/smd/102/lek6-6.pdf.