Malicious software(Malware)

1

Malicious Software

PresentedBy

Md Asif Iqbaal Ovee

(aasifiqbaal2@gmail.com)ID: 122-15-1863

Dept. of CSE2

Malicious Software –“Presentation Outline”• What is malicious software?• Categories of malicious software.• Trapdoor/Backdoor• Logic bomb• Trojan Horse• Virus• Worm• Summery• References.

3

Malicious Software?Malware software(Malware) is a software that is

included or inserted in a system for harmful purposes.OR

A malware is a set of instruction that run on your computer and make your system do something that an attacker wants it to do.

4

Taxonomy of Malicious Programs

5

Backdoor or Trapdoor• Software that allows access to a computer system

bypassing the normal authentication procedures. For example– A special username and password hard-coded into the

login program

• Such backdoors may be inserted by viruses, worms, Trojan horses or spyware.– A service listening on a particular IP port for remote

instructions (e.g., Back Orifice)

6

Rootkit• After installing the backdoor, the cracker wishes to

avoid being undetected or removed by routine maintainance of the system. For that, she uses a rootkit.

• A rootkit is a set of modified versions of the usual utilities for administering the system, such as:– List all processes (unix: ps)– List logged–in users (unix: w, who)– List files (unix: ls)– Change passwords (unix: passwd)– Logging utilities

7

Logic Bomb• one of oldest types of malicious software• code embedded in legitimate program• activated when specified conditions met

eg presence/absence of some fileparticular date/timeparticular user

• when triggered typically damage systemmodify/delete files/disks, halt machine, etc

8

Trojan Horse• program with hidden side-effects • which is usually superficially attractive

eg game, s/w upgrade etc

• when run performs some additional tasks

allows attacker to indirectly gain access they do not have directly

• often used to propagate a virus/worm or install a backdoor• or simply to destroy data

9

Pop-Up Example

Trojan Horse..• Transmitting medium :

spam or e-maila downloaded filea disk from a trusted sourceA legitimate program with the Trojan inside.

• Trojan looks for your personal information and sends it to the Trojan writer (hacker). It can also allow the hacker to take full control of your system.

10

Virusespiece of software that infects programs

modifying them to include a copy of the virusso it executes secretly when host program is run

specific to operating system and hardwaretaking advantage of their details and weaknesses

a typical virus goes through phases of:• Dormant phase: idle• Propagation phase• Triggering phase: the virus is activated to:• Execution phase: perform the payload functions

11

Virus Structurecomponents:

infection mechanism - enables replicationtrigger - event that makes payload activatepayload - what it does, malicious or benign

prepended / postpended / embedded when infected program invoked, executes virus

code then original program codecan block initial infection (difficult)or propogation (with access controls)

12

1. FILE INFECTORS VIRUSESa. Embedded in programb. Runs when program gets executedc. Loads in memoryd. Cycle continues through sharing file

2. BOOT-SECTOR VIRUSESa. Load viruses into memory b. Infect the boot sector on floppy disks and hard disks

3. MACRO VIRUSESa. Infects data filesb. Executed in embedded scriptsc. Inserts copies of itself into other documentsd. Spreads by sharing data files

13

Classes Of Viruses

14

Classes Of Viruses…

1. Large size of today's programs (executable)2. Operating systems now protect the boot sector

EXECUTABLE AND BOOT SECTOR VIRUSES ARE NOT VERY THREATENING ANY MORE

15

E-mail Viruses1.Melissa Virus (March 1999)

a. Embedded into Word documentb. When opened, sent to first 50 email addresses in address bookc. Included a friendly note making it look harmlessd. If opened by any of the recipients, sent to another

50 addresses of the current recipient

2.The ILOVEYOU Virus (May 2000)a. Attachment is a piece of codeb. When executed, sent itself to everyone in the address bookc. Corrupted files

E-mail viruses are the latest invention

Zombie & Botnet• Secretly takes over another networked computer

by exploiting software flows• Builds the compromised computers into a zombie

network or botnet=> a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure.

• Uses it to indirectly launch attacks• E.g., DDoS, phishing, spamming, cracking

16

Worms• A worm is self-replicating software designed to spread through the

network Typically, exploit security flaws in widely used services Can cause enormous damage

Launch DDOS attacks, install bot networks Access sensitive information Cause confusion by corrupting the sensitive information

• Worm vs Virus vs Trojan horse A virus is code embedded in a file or program Viruses and Trojan horses rely on human intervention Worms are self-contained and may spread autonomously

17

Worms…Means of spreading Infection by Worms :• Infects one system, gain access to trusted host lists on

infected system and spread to other hosts.

• Another method of infection is penetrating a system by guessing passwords.

• By exploiting widely known security holes, in case, password guessing and trusted host accessing fails. e.g., A well-known example of a worm is the ILOVEYOU worm, which invaded millions of computers through e-mail in 2000.

18

Summery• Knowing the different kinds of attacks • The goals of attackers • Can help you understand how better to defend

yourself.

19

References• http://www.seas.ucla.edu/security/malware.html• http://usa.kaspersky.com/internet-security-center/threats/

malicious-software#.Vmnk9Ep97IU• https://en.wikipedia.org/wiki/Cryptography• https://

www.techopedia.com/definition/4015/malicious-software-malware• http://spamlaws.com/history.html• http://en.wikipedia.org/wiki/Computer_virus#History

20

Thank You Everyone!

21