Embed Size (px)
Citation preview
1
Malicious Software –“Presentation Outline”• What is malicious software?• Categories of malicious software.• Trapdoor/Backdoor• Logic bomb• Trojan Horse• Virus• Worm• Summery• References.
3
Malicious Software?Malware software(Malware) is a software that is
included or inserted in a system for harmful purposes.OR
A malware is a set of instruction that run on your computer and make your system do something that an attacker wants it to do.
4
Taxonomy of Malicious Programs
5
Backdoor or Trapdoor• Software that allows access to a computer system
bypassing the normal authentication procedures. For example– A special username and password hard-coded into the
login program
• Such backdoors may be inserted by viruses, worms, Trojan horses or spyware.– A service listening on a particular IP port for remote
instructions (e.g., Back Orifice)
6
Rootkit• After installing the backdoor, the cracker wishes to
avoid being undetected or removed by routine maintainance of the system. For that, she uses a rootkit.
• A rootkit is a set of modified versions of the usual utilities for administering the system, such as:– List all processes (unix: ps)– List logged–in users (unix: w, who)– List files (unix: ls)– Change passwords (unix: passwd)– Logging utilities
7
Logic Bomb• one of oldest types of malicious software• code embedded in legitimate program• activated when specified conditions met
eg presence/absence of some fileparticular date/timeparticular user
• when triggered typically damage systemmodify/delete files/disks, halt machine, etc
8
Trojan Horse• program with hidden side-effects • which is usually superficially attractive
eg game, s/w upgrade etc
• when run performs some additional tasks
allows attacker to indirectly gain access they do not have directly
• often used to propagate a virus/worm or install a backdoor• or simply to destroy data
9
Pop-Up Example
Trojan Horse..• Transmitting medium :
spam or e-maila downloaded filea disk from a trusted sourceA legitimate program with the Trojan inside.
• Trojan looks for your personal information and sends it to the Trojan writer (hacker). It can also allow the hacker to take full control of your system.
10
Virusespiece of software that infects programs
modifying them to include a copy of the virusso it executes secretly when host program is run
specific to operating system and hardwaretaking advantage of their details and weaknesses
a typical virus goes through phases of:• Dormant phase: idle• Propagation phase• Triggering phase: the virus is activated to:• Execution phase: perform the payload functions
11
Virus Structurecomponents:
infection mechanism - enables replicationtrigger - event that makes payload activatepayload - what it does, malicious or benign
prepended / postpended / embedded when infected program invoked, executes virus
code then original program codecan block initial infection (difficult)or propogation (with access controls)
12
1. FILE INFECTORS VIRUSESa. Embedded in programb. Runs when program gets executedc. Loads in memoryd. Cycle continues through sharing file
2. BOOT-SECTOR VIRUSESa. Load viruses into memory b. Infect the boot sector on floppy disks and hard disks
3. MACRO VIRUSESa. Infects data filesb. Executed in embedded scriptsc. Inserts copies of itself into other documentsd. Spreads by sharing data files
13
Classes Of Viruses
14
Classes Of Viruses…
1. Large size of today's programs (executable)2. Operating systems now protect the boot sector
EXECUTABLE AND BOOT SECTOR VIRUSES ARE NOT VERY THREATENING ANY MORE
15
E-mail Viruses1.Melissa Virus (March 1999)
a. Embedded into Word documentb. When opened, sent to first 50 email addresses in address bookc. Included a friendly note making it look harmlessd. If opened by any of the recipients, sent to another
50 addresses of the current recipient
2.The ILOVEYOU Virus (May 2000)a. Attachment is a piece of codeb. When executed, sent itself to everyone in the address bookc. Corrupted files
E-mail viruses are the latest invention
Zombie & Botnet• Secretly takes over another networked computer
by exploiting software flows• Builds the compromised computers into a zombie
network or botnet=> a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure.
• Uses it to indirectly launch attacks• E.g., DDoS, phishing, spamming, cracking
16
Worms• A worm is self-replicating software designed to spread through the
network Typically, exploit security flaws in widely used services Can cause enormous damage
Launch DDOS attacks, install bot networks Access sensitive information Cause confusion by corrupting the sensitive information
• Worm vs Virus vs Trojan horse A virus is code embedded in a file or program Viruses and Trojan horses rely on human intervention Worms are self-contained and may spread autonomously
17
Worms…Means of spreading Infection by Worms :• Infects one system, gain access to trusted host lists on
infected system and spread to other hosts.
• Another method of infection is penetrating a system by guessing passwords.
• By exploiting widely known security holes, in case, password guessing and trusted host accessing fails. e.g., A well-known example of a worm is the ILOVEYOU worm, which invaded millions of computers through e-mail in 2000.
18
Summery• Knowing the different kinds of attacks • The goals of attackers • Can help you understand how better to defend
yourself.
19
References• http://www.seas.ucla.edu/security/malware.html• http://usa.kaspersky.com/internet-security-center/threats/
malicious-software#.Vmnk9Ep97IU• https://en.wikipedia.org/wiki/Cryptography• https://
www.techopedia.com/definition/4015/malicious-software-malware• http://spamlaws.com/history.html• http://en.wikipedia.org/wiki/Computer_virus#History
20
Thank You Everyone!
21
