________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

Slides:

Advertisements

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Advertisements

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

Lecturer: Fadwa Tlaelan

Chapter 3 (Part 1) Network Security

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 5 Program Security  MModified by :Ahmad Al Ghoul  PPhiladelphia University.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

Unit 18 Data Security 1.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Video Following is a video of what can happen if you don’t update your security settings! security.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Computer Viruses Preetha Annamalai Niranjan Potnis.

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.

 a crime committed on a computer network, esp. the Internet.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 Higher Computing Topic 8: Supporting Software Updated

Information Technology Software. SYSTEM SOFTWARE.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

CSCE 522 Lecture 12 Program Security Malicious Code.

Week 6 - Wednesday.  What did we talk about last time?  Exam 1  Before that?  Program security  Non-malicious flaws.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.

30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.

CSCE 522 Lecture 12 Program Security Malicious Code.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Program Security Malicious Code Program Security Malicious Code.

Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.

ITD 2323 Lesson 3 – Viruses and other Malicious Codes Prepared by Izwan Suhadak Ishak Lecturer FITM, UNISEL.

CONTENTS What is Virus ? Types of computer viruses.

Malicious Software.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,

1 Security in Computing Module 1 Introduction. What Is Security? “The quality or state of being secure—to be free from danger” 2.

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.

Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )

Britanny polca Objectives: * Identify what Malicious code is * Know the categories of Malicious code * Introduce you to the parts of Malicious software.

COMPUTERVIRUSES MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor.

CHAPTER 3 PROGRAM SECURITY.

Viruses and Other Malicious Content

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Chap 10 Malicious Software.

Program Security Jagdish S. Gangolly School of Business

UNIT 18 Data Security 1.

Chapter 22: Malicious Logic

Chap 10 Malicious Software.

Malicious Program and Protection

Presentation transcript:

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself] to other non-malicious programs by modifying them. Malicious code runs under the authority of the user running the infected program. It can lie dormant, undetected until some event triggers the code to act. It must be activated by being executed before it can spread. Malicious people can make code (programs) serve as a vehicle to violate security (confidentiality, integrity, and availability). Program flaws can be exploited to achieve these ends.

________________ CS3235, Nov 2002 Viruses Infected program uninfected infected

________________ CS3235, Nov 2002 Types of Infection Infect a program to gain control before its first instruction. Infect to gain control before and after program execution. Instead of overwriting a program, change the file system meta data to point to itself. Infect the boot sector. –Enables virus to gain control very early in the boot process. Look at /usr/share/doc/lilo-*/doc/Technical_Guide.ps for the boot process. –Complicates detection. Infect system files used in the boot process. –CONFIG.SYS, AUTOEXEC.BAT, /etc/rc.d/…, /lib/modules… Infect main memory –TSR

________________ CS3235, Nov 2002 Detection & Propagation of Viruses A virus cannot be completely invisible. Virus code must be stored somewhere and be in memory to execute. Each characteristic is a telltale pattern called a signature. On infection, the virus may change the “host” file’s size, mtime, hash value etc. (Tripwire can detect such changes) Polymorphic viruses can change infection to avoid detection. –Add harmless instructions such as NOP, a := a + 0 –Encrypt code Testing whether an arbitrary program is a virus is undecidable. –Static analysis for viruses not possible (in general).

________________ CS3235, Nov 2002 Preventing & Guarding against Virus Infection Don’t share executable code with an infected source. Use only commercial software acquired from reliable, well established vendors. –Not a guarantee but vendors have a reputation to protect. Test all new software on an isolated computer. –Test without hard disk, network connectivity etc., and look for unexpected behavior. Make a bootable diskette of the OS + key utilities. Make and retain backup copies of executable system files. Use virus detectors regularly.

________________ CS3235, Nov 2002 Truths and Misconceptions about Viruses Viruses can infect systems other than PCs/Windows. –PS files, Shell scripts etc. Viruses can modify “hidden” or read-only files. –Only a software notion that can be overridden. Viruses can appear in data files. Viruses can be spread in ways other than just diskettes. Viruses cannot remain in memory after a complete power off/power on reboot. Viruses cannot infect hardware. Viruses can be malevolent, benign, or benevolent. –Compression virus.

________________ CS3235, Nov 2002 The Pakistani Brain Virus Boot sector virus. –Takes over the boot sector + six other sectors. –One for original boot block + 2 for itself. The rest are duplicates. Takes over the disk read “interrupt”. –Permits the virus to return the original boot block if requested. Inspects the boot sector for infection on every read.

________________ CS3235, Nov 2002 Trapdoors A trapdoor is a secret, undocumented entry point into software/hardware. –Intentional. For debugging, tracing, fixing, extending software. –Unintentional. Resulting from software errors. –Undefined opcodes in machine instructions. Example: sendmail debug. –

________________ CS3235, Nov 2002 Kinds of Malicious Code Virus. Attaches itself to executable content and propagates copies of itself to other executable content. May be good or bad. (transient or resident) Trojan Horse, Logic bomb, Time bomb. No propagation. Contain unexpected additional functionality. Trigger on logic (condition), time etc. Trapdoor. Allows access to functionality. [sendmail debug] Worm. Capable of independent self existence. Usually peripatetic. Rabbit. Replicates itself to resource exhaustion. [while(1) fork;]

________________ CS3235, Nov 2002 Salami Attacks A small amount of money is shaved from each computation. Number computations are subject to small errors involving rounding and truncation. For e.g., Interest on $ for % = $ Programs are too large and complex to be audited for salami attacks.