16
Malicious Software

Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Embed Size (px)

Citation preview

Page 1: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

MaliciousSoftware

Page 2: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

IndexIntroductionTerminologiesCategoriesBackdoorsLogic BombTrojan HorseNimda attackImportant questions

Page 3: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Introduction

Malicious software also known commonly as malware refers to a more sophisticated type of threat to the computer system which are presented by programs that exploit vulnerabilities in computing systems.

Page 4: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

More about MalwareMalware is a software

designed to cause damage to or use up the resources of a target computer

It is concealed within or masquerades as legitimate software

In some cases it spreads itself via email or infected floppy disks

Page 5: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

TerminologiesVirus: malware that when

executed tries to replicate itself into another executable code , this code is said to be infected .when the infected code is executed the virus also executes.

Worm: a program that can run independently and propagate a working version of itself onto other hosts.

Page 6: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Mobile code: software that can be shipped to a collection of platforms and execute with identical semantics.

Auto-rooter: malicious hacker tools used to break into new machines remotely.

Kit : set of tools to generate virus automatically.

Spammer programs : used to send large volumes of unwanted emails.

Flooder : used to attack networked computer with a large volume of traffic to carry out a denial of service attack.

Page 7: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Root kit : set of tools used after attacker has broken into a system and gained root level control.

Zombie ,bot :program activated on infected machine that is further activated to launch attacks on other machines.

Spyware : software that collects information from a computer and transmits it into another system.

Adware : advertising that is integrated into software that can result in pop ups or redirection of a browser onto a commercial site.

Page 8: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Categories Of Malware

• Referred to as parasitic

• Essential fragments of programs which cannot exists independently

• Ex viruses ,logic bombs ,back doors

Needs a host

• Self contained programs that can be run on the o.s

• Ex worms , bot programs

Independent

Page 9: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

..Also classified into

Activated by a trigger

Ex logic bombs ,back doors , bot programs

Do not replicat

e

When executed may produce one or more copies of itself and can be activated on same systemsEx viruses and worms

Do replicat

e

Page 10: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

BackdoorsIt is a secret entry point into a

program that allows to gain access without going through usual security procedures . It is a threat when unscrupulous programmers use them for unauthorized access.

Programmers use backdoors legitimately to debug and test programs such a backdoor is called maintenance hook .This is usually done when programmers develop application that has an authorization procedure in it.

To secure the backdoor the security measures should focus on the program development and software update activities.

Page 11: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Logic BombsThis is one of the oldest type of

program threat .Logic bomb is basically a

program embedded into a software by an intruder ,which lies dormant until a predefined condition is met after which the program then triggers an unauthorized act.

Page 12: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Trojan horseIt is a program or a command procedure containing a hidden code that when invoked performs some unwanted or harmful function.

Trojan horse can be used to change the file permission for the file to be shared within many users.

It can be also used for destroying the file when it seems to be doing a particular task.

Page 13: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Nimda AttackReferred to as a simple worm , it uses

four distribution methods which are as follows:

Email: a user on a host opens an infected email attachment , nimda looks for email addresses on the host and sends copies of itself to these addresses.

Windows shares : it scans hosts for unsecured file shares and infects the files on that host , so as when a user runs an infected file , which will activate nimda on that host.

Page 14: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Web Servers : Nimda scans web serves and if it finds a vulnerable server ,it attempts to transfer a copy of itself and infect it.

Web Clients : if a vulnerable web client visits a web server that has been infected by Nimda the workstation of the web client will become infected.

Page 15: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

Important QuestionsWhat is malicious software ?

What are the categories of malicious software?

Define : virus , worm , bot programs ,mobile code ,flooder , root kit , spyware , adware.

Write short notes on backdoors , logic bomb , trojan horse.

Explain in detail nimda attack.

Page 16: Malicious Software Index Introduction Terminologies Categories Backdoors Logic Bomb Trojan Horse Nimda attack Important questions

The endThank You

Referred from operating systems internals and design principles by William Stallings(sixth edition)Page no.(647-651)

-By Rusha Lawande 411127