Presentation is loading. Please wait.

Presentation is loading. Please wait.

NET 311 Information Security

Published byAdam Małecki Modified over 5 years ago

Similar presentations

Presentation on theme: "NET 311 Information Security"— Presentation transcript:

1 NET 311 Information Security
Networks and Communication Department Lecture 7: Malicious Software (Cont.) (Chapter 21)

2 lecture contents: Malicious Software Trojan horses Worms Backdoors
Spammers 19-Sep-18 Networks and Communication Department

3 Trojan Horse A program that appears to have some useful purpose, but really masks some hidden malicious functionality Usually superficially attractive with hidden side-effects ** eg game, s/w upgrade etc when run performs some additional tasks allows attacker to indirectly gain access they do not have directly Often used to propagate a virus/worm or install a backdoor or simply to destroy data 19-Sep-18 Networks and Communication Department

4 Trojans Unlike viruses, Trojan horses do not replicate themselves .
Unlike viruses, which are just bad tricks, Trojan horses usually attempt to do something useful for their creator The main use of Trojans is to collect information from your computer This is why they are called spyware 19-Sep-18 Networks and Communication Department

5 Trojans’ behaviour Simple examples of typical behavior of a Trojan include: Attempting to send messages to its creator. Opening a TCP/IP port on your computer, to allow its creator to connect to your computer. 19-Sep-18 Networks and Communication Department

6 How Trojans collect information
Keystroke trackers (also known as keystroke recorders) – record what the user has typed Fake login screens – they emulate login to find out your password Garbage trackers – they look in the RAM or on the disk for documents which might be encrypted when they are stored in files. - 85% of documents edited yesterday can be found in unused sectors of the hard drive 6

7 Protection against Trojans
Before your computer is infected: * Do not download software from untrusted sources When your computer is infected: * Checking logs * Using sandboxes (what is a sandbox?) * Using firewalls (what is a firewall?) 7

8 Worms A worm is a self-replicating piece of code that spreads via networks and usually doesn’t require human interaction to propagate. Example: Melissa virus from the previous lecture could be also classified as a worm

9 Trapdoors/backdoors A backdoor is a secret entry point to a program .
It allows attackers to bypass normal security procedures, gaining access on the attacker’s own terms. a threat when left in production programs allowing exploited by attackers requires good s/w development & update (this is the definition given with respect to one separate program) A backdoor, or trapdoor, is a secret entry point into a program that allows someone that is aware of it to gain access without going through the usual security access procedures. Have been used legitimately for many years to debug and test programs, but become a threat when left in production programs, allowing intruders to gain unauthorized access. It is difficult to implement operating system controls for backdoors. Security measures must focus on the program development and software update activities. A BACKDOOR HAS multiple meanings. It can refer to a legitimate point of access embedded in a system or software program for remote administration. Generally this kind of backdoor is undocumented and is used for the maintenance and upkeep of software or a system. Some administrative backdoors are protected with a hardcoded username and password that cannot be changed; though some use credentials that can be altered. Often, the backdoor’s existence is unknown to the system owner and is known only to the software maker. Built-in administrative backdoors create a vulnerability in the software or system that intruders can use to gain access to a system or data. Attackers also can install their own backdoor on a targeted system. Doing so allows them to come and go as they please and gives them remote access to the system. Malware installed on systems for this purpose is often called a remote access Trojan, or a RAT, and can be used to install other malware on the system or exfiltrate data. A programmer may sometimes install a backdoor so that the program can be accessed for troubleshooting and testing.  9

10 Backdoors (relative to one program)

11 Trapdoors/backdoors A backdoor is a is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms. (this is the definition given with respect to the whole computer system)

12 Backdoors (relative to a computer)
A program to be infected

13 Backdoors Remote execution of individual commands
Remote command-line access Remote control of the GUI

14 Code in e-mail messages
These are simple techniques which an attacker can use. It is possible to include executable code (e.g. JavaScript) in messages. This can be used to collect information about the receiver of the message. In more dangerous cases, the code can affect the work of the receiver’s computer

15 Code in e-mail messages
Example: spammers check the validity of addresses using HTML messages <html> <body> <imgsrc=“ </body> </html>

16 How spammers check the validity of e-mail addresses
The idea is as follows. the spammer generates a numbered list of addresses, for example: 1 2 ………… 3495 The spammer sends a message to each address, which includes the number of this address in the list as an argument of a script 19-Sep-18 Networks and Communication Department

17 Code in e-mail messages
<img src=“

18 Code in e-mail messages
Spammers can organize a denial-of-service attack using images in messages. Messages are sent to multiple addresses, including a request of information from a server. <img src=“ Distributed denial of service (DDoS) attacks present a significant security threat to corporations, and the threat appears to be growing. DDoS attacks make computer systems inaccessible by flooding servers, networks, or even end user systems with useless traffic so that legitimate users can no longer gain access to those resources. In a typical DDoS attack, a large number of compromised (zombie) hosts are amassed to send useless packets. In recent years, the attack methods and tools have become more sophisticated, effective, and more difficult to trace to the real attackers, while defense technologies have been unable to withstand large-scale attacks. 19-Sep-18 Networks and Communication Department

19 Code in e-mail messages
<img src=“

20 References Cryptography and Network Security: Principles and practice’, William Stallings Fifth edition, Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter 21 – “Malicious Software”. Lecture slides by Dr Alexei Vernitski, University of Essex , 2013 19-Sep-18 Networks and Communication Department

Download ppt "NET 311 Information Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Computer Security Set of slides 8 Dr Alexei Vernitski.

Computer Security Set of slides 8 Dr Alexei Vernitski.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Computer Viruses.

Computer Viruses.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Malicious Software.

1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)

1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)

Similar presentations

Ads by Google