Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CSE331: Introduction to Networks and Security Lecture 31 Fall 2002."— Presentation transcript:

1 CSE331: Introduction to Networks and Security Lecture 31 Fall 2002

2 CSE331 Fall 20022 Recap Program Security –Buffer Overflows Today: –Computer Viruses

3 CSE331 Fall 20023 Buffer Overrun in the News From Slashdot –“There is an unchecked buffer in Microsoft Data Access Components (MDAC) prior to version 2.7, the company said. MDAC is a "ubiquitous" technology used in Internet Explorer and the IIS web server. The buffer can be overrun with a malformed HTTP request, allowing arbitrary code to be executed on the target machine.” –http://www.theregister.co.uk/content/55/28215.html

4 CSE331 Fall 20024 The Consequences From Microsoft –“An attacker who successfully exploited it could gain complete control over an affected system, thereby gaining the ability to take any action that the legitimate user could take.” –http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS02-065.asp

5 CSE331 Fall 20025 Certificate Revocation Problems “A malicious attacker would be able to reintroduce the vulnerable control with just a specially [constructed] HTML document.” “the company recommends removing "Microsoft" from IE's Trusted Publisher list” –Doing so will cause a warning to appear when doing an update

6 CSE331 Fall 20026 Viruses A computer virus is a (malicious) program –Creates (possibly modified) copies of itself –Attaches to a host program or data –Often has other effects (deleting files, “jokes”, messages)

7 CSE331 Fall 20027 Virus Attachment: Append Simplest case: insert copy at the beginning of an executable file Runs before other code of the program Most common program virus Original Program Virus

8 CSE331 Fall 20028 Virus Attachment: Surround Runs before & after original program Virus can clean up after itself Original Program Virus

9 CSE331 Fall 20029 Virus Attachment: Replace Doesn’t change the size of the program Virus writer must know structure of original program Not as common, user more likely to detect. Original Program Modified Program

10 CSE331 Fall 200210 Virus Writer’s Goals Hard to detect Hard to destroy or deactivate Spreads infection widely/quickly Can reinfect a host Easy to create Machine/OS independent

11 CSE331 Fall 200211 Kinds of Viruses Boot Sector Viruses Memory Resident Viruses Macro Viruses

12 CSE331 Fall 200212 Bootstrap Viruses Bootstrap Process: –Firmware (ROM) copies MBR (master boot record) to memory, jumps to that program MBR (or Boot Sector) –Fixed position on disk –“Chained” boot sectors permit longer Bootstrap Loaders MBRboot

13 CSE331 Fall 200213 Bootstrap Viruses Virus breaks the chain Inserts virus code Reconnects chain afterwards MBRboot virus

14 CSE331 Fall 200214 Why the Bootstrap? Automatically executed before OS is running –Also before detection tools are running OS hides boot sector information from users –Hard to discover that the virus is there –Harder to fix Any good virus scanning software scans the boot sectors

15 CSE331 Fall 200215 Other Homes for Viruses System Software –IO.sys, NTLDR, NTDETECT.COM –autoexec.bat, config.sys, command.com Memory resident software –Task manager –Window manager –Winamp –RealPlayer –…

16 CSE331 Fall 200216 Macro Viruses Macros are just programs Word processors & Spreadsheets –Startup macro –Macros turned on by default Visual Basic Script (VBScript)

17 CSE331 Fall 200217 Melissa Virus Transmission Rate –The first confirmed reports of Melissa were received on Friday, March 26, 1999. –By Monday, March 29, it had reached more than 100,000 computers. –One site got 32,000 infected messages in 45 minutes. Damage –Denial of service: mail systems off-line. –Could have been much worse

18 CSE331 Fall 200218 Melissa Macro Virus Implementation –VBA (Visual Basic for Applications) code associated with the "document.open" method of Word Strategy –Email message containing an infected Word document as an attachment –Opening Word document triggers virus if macros are enabled –Under certain conditions included attached documents created by the victim

19 CSE331 Fall 200219 Melissa Macro Virus: Behavior Setup –lowers the macro security settings –permit all macros to run without warning –Checks registry for key value “… by Kwyjibo” –HKEY_Current_User\Software\Microsoft\Office\Melissa? Propagation –sends email message to the first 50 entries in every Microsoft Outlook MAPI address book readable by the user executing the macro

20 CSE331 Fall 200220 Melissa Macro Virus: Behavior Propagation Continued –Infects Normal.dot template file –Normal.dot is used by all Word documents “Joke” –If minute matches the day of the month, the macro inserts message “Twenty-two points, plus triple- word-score, plus fifty points for using all my letters. Game's over. I'm outta here.”

21 CSE331 Fall 200221 Melissa: Remedy Filter mail for virus signature (macro in.doc files) Clean Normal.doc

22 CSE331 Fall 200222 “I Love You” Virus/Worm Infection Rate –At 5:00 pm EDT(GMT-4) May 8, 2000, CERT had received reports from more than 650 sites –> 500,000 individual systems VBScript Propagation –Email, Windows file sharing, IRC, USENET news

23 CSE331 Fall 200223 Love Bug Signature –An attachment named "LOVE-LETTER-FOR-YOU.TXT.VBS" –A subject of "ILOVEYOU" –Message body: "kindly check the attached LOVELETTER coming from me."

24 CSE331 Fall 200224 Love Bug Behavior Replaced certain files with copies of itself –Based on file extension (e.g..vbs,.js,.hta, etc) Changed Internet Explorer start page –Pointed the browser to infected web pages Mailed copies of itself Changed registry keys

Download ppt "CSE331: Introduction to Networks and Security Lecture 31 Fall 2002."

Similar presentations

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Unit 18 Data Security 1.

Unit 18 Data Security 1.
By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.

By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
VIRUS Jan Damsgaard Dept. of Informatics Copenhagen Business School

VIRUS Jan Damsgaard Dept. of Informatics Copenhagen Business School
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses and Worms Dragan Lojpur Zhu Fang.

Computer Viruses and Worms Dragan Lojpur Zhu Fang.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Viruses.

Viruses.
1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.

1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University

Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University

Similar presentations

Ads by Google