Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Similar presentations


Presentation on theme: "Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading."— Presentation transcript:

1 Lecture: Malicious Code CIS 3360 Ratan K. Guha

2 Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading Assignments: Chapter 4

3 Malicious Code3 Malicious Logic Set of instructions that cause site security policy to be violated

4 Malicious Code4 A broad term used to describe computer programs that are created to inflict harm to computer system. The terms also includes programs that are annoying and intrusive in general. The term includes: viruses, worms, trojan horses, spyware, ad-ware etc. Malware – (“malicious” + “software”)

5 Malware Terminology Virus Worm Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Auto-rooter Kit (virus generator) Spammer and Flooder programs Keyloggers Rootkit Zombie, bot

6 Types of Malicious Code Viruses Recursively replicates a possibly evolved copy of itself by including a header or footer stub in the bodies of healthy programs. Infect host file or system area First described by Fred Cohen in Whenever an infected program is launched, the stub is executed first which carries out malicious activity before allowing the program to execute. Cannot spread to other computers on their own. 6Malicious Code

7 7 Elk Cloner First known computer virus written around 1982 by a 15- year-old high school student named Rich Skrenta for Apple II systems. [Wikipedia] Message displayed 50th system boots: “Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes it's Cloner! It will stick to you like glue It will modify ram too Send in the Cloner!”

8 Types of Malicious Code Worm Network viruses replicating on networks Copies itself from computer to computer Execute itself automatically on a remote machine without any extra help from a user Typically standalone programs without a host program More categories Mailers and mass mailer worms: send themselves in an Octopus: exists as a set of programs on more than one computer on a network likely to be more prevalent in the future Rabbits: exists as a single copy of itself at any point in time as it jumps around on networked hosts Malicious Code8

9 9 Morris Worm First known worm - November 2, 1988 Author - Robert Tappan Morris Infected BSD Unix systems Son of Robert Morris, the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA). Morris received his Ph.D. in computer science from Harvard University in 1999 and is a professor at MIT.  Source : WikipediaWikipedia Robert Morris is the first person convicted under the 1986 Computer Fraud and Abuse Act

10 Malicious Code10 Some Well Known Worms…. Brain Took 5 years to do $50 million damage Melissa, March 1999 Word 97, Word 2000: $300 million in damages Approximately 4 days, 150,000 systems infected ILOVEYOU, May 2000 Outlook: As much as $10 billion in damages Approximately 24 hours, 500,000 systems infected Code Red I IIS flaws, with fixes published months earlier 360,000 systems in 14 hours, several billion in damages Sapphire Worm Saturday, January Exploit: UDP Buffer Overflow, Microsoft SQL Server (Not malicious) Due to large numbers of scans, large sections of backbone providers shut down Time to 90% infection of vulnerable hosts: 10 Minutes

11 Malicious Code11 Model of Spreading of Worms N: total number of vulnerable hosts I(t): number of infected hosts at time t S(t): number of susceptible hosts at time t where we say that a host is susceptible if it is vulnerable but not infected yet β: infection rate, which is a constant associated with the speed of propagation of the worm Model: I(0) = 1 ; at time 0 1 host was infected S(0) = N – 1 ; number of susceptible host at time 0 I(t + 1) = I(t) + β x I(t) x S(t) S(t + 1) = N – I(t + 1)

12 Malicious Code12 Spreading of Worms - Example

13 Types of Malicious Code Logic bombs ( pp ) A programmed malfunction of a legitimate application Trojan Horse Trick user into executing malicious code that performs malicious activities More categories Backdoor (Trapdoors): Allows remote connections to systems Password-stealing Trojans 13Malicious Code

14 Types of Malicious Code Injectors Install virus code in memory Rootkits Malware to help intruders gain access to systems while avoiding detection Malicious Code14 Facts: 97,467: the number of known computer viruses in existence (2005) 1,200: the number of new virus discovered every month

15 Malicious Code15 Monetary Losses


Download ppt "Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading."

Similar presentations


Ads by Google