Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 7 Security Problems and Virus 2 Contents u How things go wrong u Change in environment u Bound and syntax checking u Convenient but dangerous.

Published byBaldric Campbell Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Lecture 7 Security Problems and Virus 2 Contents u How things go wrong u Change in environment u Bound and syntax checking u Convenient but dangerous."— Presentation transcript:

1

2 1 Lecture 7 Security Problems and Virus

3 2 Contents u How things go wrong u Change in environment u Bound and syntax checking u Convenient but dangerous design features u Escapes from controlled invocation u By pass at a lower layer u Flaws in protocol implementation u Virus u What is a Computer Virus? u Virus Effects u Virus Infections u Virus Components u Virus Types

4 3 The Mad Hacker u Occurred in 1987, OS was VME/B u For backups, there existed a user that owned all file descriptors u This user had no restrictions --- a bug allowed flaw to be exploited u VME/B sys admin figured it out u Attacked many systems, deleted files, etc. u He left messages from “The Mad Hacker”

5 4 CTSS u CTSS an early time-sharing system u In a famous incident, the password file appears as message of day u How could this happen? u Only one “manager” at a time --- later changed to allow multiple managers u This led to unexpected problem…

6 5 CTSS  One SCRATCH file, two managers: Msg file Pwd file scratch

7 6 CTSS  One SCRATCH file, two managers: 1. First manager edits: SCRATCH = MSG Msg file Pwd file Msg file edit

8 7 CTSS  One SCRATCH file, two managers: 1. First manager edits: SCRATCH = MSG 2. Second manager edits: SCRATCH = PWD Msg file Pwd file edit

9 8 CTSS  One SCRATCH file, two managers: 1. First manager edits: SCRATCH = MSG 2. Second manager edits: SCRATCH = PWD 3. First manger saves: MSG = PWD Pwd file save

10 9 fingerd daemon bug u fingerd is a server that provides a network interface to the finger program This interface allows finger to display information about remote users. u UNIX fingerd did not check length of input u Buffer overflow u Morris Worm exploited this to open remote connection via TCP

11 10 VMS login u Buffer overflow in login u User could specify machine by Username/DEVICE =  Length of not checked u Buffer overflow u Could be exploited so that user could set their own privilege level

12 11 rlogin bug  Unix login login [[-p] [-h ]  Where -f forces login (no pwd)  Unix rlogin rlogin [-l ]  Uses login with first arg on  rlogin -l –froot machine results in login –froot machine

13 12 Sendmail “feature” u Sendmail debug option u Substitute commands for username in mail, executed on host by sendmail u Used to check remote configuration without bothering administrator u Debug option often left on u Exploited by Morris Worm

14 13 VAX/VMS bug  Access control info stored in Auth File Caller: Request Set Auth File (parameters) System: Open Auth File Read Caller’s Authorization if authorized then return(true); else return(false); u Problem? u File not closed

15 14 AS/400 machine language u System security levels 10,20,…,50 u Machine language programs not subject to security controls u Intended use to speed up programs u Attackers could write such code u AS/400 then attempted to detect “bad” commands u Attackers overwrote table for checking

16 15 at bug  Unix command at -f runs commands at  Request put into /usr/spool/atjobs  Bug: at does not check if is readable by user u Feature: spool directory readable by user who created entry  Result: at -f/etc/shadow gives access to password file

17 16 TCP authentication Alice Bob SYN, SEQ a SYN, ACK a+1, SEQ b ACK b+1, data Note: Initial sequence numbers are supposed to be unpredictable

18 17 TCP authentication attack Alice Bob Trudy 1. SYN, SEQ t (as Trudy) 2. SYN, ACK t+1, SEQ b1 3. SYN, SEQ t (as Alice) 4. SYN, ACK t, SEQ b2 5. ACK b2+1, data 5.

19 18 TCP authentication attack u Trudy cannot see what Bob sends, but she can send packets to server Bob, as Alice u Trudy must prevent Alice from receiving Bob’s packets (or Alice will terminate connection) u If password (or other authentication) required, this attack fails u If TCP is authentication, then attack succeeds u Bad idea to rely on TCP for authentication

20 19 What is a Computer Virus? u To be defined as a virus, a program must: u Replicate itself in order to carry out a mission. u Be dependent on a "host" to carry out the mission. u Create damage to the computer system "infected". u "A computer virus is an exact cybernetic analogy to its biological reference“ u There are more than 20,000 different computer viruses.

21 20 Simple Definition u A virus is a program which reproduces itself, hides in other computer code without permission and does nasty or undesirable things, not intended by its victim. u Computer viruses are malicious programs that infect a computer system causing various problems with its use. They replicate and attach themselves to programs in the system.

22 21 Virus Effects u Trivial, simply reproduces or displays messages. u Minor, alters or deletes infected files. u Moderate, wipes out entire disk drive. u Major, slowly corrupts data with pattern, making restoration difficult. u Severe, slowly corrupts data without pattern, making restoration impossible. u Unlimited, virus which discovers system administrator's password and mails it to one or more users, tempting them to use it for illegal purposes.

23 22 How Virus Infections Spread Virus Infections spread by: u Inserting a disk with an infected program and then starting the program. u Downloading an infected program from the Internet. u Being on a network with an infected computer. u Opening an infected e-mail attachment.

24 23 Virus Components u The Replication mechanism u allows virus to copy itself u The Protection mechanism u Hides virus from detection u The Trigger u Mechanism which will set off the payload u The Payload u Effect of the virus

25 24 Virus Types u Viruses are classified by the portion of the system they affect. There are five main types: u Boot Viruses u File Viruses u Multi-partite Viruses u Polymorphic Viruses u Macro Viruses

26 25 Boot Viruses u Infect the boot block on a floppy or hard disk. u Usually replaces the boot block with all or part of a virus program. u Most have trigger dates, when booted on that day severe damage will be done. u Virus loads into memory and infects other disks. u Execute each time the computer is started. u May lead to the destruction of all data. u Example is Michaelangelo - on March 6 (Michelangelo's birthday) garbage is written through entire drive.

27 26 BOOT Master Boot sector ROMDOS Boot sector IO.SYS AUTOEXEC.BAT MSDOS.SYS

28 27 Infection pattern with a boot virus Master Boot sector Viral Code Boot sector Master Boot sector

29 28 File Viruses (Parasitic) u Infect.EXE or.COM files. u Usually append the virus code to the file, new versions hide the virus. u Damage is done when program is run and the virus will attach to other files. u Attach themselves to program files. u Spread to other programs on the hard drive. u Are the most common type of virus. u Example is Friday the 13th - if the date matches Friday the 13th when the virus is executed, all.EXE files are deleted.

30 29 Multi-partite Viruses u Infect both boot blocks and executable files. u Combine the capabilities of boot viruses and file viruses. u Example is Tequila - will display graphics and text rather than running programs.

31 30 Polymorphic Viruses u Can infect the boot sector, files or both. u Is self-modifying, changes each time it infects a file or disk. u Very difficult to detect and remove. u Example is tremor which triggers 3 months after infection and displays "-M OMENT-OF-TERROR-IS-THE- BEGINNING-OF-LIFE-" with every warm boot.

32 31 Macro Viruses  Infect the automatic command capabilities of productivity software.  Attach themselves to the data files in word processing, spreadsheet, and database programs.  Spread when the data files are exchanged between users.  Carried in data files for Microsoft Word documents  Example is Concept - which will infect the global template and all files loaded from then on. Was distributed by Microsoft on a CD-ROM called Microsoft Windows 95 Software Compatibility Test.

33 32 Time Bombs u Are also called logic bombs. u Are harmless until a certain event or circumstance activates the program.

34 33 Computer Trojans u Computer Trojans are simply malicious computer programs disguised as something useful. The major difference between viruses and Trojans is that viruses reproduce, while a Trojan is just a one time program which executes its payload as soon as the Trojan is executed. Trojans are the most common way of bringing a virus into a system. A current example of a Trojan is a program called pkz300b.exe which disguises itself as an archiving utility, but when run it will delete your entire hard drive.

35 34 Computer Worms  Computer Worms are reproducing programs that run independantly and travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread. A virus is dependant upon a host file or boot sector, and the transfer of files between machines to spread, while a worm can run completely independently and spread of its own will through network connections. An example of a worm is the famous internet worm of 1988: Overnight the worm copied itself across the internet, infecting every Sun-3 and VAX system with so many copies of itself that the systems were unusable. Eventually several sites disconnected themselves from the internet to avoid reinfection.internet worm

36 35 Virus Prevention u Never use a "foreign" disk or CD-ROM without scanning it for viruses. u Always scan files downloaded from the internet or bulletin boards. u Never boot your PC from a floppy unless you are certain it is virus free. u Write protect your disks to prevent viruses from reproducing onto your disks. u Use licensed software from a reputable dealer. u Password protect your PC to prevent copying of files in your absence. u Make regular backup copies of all your work and system configurations. u Install and use anti-virus software regularly. u Update your anti-virus software regularly so it can detect new viruses.

37 36 Cryptographic Checksum u It is a standard integrity protection technique. u A checksum is computed for a clean version of a file to be protected. u The checksum is stored in a secure place. u Advantage: it does not need to know what the virus is u Disadvantage: it does not know what virus is. u Vulnerability: when the checksum is recomputed.

38 37 Antivirus Programs u Antivirus programs are called vaccines or virus checkers. u They use pattern-matching techniques to examine program files for patterns of virus code. u Two drawbacks: u They cannot find viruses not in their database. u They cannot find new viruses that alter themselves to evade detection. u Use antivirus programs that offer frequent updates and monitor system functions. u Check disks that were used on another system for viruses.

39 38 Summary u How things go wrong u Change in environment u Bound and syntax checking u Convenient but dangerous design features u Escapes from controlled invocation u By pass at a lower layer u Flaws in protocol implementation u Virus u What is a Computer Virus? u Virus Effects u Virus Infections u Virus Components u Virus Types

Download ppt "1 Lecture 7 Security Problems and Virus 2 Contents u How things go wrong u Change in environment u Bound and syntax checking u Convenient but dangerous."

Similar presentations

Viruses. Viruses, Trojans, Worms Virus - a program that attaches itself to a host, and copies itself onto new files/disks Macro viruses - small program.

Viruses. Viruses, Trojans, Worms Virus - a program that attaches itself to a host, and copies itself onto new files/disks Macro viruses - small program.
M. Guymon - Pleasant Grove High - Spring 2003 VIRUSES Computer Technology Day 21.

M. Guymon - Pleasant Grove High - Spring 2003 VIRUSES Computer Technology Day 21.
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Computer Viruses.

Computer Viruses.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
R. Stewart Fayetteville High School 2008- 2009 VIRUSES Computer Technology Day 21.

R. Stewart Fayetteville High School VIRUSES Computer Technology Day 21.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Created by Dragon Lee May-2003. Computer Virus What is computer virus? Computer virus refers to a program which damages computer systems and/or destroys.

Created by Dragon Lee May Computer Virus What is computer virus? Computer virus refers to a program which damages computer systems and/or destroys.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google