CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.1 Malicious Logic.
Advertisements

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
By Hiranmayi Pai Neeraj Jain
Lecture 13 Malicious Software modified from slides of Lawrie Brown.
CS426Fall 2010/Lecture 151 Computer Security CS 426 Lecture 15 Malwares.
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.
Computer Viruses.
Introduction to Security Computer Networks Computer Networks Term B10.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Computer Security and Penetration Testing
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Chapter Nine Maintaining a Computer Part III: Malware.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Lecture 14 Page 1 CS 236 Online Worms Programs that seek to move from system to system –Making use of various vulnerabilities Other performs other malicious.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Everything you wanted to know about Computer Viruses.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
For any query mail to or BITS Pilani Lecture # 1.
CIS 442: Chapter 2 Viruses. Malewares Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware.
Brandon Resheske. What is Malware? Code designed to interfere with normal computer operation The correct general term, instead of ‘virus.’ Basically,
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Malicious Software.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Understand Malware LESSON Security Fundamentals.
W elcome to our Presentation. Presentation Topic Virus.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 3 Network Security Threats Chapter 4.
1 Computer Virus and Antivirus A presentation by Sumon chakreborty Roll no-91/CSE/ Reg.no of
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Computer safety Filip Hruby.
THIS IS A POWERPOINT PRESENTATION FOR THE TOPIC VIRUS SUBMITTED BY : ROHIT SHRESHTHA UNDER THE GUIDANCE OF MY FACULTY Mr. DATTATREYA JOSHI.
Botnets A collection of compromised machines
Malicious Software.
Viruses and Other Malicious Content
CIT 480: Securing Computer Systems
Botnets A collection of compromised machines
Chap 10 Malicious Software.
Malware CJ
Chap 10 Malicious Software.
Crisis and Aftermath Morris worm.
Malicious Program and Protection
Presentation transcript:

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware

CIT 380: Securing Computer SystemsSlide #2 Topic 1.Types of Malware 1.Trojan Horses 2.Viruses 3.Worms 4.Backdoors 5.Rootkits 2.Self-Protection Mechanisms. 3.Payloads. 4.Malware Interactions. 5.Detecting Malware. 6.Defending against Malware. 7.The changing Malware environment.

CIT 380: Securing Computer SystemsSlide #3 Types of Malware Trojan Horse Tricks user into executing malicious code. Virus When run by user, copies self into other files. Worm Copies self from computer to computer. Backdoors Leaves opening for attacker to gain access. Rootkits Hides attacker activities from system administrators.

CIT 380: Securing Computer SystemsSlide #4 What about Spyware? Malware by any other name… –Corporate malware. –Presents legal issues for anti-malware software.

CIT 380: Securing Computer SystemsSlide #5 Trojan Horse Program with both an overt and covert effect –Displays expected behavior when user executes. –Covert effect (executed with user’s privileges) violates security policy. Attacker: cat >ls cp /bin/sh /tmp/.xxsh chmod u+s,o+x /tmp/.xxsh rm./ls ls $* ^D Victim: ls

Postcard card.htmhttp:// card.htm

Viruses “Programs that modify other programs on a computer, inserting copies of themselves.” (Page 736) puting%29http://en.wikipedia.org/wiki/Virus_%28com puting%29

Worms “Programs that propagate from computer to computer on a network, without necessarily modifying other programs on the target machines.” mshttp://en.wikipedia.org/wiki/Computer_wor ms

Wildlist JS – Java Script VBS – Visual Basic Script Virus or Worm W32 – 32-bit malicious code that can infect all 32-bit Windows platforms

– W32.Blaster.Worm – p?docid= &tabid=2http:// p?docid= &tabid=2 –

Examples – riteup.jsp?docid= http:// riteup.jsp?docid= – riteup.jsp?docid= &tabid=1http:// riteup.jsp?docid= &tabid=1

Examples – /0,,sid14_gci ,00.htmlhttp://searchsecurity.techtarget.com/sDefinition /0,,sid14_gci ,00.html – riteup.jsp?docid= http:// riteup.jsp?docid=

CIT 380: Securing Computer SystemsSlide #13 Virus Self-replicating code –Propagating (replicating) Trojan horse. –Inserts (possibly evolved) copy into other files. Virus Pseudocode: If spread condition then Foreach target-file if not infected then copy virus to target-file Perform (malicious) action Execute normal code

CIT 380: Securing Computer SystemsSlide #14 Types of Viruses 1.Boot Sector –When system boots, code in boot sector executed. –Propagate by altering boot disk creation. –Uncommon today because of low use of boot floppies, but some Vista laptops shipped one.

CIT 380: Securing Computer SystemsSlide #15 Types of Viruses 2.Executable –Infects executable programs (e.g., COM, EXE). –Executes when infected program is run. –Virus usually runs first, then runs original code. 3.Dynamic Library –Infected dynamically linked libraries (DLLs.) –Executed when any program uses infected DLL.

CIT 380: Securing Computer SystemsSlide #16 Types of Viruses 4.Device Driver –Infects loadable device driver. –Executes in kernel mode. 5.Virtual Machine (.NET) –Infects.NET MSIL binaries. –Portable: compiled to native code by CLR. 6.Archive Infectors –Inserts Trojan horse into ZIP files. –Uses social engineering techniques to get user to run.

CIT 380: Securing Computer SystemsSlide #17 Types of Viruses 7.Macro Virus –Infects embedded interpreted code. –Needs interpreter like sh, MS Word macro. –Can infect executables or data files Executables must invoke appropriate interpreter. –Most modern data formats support some type of scripting, including Microsoft Office Windows Help files HTML: VBScript, JScript

CIT 380: Securing Computer SystemsSlide #18 Infection Methods 1.Overwriting –Overwrites program code with virus. –Breaks infected program. 2.Appending –Append virus code to executable. –Insert JMP at beginning of executable. 3.Prepending –Insert virus code at beginning of executable. –Shift original code to follow virus.

CIT 380: Securing Computer SystemsSlide #19 Infection Methods 4.Parasitic –Inserts virus code at beginning of executable. –Shifts beginning of program to end of file. 5.Cavity –Insert virus code into unused blocks of file. –Insert JMP at beginning of executable. 6.Fractionated Cavity –Fragment virus; inject into multiple cavities. –Loader reads fragments into continuous memory.

CIT 380: Securing Computer SystemsSlide #20 Infection Methods 7.Compressing –Compresses executable to make space. –Inserts virus and decompression code. 8.Fragmenting –Dynamically fragment virus. –Insert fragments by overwriting or shifting code. –Fragments JMP/CALL each other. 9.Companion –Infects COM file of same name as EXE file. –Infects alternate data stream of Win32 file.

CIT 380: Securing Computer SystemsSlide #21 In-Memory Strategies Direct Action –Virus runs only when infected code is run. Memory Resident –Remains active in memory after application terminates. –Interrupt hook (TSR) in DOS. –Kernel-mode rootkit techniques under modern OSes. –Can infect any program that runs after virus. –Example: Jerusalem Virus (Danube variant) Multipartite TSR virus. Infects all executables except command.com. Also infects boot sector. Deletes files on Friday the 13 th.

CIT 380: Securing Computer SystemsSlide #22 Worms Copies self from one computer to another Self-replicating: No user action required unlike virus or Trojan horse programs. Spreads via network protocols ex: SMTP ( ), fingerd, MS SQL

CIT 380: Securing Computer SystemsSlide #23 History of Worms Morris WormNov 1988Disabled most of Internet using multiple vectors. MelissaMar 1999MS Word macro virus spread via Outlook . Code RedAug 2001IIS Buffer overflow.

CIT 380: Securing Computer SystemsSlide #24 History of Worms Code GreenSep 2001Removed Code Red II and patched vulnerability. SlammerJan 2003SQL Server worm infected entire Internet <1 hr. SobigJun 2003Spam zombie botnet; RCI.

CIT 380: Securing Computer SystemsSlide #25 Worm Components 1.Vector 2.Propagation Engine 3.Target Selection 4.Scanning Engine 5.Payload

CIT 380: Securing Computer SystemsSlide #26 Vector Software to gain access to target host. Common vectors: –Buffer overflow exploits. –Network file sharing, both NFS/SMB and P2P. –Social-engineering via or IM. –Weak passwords. –Parasitism: target backdoors and worm flaws.

CIT 380: Securing Computer SystemsSlide #27 Propagation Engine Transfers worm to host exploited by vector. –Small worms like Slammer included in vector. Worm Propagation Methods: –FTP –HTTP –SMB –TFTP

CIT 380: Securing Computer SystemsSlide #28 Remote Control Interface RCI allows creator to control infected hosts. Many worms do not have a RCI. May be a well-known backdoor program. Common remote control features: Start/stop infecting new targets. Download new vectors. Download new target selectors. Download new payloads.

CIT 380: Securing Computer SystemsSlide #29 Target Selection Selecting targets for potential infection. address harvesting –Address books. –Parse disk files. –Search news groups. Network share enumeration –Check for filesystems shared with other systems..

Target Selection Network scanning –Target hosts on current network and connected nets. –Randomized scanning of Internet space. Web searching –Search Google for addresses or vulnerable software CIT 380: Securing Computer SystemsSlide #30

CIT 380: Securing Computer SystemsSlide #31 Scanning Engine Check targets for vulnerabilities. –If vector small, scanning can be skipped. Scan for vulnerable services. –Like targeted nmap port scan. OS Check –Check for correct OS for vector to work. Version checking. –Check version of target software. –May customize vector based on information.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.