Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Program and Protection

Published byCecilie Sommer Modified over 5 years ago

Similar presentations

Presentation on theme: "Malicious Program and Protection"— Presentation transcript:

1 Malicious Program and Protection
For bim 6th Sem (

2

3 Malicious Program: Definition
“Hardware, software, or firmware capable of performing an unauthorized function on an information system.” Usually violates security policy of a system Malicious logic is also known as malicious code or malware Types of malicious logic?

4 Types: Trojan Horses (remember movie TROY) Computer Virus
Boot Sector Infector Executable Infector Multipartite Viruses TSR Viruses Stealth Virus Encrypted Virus Polymorphic Virus Macro Viruses Computer Worms Rabbits and Bacteria Logic Bombs

5 Types

6 Trojan Horse Definition: A Trojan horse is a program with an overt (known or documented) effect and covert (unknown or undocumented ) effect Overt effect: What user sees. Games, animation Cover effect: What happen in background Appears to be useful program but contain many malicious logic inside A propagating Trojan horse (aka replicating trojan horse) is a Trojan horse that creates a copy of itself

7 Virus a program that can infect other programs by modifying them to include a, possibly evolved, version of itself (Fred Cohen, 1983) Is a program that insert itself into one or more files and then perform some action Self replicating code, parasitic

8 Virus : General pseudocode
beginvirus: if spread-condition then begin for some set of target files do begin if target is not infected then begin determine where to place virus instructions copy instructions from beginvirus to endvirus into target alter target to execute added instructions end; perform some action(s) goto beginning of infected program endvirus:

9 Virus types in brief Boot sector infector: Executable infector:
That insert itself into the boot sector of disk Executable infector: That infects executable program Multipartite Virus Infect both boot sector or application TSR viruses A terminate and stay resident virus is one that stays active in memory after the application (for eg: disk mounting) has terminated

10 Virus type in brief Stealth virus: Encrypted Virus Polymorphic virus
Virus that conceals the infection of file [ Eg: Virus intercept system call. If call is to obtain attribute, returns original attribute, if call is to execute then execute infected file.] Encrypted Virus Virus that encipher all of the virus code except for a small decryption routine Polymorphic virus Virus that changes it form each time it insert into another program Macro viruses Composed of sequence of instruction that is interpreted rather and executed

11 Worms Is a program that copies itself from one computer to another
What is difference than virus?

12 Virus vs Worms Computer Virus Computer Worm
How does it infect a computer system? It inserts itself into a file or executable program. It exploits a weakness in an application or operating system by replicating itself. How can it spread? It has to rely on users transferring infected files/programs to other computer systems. It can use a network to replicate itself to other computer systems without user intervention. Does it infect files? Yes, it deletes or modifies files. Sometimes a virus also changes the location of files. Usually not. Worms usually only monopolize the CPU and memory. whose speed is more? virus is slower than worm. worm is faster than virus. E.g.The code red worm affected 3 lack PCs in just 14 Hrs. Definition The virus is the program code that attaches itself to application program and when application program run it runs along with it. The worm is code that replicate itself in order to consume resources to bring it down.

13 Rabbits and Bacteria A bacterium or rabbit is a program that absorbs all of some class of resources While true do mkdir X chdir X done

14 Logic Bomb Is a program that performs an action that violates the security policy when some external event occurs

15 Defenses Sandboxing Reducing Right Information Flow Metrics
Malicious Logic Altering Files Use cryptographic checksum Checksum is stored in system itself Proof of code Author generate Proof Carrying Code Consumer validates it Trust of notion

16

17 County by Malware Infection

18 Antivirus Software is a class of program that will prevent, detect and remediate malware infections on individual computing devices and IT systems. Though labeled antivirus, modern antivirus is capable of preventing all sort of makware

19 Features of Antivirus Antivirus, antiworm, antirootkit, ………
Protection against browser exploit Scanning On access, scheduled, on demand Added protection scan, Instant-message scan, USB scan, Auto clean Updates

Download ppt "Malicious Program and Protection"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.1 Malicious Logic.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.1 Malicious Logic.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 19: Malicious Logic What is malicious logic Types of malicious logic.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 19: Malicious Logic What is malicious logic Types of malicious logic.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.

1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Similar presentations

Ads by Google