Presentation is loading. Please wait.

Presentation is loading. Please wait.

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]"— Presentation transcript:

1 ________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself] to other non-malicious programs by modifying them. Malicious code runs under the authority of the user running the infected program. It can lie dormant, undetected until some event triggers the code to act. It must be activated by being executed before it can spread. Malicious people can make code (programs) serve as a vehicle to violate security (confidentiality, integrity, and availability). Program flaws can be exploited to achieve these ends.

2 ________________ CS3235, Nov 2002 Viruses Infected program uninfected infected

3 ________________ CS3235, Nov 2002 Types of Infection Infect a program to gain control before its first instruction. Infect to gain control before and after program execution. Instead of overwriting a program, change the file system meta data to point to itself. Infect the boot sector. –Enables virus to gain control very early in the boot process. Look at /usr/share/doc/lilo-*/doc/Technical_Guide.ps for the boot process. –Complicates detection. Infect system files used in the boot process. –CONFIG.SYS, AUTOEXEC.BAT, /etc/rc.d/…, /lib/modules… Infect main memory –TSR

4 ________________ CS3235, Nov 2002 Detection & Propagation of Viruses A virus cannot be completely invisible. Virus code must be stored somewhere and be in memory to execute. Each characteristic is a telltale pattern called a signature. On infection, the virus may change the “host” file’s size, mtime, hash value etc. (Tripwire can detect such changes) Polymorphic viruses can change infection to avoid detection. –Add harmless instructions such as NOP, a := a + 0 –Encrypt code Testing whether an arbitrary program is a virus is undecidable. –Static analysis for viruses not possible (in general).

5 ________________ CS3235, Nov 2002 Preventing & Guarding against Virus Infection Don’t share executable code with an infected source. Use only commercial software acquired from reliable, well established vendors. –Not a guarantee but vendors have a reputation to protect. Test all new software on an isolated computer. –Test without hard disk, network connectivity etc., and look for unexpected behavior. Make a bootable diskette of the OS + key utilities. Make and retain backup copies of executable system files. Use virus detectors regularly.

6 ________________ CS3235, Nov 2002 Truths and Misconceptions about Viruses Viruses can infect systems other than PCs/Windows. –PS files, Shell scripts etc. Viruses can modify “hidden” or read-only files. –Only a software notion that can be overridden. Viruses can appear in data files. Viruses can be spread in ways other than just diskettes. Viruses cannot remain in memory after a complete power off/power on reboot. Viruses cannot infect hardware. Viruses can be malevolent, benign, or benevolent. –Compression virus.

7 ________________ CS3235, Nov 2002 The Pakistani Brain Virus Boot sector virus. –Takes over the boot sector + six other sectors. –One for original boot block + 2 for itself. The rest are duplicates. Takes over the disk read “interrupt”. –Permits the virus to return the original boot block if requested. Inspects the boot sector for infection on every read.

8 ________________ CS3235, Nov 2002 Trapdoors A trapdoor is a secret, undocumented entry point into software/hardware. –Intentional. For debugging, tracing, fixing, extending software. –Unintentional. Resulting from software errors. –Undefined opcodes in machine instructions. Example: sendmail debug. –http://online.securityfocus.com/bid/1/discussion/

9 ________________ CS3235, Nov 2002 Kinds of Malicious Code Virus. Attaches itself to executable content and propagates copies of itself to other executable content. May be good or bad. (transient or resident) Trojan Horse, Logic bomb, Time bomb. No propagation. Contain unexpected additional functionality. Trigger on logic (condition), time etc. Trapdoor. Allows access to functionality. [sendmail debug] Worm. Capable of independent self existence. Usually peripatetic. Rabbit. Replicates itself to resource exhaustion. [while(1) fork;]

10 ________________ CS3235, Nov 2002 Salami Attacks A small amount of money is shaved from each computation. Number computations are subject to small errors involving rounding and truncation. For e.g., Interest on $102.87 for 31 days @ 6.5% = $.56789. Programs are too large and complex to be audited for salami attacks.

Download ppt "________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]"

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 5 Program Security  MModified by :Ahmad Al Ghoul  PPhiladelphia University.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 5 Program Security  MModified by :Ahmad Al Ghoul  PPhiladelphia University.
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Similar presentations

Ads by Google