Presentation is loading. Please wait.

Presentation is loading. Please wait.

Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.

Published byStella Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats."— Presentation transcript:

1 Logical Security threats

2 Logical security Protects computer-based data from software-based and communications- based threats.

3 Activity Least some of the logical security threats that you know ? Viruse, backdoors, bombs, Worms, Bots, Trojians’, spywares…… Generally, known as Malicious Software

4 programs exploiting system vulnerabilities. Also known as malware. Types: ◦ program fragments that need a host program  e.g. viruses, logic bombs, and backdoors ◦ independent self-contained programs  e.g. worms, bots ◦ replicating or not sophisticated threat to computer systems !

5 You must know ! In 1983, graduate student Fred Cohen first used the term virus in a paper describing a program that can spread by infecting other computers with copies of itself ! In 1986, The Brain virus was the first virus designed to infect personal computer systems. floppy disks ! ◦ by infecting floppy disks !

6 Viruses: intro. piece of software that infects programs(host) ◦ modifying them to include a copy of the virus ◦ so it executes secretly when host program is run Usually specific to operating system ◦ taking advantage of their details and weaknesses phases a typical virus goes through phases of: ◦ Dormant: idle (not found in all virus) ◦ Propagation: copy itself into other programs/disk areas ◦ Triggering: activated ( date, file, disk limit) ◦ Execution: perform the intended function(message, damage..

7 Activity Is their any similarity between computer and biological virus ? A biological virus is a shell filled with genetic material that injects into a living cell, infecting it. The cell then starts manufacturing copies of the virus. A computer virus behaves similarly. It injects its contents, which is a short computer program, into a host computer, thereby infecting it. When the computer executes the virus code, it replicates the code, and also performs a task, normally damaging files or another software component of the computer

8 Virus Structure components: ◦ Infect - enables replication ◦ Trigger - event that makes payload activate ◦ Payload - what it does prepended / postpended / embedded when infected program invoked, executes virus code then original program code

9 Virus Structure: pseudo-code

10 Virus Structure… Signatures –sequence of bits that can be used to accurately identify the presence of a particular virus. The code consists of three stages, ◦ activation/trigger, ◦ replication/infect, and ◦ Operation/payload

11 Virus Payload malicious “task” of a virus. performed when the triggering condition is satisfied. types : ◦ display a message, such as “Gotcha,” a political slogan, or a commercial advertisement ◦ read a certain sensitive or private file. Such a virus is in fact spyware. ◦ slow the computer down by monopolizing and exhausting limited resources. ◦ completely deny any services to the user.

12 Virus Payload… erase all the files on the host computer select some files at random and change several bits in each file, also at random. ◦ referred to as data diddling, may be more serious, because it results in problems that seem to be caused by hardware failures, not by a virus. One step beyond data diddling is random deletion of files random change of permissions. Produce sounds, animation.

13 Infection strategies two types : Nonresident viruses: ◦ search for other hosts that can be infected, ◦ infect those targets, ◦ transfers control to the infected program Resident viruses ◦ do not search for hosts when they are started. Instead, it loads itself into memory on execution and transfers control to the host program. ◦ The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself

14 Trigger Date or time Number of boots Generation counter of the virus Number of keypresses on the keyboard Amount of free space on the hard drive Amount of minutes the machine has been idle Name of an executed program Basically any event it the PC can be used as a trigger by a virus !.

15 Virus Classification By target boot sector: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. file infector: Infects executable files macro virus: Infects files with macro code that is interpreted by an application.

16 File infector :two types

17 Virus Classification By Hiding Methods encrypted virus: creates a random encryption key, stored with the virus, and encrypts the remainder of the virus. Then, the virus uses the stored random key to decrypt the virus. virus replicates, a different random key is selected. stealth virus: designed to hide itself from detection by antivirus software. By restoring the size, modification date, and checksum of the infected file

18 encrypted virus

19 stealth virus

20 Virus Classification…. Polymorphic virus: mutates and infects each new file as a different string of bits making detection by the “signature” of the virus impossible. Metamorphic virus: As with a polymorphic virus,a metamorphic virus mutates with every infection. The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection

21 Virus Classification…. A virus can modify itself and become a different string of bits simply by inserting several nop instructions in its code. A nop (no operation) is an instruction that does nothing.

22 Virus Classification…. Compression virus: In addition to mutating, a virus may hide itself in a compressed file in such a way that the bits with the virus part depend on the rest of the infected file and are therefore always different.

23 Compression Virus

24 E-Mail Viruses more recent development e.g. Melissa ◦ exploits MS Word macro in attached doc ◦ if attachment opened, macro activates ◦ sends email to all on users address list ◦ and does local damage then saw versions triggered reading email hence much faster propagation

25 Virus Countermeasures Anti-virus prevention - ideal solution but difficult realistically need: ◦ detection ◦ identification ◦ removal if detect but can’t identify or remove, must discard and replace infected program

26 Tail chasing effect The conclusion is that as many active processes as possible should be stopped before any attempt is made to clean viruses from a computer

27 Anti-Virus Evolution virus & antivirus tech have both evolved early viruses simple code, easily removed as become more complex, so must the countermeasures generations ◦ first - signature scanners ◦ second – heuristics rule (structure) ◦ third - identify actions ◦ fourth - combination packages

28 Propagation Using infected programs. the virus is executed every time the program is executed. Using interrupts that occurs each time an external disk drive or a DVD is inserted into a USB port. Once this interrupt occurs, the virus is executed as part of the interrupt-handling routine and it tries to infect the newly inserted volume. As an email attachment. Through infected softwares. useful program (a calculator, a nice clock, or a beautiful screen saver), embed a virus or a Trojan horse in it.

29 Usually Sharing: Each time users share a computing resource such as a disk, a file, or a library routine, there is the risk of infection

30 Worms, Trojans,…

31 Worms Self-replicating program, similar to virus, but is self-contained. Usually propagates over network. ◦ using email, remote exec, remote login by exploiting service vulnerabilities. It often creates denial of service

32 Worms … has phases like a virus: ◦ dormant, propagation, triggering, execution ◦ propagation phase: searches for other systems, connects to it, copies self to it and runs 1 st implemented by Xerox Palo Alto labs in 1980’s ◦ search for idle systems to use to run a computationally intensive task.

33 What makes it different ? A virus propagates when users send email, launch programs, or carry storage media between computers. A worm propagates itself throughout the Internet by exploiting security weaknesses in applications and protocols we all use. Has the highest speed of propagation.

34 Worm Propagation Model

35

36 Worm damages future worms may pose a threat to the Internet, to E-commerce, and to computer communications and this threat may be much greater and much more dangerous than that posed by other types of malicious software.

37 Worm damage scenarios Worm that has infected several million computers on the Internet may have the potential for a global catastrophe. ◦ could launch vast DoS attacks. That can bring down not only E-commerce sites, but sensitive military sites or the root domain name servers of the Internet.

38 Morris Worm one of best know worms released by Robert Morris in 1988 various attacks on UNIX systems ◦ discover other hosts ◦ cracking password file to use login/password to logon to other systems ◦ exploiting a bug in the finger protocol ◦ exploiting a bug in sendmail. if succeed have remote shell access ◦ sent bootstrap program to copy worm over

39 Other Worm Attacks Code Red: July 2001 ◦ exploiting Microsoft Internet Information Server (IIS) bug to penetrate and spread ◦ probes random IP address ◦ does DDoS attack ◦ activities and reactivates periodically ◦ consumes significant net capacity when active ◦ infected nearly 360,000 servers in 14 hours Code Red II variant includes backdoor ◦ allowing a hacker to direct activities of victim computers

40 Other Worm Attacks SQL Slammer: early 2003 ◦ attacks MS SQL Server ◦ compact and very rapid spread Mydoom: 2004 ◦ mass-mailing e-mail worm ◦ installed remote access backdoor in infected systems 100 million infected messages in 36hrs ◦ flooded the Internet with 100 million infected messages in 36hrs

41 Mobile Phone Worms first appeared on mobile phones in 2004 ◦ target smartphone which can install software they communicate via Bluetooth or MMS disable phone, delete data on phone, or send premium-priced messages E.g. CommWarrior, launched in 2005 ◦ replicates using Bluetooth to nearby phones ◦ and via MMS using address-book numbers ◦ copies itself to the removable memory card

42 Recent Malware attack

43 Worm Technology Present highest level of development Multiplatform: not only windows multi-exploit: browsers, e-mail, servers ultrafast spreading: prior Internet IP scan Polymorphic: different codes per attack Metamorphic: different behavior patterns transport vehicles: for other malwares zero-day exploit : unknown vulnerability

44 Worm Countermeasures anti-virus worms also cause significant net activity worm defense approaches include: ◦ signature-based worm scan filtering ◦ filter-based worm containment: content/code ◦ payload-classification-based worm containment anomaly  examine packets using anomaly detection techniques ◦ threshold random walk scan detection randomness  exploits randomness in picking destinations to connect ◦ rate limiting and rate halting  limits the rate of scanlike traffic from an infected host  immediately blocks outgoing traffic when a threshold is exceeded

45 Trojan Horse apparently useful, program with hidden side- effects which is usually superficially attractive ◦ E.g. game, software upgrade, screen saver etc when run performs some additional tasks Usually designed primarily to give hackers access to system often used to propagate a virus/worm or install a backdoor or simply to destroy data

46

47 Damages Download files to the infected computer. Make registry changes to the infected computer. Delete files on the infected computer. Disable a keyboard, mouse, or other peripherals. Shut down or reboot the infected computer. Run selected applications or terminate open applications. Disable virus protection or other computer security software

48 48 Other types Back doors/Trap doors ◦ It is a program that allows attackers to access a system, bypassing the normal authentication mechanisms Bomb ◦ It is a program which lies dormant until a particulate date/time or a program logic is activated ◦ Logic bomb or Time bomb

49 49 Types of Malware… Spywares ◦ are programs, cookies, or registry entries that track your activity and send that data off to someone who collects this data for their own purposes ◦ The type of information stolen varies considerably  email login details  IP and DNS addresses of the computer  users’ Internet habits  bank details used to access accounts or make online purchases etc…

50 50 Types of Malware… Adware ◦ is software that is installed on your computer to show you advertisements ◦ These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, or placed on top of ads in web sites, etc Key logger ◦ is a program that captures and records user keystrokes ◦ E.g. whenever a user enters a password, bank account numbers, credit card number, or other information, the program logs the keystroke ◦ The keystrokes are often sent over the Internet to the hacker

51 51 Types of Malware… Dialers ◦ are programs that set up your modem connection to connect to the Internet often to charge illicit phone usage fees ◦ are targeted to users of dial up internet services Spam ◦ is unsolicited bulk e-mail which is sent in massive quantities to unsuspecting Internet email users. ◦ Most spam tries to  Sell products and services. ◦ A more dangerous category of spam tries to  Convince the recipient to share their bank account numbers, credit card numbers, or logins & passwords to their online banking systems/services ◦ It is also used for phishing and to spread malicious code

52 52 Types of Malware… Rootkit ◦ is a set of tools and utilities that a hacker can use to maintain access once they have hacked a system. ◦ The rootkit tools allow them conceal their actions by hiding their files and processes and erasing their activity Bot/Zombie ◦ These are small programs that are inserted on computers by attackers to allow them to control the system remotely without the user’s consent or knowledge ◦ Botnets :groups of computers infected by bots and controlled remotely by the owner of the bots ◦ Computers that are infected with a bot are generally referred to as zombies

53 53 Types of Malware… Exploit ◦ it a piece of software, a command, or a methodology that attacks particular security vulnerability ◦ takes advantage of a particular weakness e.g. OS, application programs Phishing ◦ is not an application. It's the process of attempting to acquire sensitive user information with fake websites. ◦ It's an example of social engineering techniques used to fool users ◦ Common targets for phishing  Online payment systems such as e-bank, e-commerce are

54 Home work Read about the following topics : ◦ Famous virus attacks ◦ Virus writers ◦ Self replicating programs (Quines) ◦ Different types of virus naming. ◦ CPU interrupts ◦ Multiple-threat malwares ◦ Registry files ◦ GD Scanners

Download ppt "Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Lecture 13 Malicious Software modified from slides of Lawrie Brown.

Lecture 13 Malicious Software modified from slides of Lawrie Brown.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.

Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Cryptography and Network Security Chapter 21

Cryptography and Network Security Chapter 21
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
Malicious Software Malicious Software Han Zhang & Ruochen Sun.

Malicious Software Malicious Software Han Zhang & Ruochen Sun.
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Malicious Software.

1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Similar presentations

Ads by Google