Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Code, and Computing Security

Published byBeverley Stanley Modified over 7 years ago

Similar presentations

Presentation on theme: "Malicious Code, and Computing Security"— Presentation transcript:

1 Malicious Code, and Computing Security
Dr. Theodore Cleveland University of Houston CIVE 1331 – Computing for Engineers Lecture_003A NEXT LECTURE: Powerpoint, EXCLE

2 Malicious Code Definition: computer programs that waste or steal resources. Types of Malicious Code: Viruses Trojan Horses Sniffer SpyWare Logic Bomb Notes: Compare Malicious Code to Bad Programming, which can happen completely by accident.

3 Trojan Horse(s) Definition: A destructive program that masquerades as a benign application. Do not self-replicate EXTREME CASE: One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer ORIGIN OF TERM “TROJAN HORSE” The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

4 Sniffer Definition: A program and/or device that monitors data traveling over a network On TCP/IP networks, where TCP/IP packets are sent, the program is often called a packet sniffer. DISCUSSION: Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. On TCP/IP networks, where they sniff packets, they're often called packet sniffers.

5 SpyWare Definition: A program that monitors, collects and transmits information without the user’s knowledge. Collects information by monitoring keystrokes, chat programs, word processors or by reading Browser cookies. Sends information back to author through internet connections. Usually created by advertising companies that sell information such as addresses, password and even credit card numbers Commonly packaged within peer-to-peer file swapping clients SpyWare: Also called adware, spyware is any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today. Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability. Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.

6 Spyware Eats network bandwidth Uses system resources
Often unstable and cause of system crashes or general system instability Licensing agreements that accompany some software packages sometimes warn user that a spyware program is bundled with in the software being installed

7 Logic Bomb or Time Bomb Definition: code added to software or operating system that lies dormant until a predetermined time or event when it becomes triggered. Behavior similar to viruses/trojan once activated. Examples of behavior: reformatting hard drive, corrupting data or altering data Definition of Slag: The vitreous mass left as a residue by the smelting of metallic ore : Also called slag code, programming code added to the software of an application or operating system that lies dormant until a predetermined period of time (i.e., a period of latency) or event occurs, triggering the code into action. Logic bombs typically are malicious in intent, acting in the same ways as a virus or Trojan horse once activated. In fact, viruses that are set to be released at a certain time are considered logic bombs. They can perform such actions as reformatting a hard drive and/or deleting, altering or corrupting data. In the past, viruses have typically been transported when files are copied to diskettes and transferred from computer to computer. The most recent strains of viruses are known as macro viruses and have mainly been found on word processors and spreadsheets, however these macro viruses are sure to begin appearing on other software applications. Macro viruses affect the performance of the software. The best guard against virus infection is to routinely scan your diskettes and hard disk with software programs specifically developed to scan and disinfect the viruses. Never load files from a diskette onto your home computer without scanning the diskette for viruses. There are a number of different types of software available both commercially and in the public domain. Since new strains of viruses are constantly being developed, it is extremely important that the virus software is routinely updated to detect and disinfect the new viruses.

8 Viruses Definition: An intentionally self-replicating piece of malicious code that requires a “host”. The term Virus is often used incorrectly to describe Trojan Horses or even spyware. Discuss: : A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs

9 Viruses (2) Author of Fprot anti-virus defines a virus as
Being able to create copies of itself Replication is intentional (not a side-effect) Some of the replicants are viruses by the same definition A virus has to attach itself to a “host” in the sense that execution of the host implies execution of the virus #1 distinguishes viruses from non-replicating malware, such as Trojans, ANSI bombs and logic Bombs. #2 distinguishes between viruses and programs such as DISKCOPY.COM that can replicate. #3 is needed to exclude certain "intended viruses", that attempt to replicate, but fail - they simply do not qualify as "real" viruses. #4 is necessary to distinguish between viruses and worms, which do not require a host.

10 Viruses(3) May transmit itself by Can infect a computer
Network File Systems Floppy disk, CDs (physical media) Can infect a computer Automatically (above) User invitation ( , web browser, etc.)

11 Boot Sector Viruses A BSV infects boot sectors on diskettes and/or hard disks. On diskettes, the boot sector normally contains code to load the operating system files. The BSV replaces the original boot sector with itself and stores the original boot sector somewhere else on the diskette or simply replaces it totally. When a computer is then later booted from this diskette, the virus takes control and hides in RAM. It will then load and execute the original boot sector, and from then on everything will be as usual. Except, of course, that every diskette inserted in the computer will be infected with the virus, unless it is write-protected. Most BSVs are also able to infect hard disks, where the process is similar to that described above, although they usually infect the master boot record instead of the DOS boot record. A BSV will usually hide at the top of memory, reducing the amount of memory that the DOS sees. For example, a computer with 640K might appear to have only 639K.

12 Program Viruses Program viruses, the second type of computer viruses, infect executable programs, usually .COM and .EXE files, but they sometimes also infect overlay files, device drivers or even object files. An infected program will contain a copy of the virus, usually at the end, in some cases at the beginning of the original program, and in a few cases the virus is inserted in the middle of the original program. 2 Means of Infection Resident Direct Action When an infected program is run, the virus may stay resident in memory and infect every program run. Viruses using this method to spread the infection are called "Resident Viruses". Other viruses may search for a new file to infect, when an infected program is executed. The virus then transfers control to the original program. Viruses using this method to spread the infection are called "Direct Action Viruses". It is possible for a virus to use both methods of infection.

13 Program Viruses (continued)
Most viruses try to recognize existing infections, so they do not infect what has already been infected. This makes it possible to inoculate against specific viruses, by making the "victim" appear to be infected. However, this method is useless as a general defense, as it is not possible to inoculate the same program against multiple viruses.

14 Application Viruses The third type of viruses are application viruses, which do not infect normal programs, but instead spread as "macros" in various types of files, typically word-processor documents or spreadsheets. In general, viruses are just programs - rather unusual programs perhaps, but written just like any other program. It does not take a genius to write one - any average assembly language programmer can easily do it. Fortunately, few of them do.

15 Virus Misconceptions A virus cannot appear all by itself, it has to be written, just like any other program. Not all viruses are intentionally harmful - some may only cause minor damage as a side effect - however, there is no such thing as a "harmless" virus. Reading plain data from an infected diskette cannot cause an infection. (However, it is not trivial to determine what "plain data" is) A write-protected diskette cannot become infected, if the hardware is working properly.

16 Protect Yourself from Viruses
There is no sure-fire way to protect yourself from getting a virus or trojan horse. The best way to protect yourself is to create backups. Backups not only protect from viruses, but also hardware failure. File Backups Keep good backups (more than one) of everything you do not want to lose. It is a good practice to keep all your files in one directory tree to facilitate this process. System Backups Drive imaging software can back up the entire contents of your hard drive and allow a 1-step recovery method in the case of a critical failure (e.g. blue screen on bootup) Norton Ghost is the leading software for this purpose. It is usually available for around $20 after rebate from many vendors. Editor Note: Reference to BBS-Reworded to website Editor Note: No longer says to trust that a website

17 Protect Yourself from BSV’s
BSV’s (Boot Sector Viruses) proliferate by the sharing of floppy disks, and they usually infect when a system attempts to boot off a floppy disk. Never boot from a floppy disk Keep all floppy disks write-protected until you need to write to them Never boot a computer with a hard disk from a diskette because that is the only way the hard disk could become infected with a boot sector virus. (Well, strictly speaking, it can happen if you run a "dropper" program too, but that happens rarely). If your BIOS allows you to change the boot sequence to "C: A:", do it. This will give you very good protection against boot sector virus infections Should you, by accident, have left a non-bootable diskette in drive A: when you turn the computer on, the message Not a system disk may appear. If the diskette was infected with a virus, it will now be active, but may not have infected the hard disk yet (Most boot sector viruses will do it right away, however). If this happens, remove the diskette from the A: drive and turn the computer off (or press the reset button). It is important to note that pressing Ctrl-Alt-Del is not sufficient, as a few viruses can survive that. Editor Note: Removed: ” If it is not possible to make a backup of the diskette, because of some idiotic copy-protection, I do not recommend using the software. “

18 Protecting Yourself from Viruses
When downloading software, always save the software to your hard disk first, and then scan the file with an antivirus program. Never open a downloaded file directly. It is even advisable to scan software with several antivirus programs from different manufacturers, as no single scanner is able to detect all viruses. Obtain Shareware, Freeware and Public-Domain software from the original author or reliable distribution sites, if at all possible.

19 Do you have a Virus? Does it take longer than usually to load programs ? Do unusual error messages appear ? Does the memory size seem to have decreased ? Do the disk lights stay on longer than they used to ? Do files just disappear ?

20 If you do have a Virus DON'T PANIC! Sometimes a badly thought out attempt to remove a virus will do much more damage than the virus could have done. If you are not sure what to do, leave your computer turned off until you find someone to remove the virus for you. Finally, remember that some viruses may interfere with the disinfection operation if they are active in memory at that time, so before attempting to disinfect you MUST boot the computer from a CLEAN system diskette. It is also a good idea to boot from a clean system diskette before scanning for viruses, as several "stealth" viruses are very difficult to detect if they are active in memory during virus scanning

21 Other Misconceptions It used to be the case that a virus could not infect a computer unless it was booted from an infected diskette or an infected program was run on it, but alas, this is no longer true. It is possible for a virus infection to spread, just by the act of reading an infected Microsoft Word document, for example, or through use of Outlook, to name two well-known applications. It also used to be the case that a virus could not infect data files or spread from one type of computer to another - a virus designed to infect Macintosh computers could not infect PCs or vice versa, but with the appearance of application viruses this has changed as well - there are now a few viruses that can infect WinWord as well as MacWord.

22 Anti-Virus Programs Anti-Virus programs find and inoculate computer viruses New viruses/virus strains are created daily. It is very important to update your anti-virus program with the latest virus definitions UH students can use the site-licensed McAffee Virus Scan (

23 Network Attacks Definition: causing harm to computer or network remotely by exploiting networking protocols and networking software. DoS attack – “Denial of Service” floods a network with useless network traffic, preventing legitimate traffic. Teardrop attack – Exploits a bug in the way Windows based clients reconstruct TCP/IP Packets FUTHER INFORMATION A smurf attack is one particular variant of a DoS attack on the public Internet. It relies on mis-configured network devices that allow packets to be sent to all computer hosts on a particular network, rather than a specific machine. In such an attack, the perpetrators will send large numbers of IP packets with a faked source address, that is set to the address of the intended victim. To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify mis-configured networks and to take appropriate action such as filtering. (Src: Teardrop is a program that sends IP fragments to a machine connected to the Internet or a network. Teardrop exploits an overlapping IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines. The bug causes the TCP/IP fragmentation re-assembly code to improperly handle overlapping IP fragments. This attack has not been shown to cause any significant damage to systems, and a simple reboot is the preferred remedy. It should be noted, though, that while this attack is considered to be non-destructive, it could cause problems if there is unsaved data in open applications at the time that the machine is attacked. The primary problem with this is a loss of data. (SRC:

24 Network Security The best defense from network intrusion is a good firewall. A firewall can stop communication initiated by an outside party, which is usually how hackers find holes to exploit a system. Firewalls are available in the form of hardware and software. Hardware firewalls are preferential because they are less likely to be compromised by a virus or trojan horse. Firewalls must be configured correctly to be effective.

25 File Names A filename under MS-DOS consisted of an 8-letter “name” and a 3-letter extension. This is sometimes referred to as 8.3 or “eight dot three” filenames 8.3 filenames do not support spaces, filenames must be made with a printable ASCII character. When writing a program, it is important to use the 8.3 convention due to limitations of programming and scripting limitations. Windows 95+/Unix support from 32 to 255 characters filenames, which support the use of spaces in the filename. Note that the filename is really a function of the File System whether Fat, Fat32, or NTFS. Even though windows 95+ and unix can handle spaces in a filename, it is not a good idea when dealing with lots (100s) of similar named files. The searching utilities and system scripting tools are hard to use when there are spaces in filenames.

26 File Types (File Extensions)
The letters after the last period in a filename are referred to as the extension Extensions are generally limited to three characters for cross-system compatibility. An extension DOES NOT determine the file type. (e.g. changing the extension of a file will not change the contents or type of file) There should however be a correspondence between the file type and the extension. Note that the extension is commonly used to refer to the file type. (e.g. a “.xxx” file is often referred to as an “Ex Ex Ex” file) Note t

27 File Types (continued)
Windows uses the extension of a file to determine what program to use to open the file. In Windows Explorer, click >>Tools>>Folder Options>>File Types tab Windows will even change the icon associated with a file extension to reflect the application used to open the file

28 File Types Virus Warning
By default some installations of Windows will hide file extensions. This practice allows many trojan horses to masquerade as a different file type. Consider the file: AnnaKournikova.jpg.vbs Which would appear as “AnnaKournikova.jpg” on the desktop The Anna Kournikova visual basic script was an actual script that populated itself through in 2000 Note that you can uncheck the “Hide Extensions for Known File Types” option to remove this vulnerability.

Download ppt "Malicious Code, and Computing Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Computer Viruses.

Computer Viruses.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
the protection of computer systerms and information from harm, theft, and unauthorized use. Computer hardware is typically protected by the same.

the protection of computer systerms and information from harm, theft, and unauthorized use. Computer hardware is typically protected by the same.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Higher Computing Topic 8: Supporting Software Updated 16-6-11.

1 Higher Computing Topic 8: Supporting Software Updated
We want this Internet, this global cyberspace, to be completely free, completely open. Everyone does. I do. But we also want to conduct business there,

We want this Internet, this global cyberspace, to be completely free, completely open. Everyone does. I do. But we also want to conduct business there,
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.

Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.
Computer Defining denial of service, worm, virus and email hoax. Examples of negligence or incompetence that leads to crime. CI R M E By: Megan Price.

Computer Defining denial of service, worm, virus and hoax. Examples of negligence or incompetence that leads to crime. CI R M E By: Megan Price.

Similar presentations

Ads by Google