CS3235: Introduction to Computer Security

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security
ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
Computer Viruses.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
the protection of computer systerms and information from harm, theft, and unauthorized use. Computer hardware is typically protected by the same.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
 a crime committed on a computer network, esp. the Internet.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Topic 5: Basic Security.
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
W elcome to our Presentation. Presentation Topic Virus.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Computer safety Filip Hruby.
Computer Viruses Author: Alyse Allen.
CHAPTER 3 PROGRAM SECURITY.
Chapter Objectives In this chapter, you will learn:
Botnets A collection of compromised machines
Malicious Software.
Malware and Computer Maintenance
3.6 Fundamentals of cyber security
Instructor Materials Chapter 7 Network Security
Lecture 8. Cyber Security, Ethics and Trust
Viruses and Other Malicious Content
Botnets A collection of compromised machines
Computer Technology Notes 5
NET 311 Information Security
Computer Applications Unit B
Malware, Phishing and Network Policies
Chap 10 Malicious Software.
UNIT 18 Data Security 1.
Malware CJ
Viruses.
Faculty of Science IT Department By Raz Dara MA.
Chap 10 Malicious Software.
CMSC 491/691 Malware Analysis
Malicious Program and Protection
Presentation transcript:

CS3235: Introduction to Computer Security Lecture 4: Malware CS3235 Lecture 4

Review of Lecture 3 AES Public-key cryptosystem: RSA Application of cryptography Cryptographic hash functions Key exchange Digital signatures Certificates CS3235 Lecture 4

Is Cryptography Alone Enough? Network Principle of weakest link CS3235 Lecture 4

Importance of Program Security Protecting programs is at the heart of computer security Programs constitute much of a computing of a system Operating system, device drivers, … Types of threats Malicious programs Vulnerable programs CS3235 Lecture 4

Big Picture of Attacks Scanning Reconnaissance Malware Hiding Break-in CS3235 Lecture 4

Threats from Malicious Code Steal confidential information Credit card, bank account, password Trade secrets Surveillance Capture keystrokes, webcam streams Collect system information Controlling computer Form botnets Send spam emails Is that all? What attackers can do is only limited by the imagination. CS3235 Lecture 4

Types of Malicious Code These names are not standard terminologies. CS3235 Lecture 4

Computer Viruses A program that can replicate itself and pass on malicious code to other non- malicious programs by modifying them. Transient virus Resident virus CS3235 Lecture 4

Three Aspects of a Virus Propagation mechanism How viruses attach? Activation mechanism How viruses gain control? Behavior of virus payload What will viruses do besides propagating? CS3235 Lecture 4

Virus Propagation Mechanism Attaching to a program Appended, surrounded, integrated Document virus Executable code in data files Attaching to email messages Embedded in instant messages Injected into disk/USB drive CS3235 Lecture 4

Virus Activation Mechanism Viruses have no harm until activated Injecting themselves into normal activities At the beginning of a program Deceptive email or IM message Autorun in Windows Homes for viruses One-time, boot sector, memory CS3235 Lecture 4

Code Execution Path BIOS Drive Operating System Data/Scripts Application CS3235 Lecture 4

Demo of Virus Behaviors CS3235 Lecture 4

Virus Detection Virus scanner Virus signatures Detect and remove virus using virus signatures E.g., Norton AntiVirus Virus signatures A unique string of bits, or the binary pattern, of a virus. The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. CS3235 Lecture 4

Types of Virus Signatures On storage patterns Changes at fixed locations of a program Changes in file size and checksum On Transmission Patterns On execution patterns Code for common behaviors Jump Original Program Malicious CS3235 Lecture 4

Anti-Detection Techniques Polymorphic viruses Transform virus code to a different form Insert NOP instructions Change x = 0 to x = a – a Encrypted viruses Decrypt before execution Using the previous figure as example Key Encrypted Virus Code Decryption Routine CS3235 Lecture 4

Prevention of Virus Infection Use only software from reliable sources Test new software on isolated computers Be careful of email attachments Make recovery system image Backup data Use virus scanners CS3235 Lecture 4

Truth and Misconceptions Viruses can infect any computer system Viruses can modify read-only files Viruses can appear in any type of files Viruses cannot remain in memory after a system reboot, but ... Viruses cannot infect hardware CS3235 Lecture 4

The Brain Virus Virus behavior Propagation and activation Labeling attacked disk as “BRAIN” Propagation and activation Residing in the first and other six boot sectors Intercept disk read requests CS3235 Lecture 4

CIH Virus Spread via Windows executable files Damages: Overwriting the first 1024KB of the hard drive with zeroes Overwriting the BIOS with junk code Activated on April 26, 1999 An untold number of computers worldwide were affected, much in Asia CS3235 Lecture 4

Melissa Macro virus found on March 26, 1999 Targeting MS Word and Outlook-based systems In a file called “List.DOC” Spread on MS Word 97 and 2000 Mass-mail itself from email client MS Outlook 97 or Outlook 98 Activated once the word document is opened CS3235 Lecture 4

ILOVEYOU First appeared on May 3, 2000 Caused world-wide email outage, damage estimated $10 billion VBScript virus Email: Subject: “ILOVEYOU” Attachment: “LOVE-LETTER-FOR-YOU.TXT.vbs” Overwrite important files with a copy of itself Send out itself to everyone in a user’s contact list CS3235 Lecture 4

Targeted Malicious Code CS3235 Lecture 4

Trapdoor (Backdoor) Secret entry point into a system Specific user identifier or password that circumvents normal security procedures. Commonly used by developers Could be included in a compiler. CS3235 Lecture 4

Trojan Horse Programs that appear to be benign, but have hidden malicious code Example Software claims to convert a DVD reader drive into a DVD writer It simply deletes files on a system CS3235 Lecture 4

Salami Attack Merges bits of seemingly inconsequential data to yield powerful results Example, interest calculation in a banking system. Reason for salami attack Computer computations have small errors involving rounding and truncation. CS3235 Lecture 4

Rootkits Rootkit: a piece of malicious code that tries to obscure its presence on a computer system. A typical rootkit will interfere with the normal interaction between a user an the OS Remove its effects from results of system utilities CS3235 Lecture 4

Rootkit Classification Application-level Rootkit User-mode RootKit Kernel-mode RootKit Evil Program Trojan login Trojan ps Trojan ifconfig good program good login good ps good ifconfig good program good program good program good program good program Kernel Kernel Trojan Kernel Module Kernel CS3235 Lecture 4

User-mode Rootkits Hiding existence of rootkit by changing system utilities Linux/UNIX ls, du, find, ifconfig, login, sshd, netstat, … CS3235 Lecture 4

Kernel-mode Rootkits Hide themselves by modifying the OS kernel So what? No trusted service provided by the OS No way to distinguish whether a program is a real one or fake one CS3235 Lecture 4

Sony BMG DRM Rootkit (2005) Extended Copy Protection (XCP) for CD copy protection Users are required to install XCP software XCP intercepts all accesses to CD drive and only allows SONY’s media player to access the track on CD XCP conceals itself from the user by patching the Windows kernel. The patch stops ordinary system tools from displaying processes, registry entries, or files whose names begin with $sys$. About 4.7 million XCP-CDs shipped, 2.1 million sold. CS3235 Lecture 4

SONY BMG Rootkit (Cont.) Block access to file begin with $sys$, so that it is “invisible” to system users Weaken system security XCP rootkit can be used by other malware. One discovered in Nov. 2005 XCP installer, which released later, leaves security holes on system XCP mechanism affects system stability, resulting in blue-screen-of-death. CS3235 Lecture 4

Zombie & Botnet Secretly takes over another networked computer by exploiting software flows Builds the compromised computers into a zombie network or botnet A collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. Uses it to indirectly launch attacks E.g., DDoS, phishing, spamming, cracking CS3235 Lecture 4

Botnet A network of compromised computers controlled by an attacker. Zombies Attacker Master Server Internet Commonly controlled by an IRC channel. CS3235 Lecture 4

Other Targeted Attacks Privilege escalation: A means for malicious code to be launched by a user with lower privileges but run with higher privileges Interface illusion Keystroke logging Man-in-the-Middle attacks CS3235 Lecture 4

Covert Channels Malicious code can leak information without being noticed. Change of font of a word in a document Main types of covert channels Storage channels Timing channels Common in spy stories. CS3235 Lecture 4

Storage Channels File lock channels File existence channels File File Create: 1 Service Spy File Yes: 1 Exist? Delete: 0 Service Spy File No: 0 Exist? Service Spy No: 0 CS3235 Lecture 4

Shared Resource Matrix CS3235 Lecture 4

Information Flow B := A RED: Explicit flow C := B (Data dependency) IF D=1 THEN E := C RED: Explicit flow (Data dependency) Blue: Implicit flow (Control dependency) CS3235 Lecture 4

Readings for This Lecture Security in Computing Chapter 3.3, Chapter 3.4. CS3235 Lecture 4

WEP hacking http://www.youtube.com/watch?v=TiPWUykw3uU&NR=1 http://www.youtube.com/watch?v=32JgSJYpL8o&feature=fvw WEP hacking http://www.youtube.com/watch?v=TiPWUykw3uU&NR=1 TV Hack http://www.youtube.com/watch?v=QrXkmP_3kBs&feature=fvw Urban Hack http://www.youtube.com/watch?v=0L7DTMKekoU CS3235 Lecture 4

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.