Dr. Richard Ford  Szor 5.2.5  A.k.a. Stealth Viruses  “How viruses hide”

Slides:



Advertisements
Similar presentations
CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.
Advertisements

For(int i = 1; i
Thank you to IT Training at Indiana University Computer Malware.
DATA STRUCTURES Lecture: Interfaces Slides adapted from Prof. Steven Roehrig.
Operating System Security : David Phillips A Study of Windows Rootkits.
Dr. Richard Ford  Szor 7  Another way viruses try to evade scanners.
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
Ch 7-1 Working with workgroups-1. Objectives Working with workgroups Creating a workgroup Determining whether to use centralized or group sharing.
I Can Learn From Losing! Introduce the lesson: Ask students what they know about losing – how it feels, when it happened to them, etc. List on whiteboard/chalkboard/easel.
Chapter 25 GRASP: More Objects with Responsibilities 1CS6359 Fall 2011 John Cole.
1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.
THE OBJECT-ORIENTED DESIGN WORKFLOW Interfaces & Subsystems.
C Module System C and Data Structures Baojian Hua
Rootkits: Sneaky, Stealthy Toolboxes
Slide 1 By: Date: 09/03/2003 Info Security Writing and Rootkits.
Portability CPSC 315 – Programming Studio Spring 2008 Material from The Practice of Programming, by Pike and Kernighan.
Getting Started Applications of Computer Programming in Earth Sciences Instructor: Dr. Cheng-Chien LiuCheng-Chien Liu Department of Earth Sciences National.
High Performance Faceted Interfaces Using S2S Eric Rozell, Tetherless World Constellation.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Energy Flow in Ecosystems
Command Prompt Chapter 7 Using ATTRIB, SUBST, XCOPY, DOSKEY, and the MS-DOS Text Editor Richard Goldman ©January 31, 2000.
Dr. Richard Ford  Szor 11  Virus Scanners – how they work, why they matter, how to write one…
Why you should never use the internet. Overview  The Situation  Infiltration  Characteristics  Techniques  Detection  Prevention.
Jeans for Genes Day K-2 Presentation. Section: one What is Jeans for Genes Day?
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 24 Introduction to Object DBMSs Prepared by Kai Huang CS157B Prof Sin-Min Lee.
Level 2 Award in Employability Skills
Ford 1. Ford 2 Ford 3 Ford 4 Ford 5 Ford 6 Ford 7.
EFFECTIVE METHODS FOR WRITING POWERFUL INTRODUCTIONS & CONCLUSIONS Western Literature & Composition I.
Rootkits in Windows XP  What they are and how they work.
Programming in Java Unit 2. Class and variable declaration A class is best thought of as a template from which objects are created. You can create many.
Structure Classifications &
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Logic Bomb Virus.  The first use of a time bomb in software may have been with the scribe markup language and word processing system, developed by Brian.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
For any query mail to or BITS Pilani Lecture # 1.
CIS 442: Chapter 2 Viruses. Malewares Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware.
Brandon Resheske. What is Malware? Code designed to interfere with normal computer operation The correct general term, instead of ‘virus.’ Basically,
Dr. Richard Ford  Szor 12  Virus Scanners – why they need to scan memory and what issues there are in this area.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Finding Red Pixels Prof. Ramin Zabih
Offset Length Description 0 2 An INT 20h instruction is stored here 2 2 Program ending address 4 1 Unused, reserved by DOS 5 5 Call to DOS function.
Illustration of a Visual Basic Program Running an Ada Program 1 by Richard Conn 11 September 1999.
C++ Pointers Review. Overview  What is a pointer  Why do I care?  What can be 'pointed to'?  Example.
Writing Maintainable code Dr. Susan McKeever DT228/3 GUI Programming.
Behavioral Patterns CSE301 University of Sunderland Harry R Erwin, PhD.
Artificial intelligence IN NPCs. Early Role Playing games Npcs in early role playing games were very limited in terms of being “Intelligent”. For instance,
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Sound Effects The library Cocosdenshion subproject of cocos2d-iphone targeted at game audio needs Sound effects can be loaded at application startup, so.
.Net Security By: Joe Schuldt. Introduction.Net Security.Net Security –“Developers want to build safe applications, but most developers don't want to.
Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB Markus.
Dr. Richard Ford  Fundamental Definitions  What is Malcode?  Malcode Overview  Follows: Szor Ch.1 & 2.
Object Oriented Programming Session # 03.  Abstraction: Process of forming of general and relevant information from a complex scenarios.  Encapsulation:
Randomising the behaviour of Sprites Games Programming in Scratch.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
CS16: UML’s Unified Modeling Language. UML Class Diagram A UML class diagram is a graphical tool that can aid in the design of a class. The diagram has.
OBJECT ORIENTED PROGRAMMING overview
زبان بدن Body Language.
Ашық сабақ 7 сынып Файлдар мен қапшықтар Сабақтың тақырыбы:
Windows басқару элементтері
Notes Over 5.1 Graphing a Quadratic Function Vertex: Up Normal.
Қош келдіңіздер!.
Chapter 14: Protection.
Информатика пән мұғалімі : Аитова Карима.
Presentation transcript:

Dr. Richard Ford

 Szor  A.k.a. Stealth Viruses  “How viruses hide”

 Loosely, it’s trying to hide from your attacker  In the same way as we use in “normal” language 

 Passive stealth might be not changing external attributes  Active stealth requires the virus to take an “active” role in the process

 Hiding in plain sight  Basically, Windows has so many different places to hide code, sometimes you don’t need to hide it, just bury it

 Semi-stealth: just hide the changes to the file length  Quite easy – look at the power of the DOS and Windows API  Requires a virus to be memory-resident

 Can use code like Detours to hook the IAT  Very flexible technique, which can be used completely transparently!

 Return the “real” body of the file on reads/seeks  Requires the virus to intercept calls to reads and can cause problems on writes

 FRODO  Problem: if the stealth is perfect…  Can even go to Cluster and Sector-level stealth

 Drawback of hooking Int 13h?  Right!  So… can hook Int 76h instead. Sneaky, eh?  Also, could play with microcode

 Polymorphism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.