MaliciousSoftware

IndexIntroductionTerminologiesCategoriesBackdoorsLogic BombTrojan HorseNimda attackImportant questions

Introduction

Malicious software also known commonly as malware refers to a more sophisticated type of threat to the computer system which are presented by programs that exploit vulnerabilities in computing systems.

More about MalwareMalware is a software

designed to cause damage to or use up the resources of a target computer

It is concealed within or masquerades as legitimate software

In some cases it spreads itself via email or infected floppy disks

TerminologiesVirus: malware that when

executed tries to replicate itself into another executable code , this code is said to be infected .when the infected code is executed the virus also executes.

Worm: a program that can run independently and propagate a working version of itself onto other hosts.

Mobile code: software that can be shipped to a collection of platforms and execute with identical semantics.

Auto-rooter: malicious hacker tools used to break into new machines remotely.

Kit : set of tools to generate virus automatically.

Spammer programs : used to send large volumes of unwanted emails.

Flooder : used to attack networked computer with a large volume of traffic to carry out a denial of service attack.

Root kit : set of tools used after attacker has broken into a system and gained root level control.

Zombie ,bot :program activated on infected machine that is further activated to launch attacks on other machines.

Spyware : software that collects information from a computer and transmits it into another system.

Adware : advertising that is integrated into software that can result in pop ups or redirection of a browser onto a commercial site.

Categories Of Malware

• Referred to as parasitic

• Essential fragments of programs which cannot exists independently

• Ex viruses ,logic bombs ,back doors

Needs a host

• Self contained programs that can be run on the o.s

• Ex worms , bot programs

Independent

..Also classified into

Activated by a trigger

Ex logic bombs ,back doors , bot programs

Do not replicat

e

When executed may produce one or more copies of itself and can be activated on same systemsEx viruses and worms

Do replicat

e

BackdoorsIt is a secret entry point into a

program that allows to gain access without going through usual security procedures . It is a threat when unscrupulous programmers use them for unauthorized access.

Programmers use backdoors legitimately to debug and test programs such a backdoor is called maintenance hook .This is usually done when programmers develop application that has an authorization procedure in it.

To secure the backdoor the security measures should focus on the program development and software update activities.

Logic BombsThis is one of the oldest type of

program threat .Logic bomb is basically a

program embedded into a software by an intruder ,which lies dormant until a predefined condition is met after which the program then triggers an unauthorized act.

Trojan horseIt is a program or a command procedure containing a hidden code that when invoked performs some unwanted or harmful function.

Trojan horse can be used to change the file permission for the file to be shared within many users.

It can be also used for destroying the file when it seems to be doing a particular task.

Nimda AttackReferred to as a simple worm , it uses

four distribution methods which are as follows:

Email: a user on a host opens an infected email attachment , nimda looks for email addresses on the host and sends copies of itself to these addresses.

Windows shares : it scans hosts for unsecured file shares and infects the files on that host , so as when a user runs an infected file , which will activate nimda on that host.

Web Servers : Nimda scans web serves and if it finds a vulnerable server ,it attempts to transfer a copy of itself and infect it.

Web Clients : if a vulnerable web client visits a web server that has been infected by Nimda the workstation of the web client will become infected.

Important QuestionsWhat is malicious software ?

What are the categories of malicious software?

Define : virus , worm , bot programs ,mobile code ,flooder , root kit , spyware , adware.

Write short notes on backdoors , logic bomb , trojan horse.

Explain in detail nimda attack.

The endThank You

Referred from operating systems internals and design principles by William Stallings(sixth edition)Page no.(647-651)

-By Rusha Lawande 411127