Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Richard Ford  Szor 5.2.5  A.k.a. Stealth Viruses  “How viruses hide”

Published byStephanie Patience Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Richard Ford  Szor 5.2.5  A.k.a. Stealth Viruses  “How viruses hide”"— Presentation transcript:

1 Dr. Richard Ford rford@fit.edu

2  Szor 5.2.5  A.k.a. Stealth Viruses  “How viruses hide”

3  Loosely, it’s trying to hide from your attacker  In the same way as we use in “normal” language  http://www.youtube.com/watch?v=Do6hTwZ6Un 8 http://www.youtube.com/watch?v=Do6hTwZ6Un 8

4  Passive stealth might be not changing external attributes  Active stealth requires the virus to take an “active” role in the process

5  Hiding in plain sight  Basically, Windows has so many different places to hide code, sometimes you don’t need to hide it, just bury it

6

7  Semi-stealth: just hide the changes to the file length  Quite easy – look at the power of the DOS and Windows API  Requires a virus to be memory-resident

8  Can use code like Detours to hook the IAT  Very flexible technique, which can be used completely transparently!

9  Return the “real” body of the file on reads/seeks  Requires the virus to intercept calls to reads and can cause problems on writes

10  FRODO  Problem: if the stealth is perfect…  Can even go to Cluster and Sector-level stealth

11  Drawback of hooking Int 13h?  Right!  So… can hook Int 76h instead. Sneaky, eh?  Also, could play with microcode

12  Polymorphism

Download ppt "Dr. Richard Ford  Szor 5.2.5  A.k.a. Stealth Viruses  “How viruses hide”"

Similar presentations

CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.

CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.
For(int i = 1; i

For(int i = 1; i
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
DATA STRUCTURES Lecture: Interfaces Slides adapted from Prof. Steven Roehrig.

DATA STRUCTURES Lecture: Interfaces Slides adapted from Prof. Steven Roehrig.
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
Dr. Richard Ford  Szor 7  Another way viruses try to evade scanners.

Dr. Richard Ford  Szor 7  Another way viruses try to evade scanners.
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
Ch 7-1 Working with workgroups-1. Objectives Working with workgroups Creating a workgroup Determining whether to use centralized or group sharing.

Ch 7-1 Working with workgroups-1. Objectives Working with workgroups Creating a workgroup Determining whether to use centralized or group sharing.
I Can Learn From Losing! Introduce the lesson: Ask students what they know about losing – how it feels, when it happened to them, etc. List on whiteboard/chalkboard/easel.

I Can Learn From Losing! Introduce the lesson: Ask students what they know about losing – how it feels, when it happened to them, etc. List on whiteboard/chalkboard/easel.
Chapter 25 GRASP: More Objects with Responsibilities 1CS6359 Fall 2011 John Cole.

Chapter 25 GRASP: More Objects with Responsibilities 1CS6359 Fall 2011 John Cole.
1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.

1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.
THE OBJECT-ORIENTED DESIGN WORKFLOW Interfaces & Subsystems.

THE OBJECT-ORIENTED DESIGN WORKFLOW Interfaces & Subsystems.
C Module System C and Data Structures Baojian Hua

C Module System C and Data Structures Baojian Hua
Rootkits: Sneaky, Stealthy Toolboxes

Rootkits: Sneaky, Stealthy Toolboxes
Slide 1 By: Date: 09/03/2003 Info Security Writing and Rootkits.

Slide 1 By: Date: 09/03/2003 Info Security Writing and Rootkits.
Portability CPSC 315 – Programming Studio Spring 2008 Material from The Practice of Programming, by Pike and Kernighan.

Portability CPSC 315 – Programming Studio Spring 2008 Material from The Practice of Programming, by Pike and Kernighan.
Getting Started Applications of Computer Programming in Earth Sciences Instructor: Dr. Cheng-Chien LiuCheng-Chien Liu Department of Earth Sciences National.

Getting Started Applications of Computer Programming in Earth Sciences Instructor: Dr. Cheng-Chien LiuCheng-Chien Liu Department of Earth Sciences National.
High Performance Faceted Interfaces Using S2S Eric Rozell, Tetherless World Constellation.

High Performance Faceted Interfaces Using S2S Eric Rozell, Tetherless World Constellation.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

Similar presentations

Ads by Google