Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,

Slides:



Advertisements
Similar presentations
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Advertisements

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
Lecture 13 Malicious Software modified from slides of Lawrie Brown.
Cryptography and Network Security Chapter 19 Fourth Edition by William Stallings.
Karlstad University Malware Ge Zhang Karlstad Univeristy.
Lecture 14 Malicious Software (cont) modified from slides of Lawrie Brown.
Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.
Chapter 14 Computer Security Threats
Cryptography and Network Security Malicious Software Third Edition by William Stallings Lecturer: Dr. Saleem Alzoubi.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
After this session, you should be able to:
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Cryptography and Network Security Chapter 21
By:Tanvi lotliker TE COMPUTER
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
Malicious Software Malicious Software Han Zhang & Ruochen Sun.
1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
Malicious Software CIS 4361 Eng. Hector M Lugo-Cordero, MS Feb
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Data Security and Encryption (CSE348) 1. Lecture # 27 2.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.
VIRUSES - Janhavi Naik. Overview Structure Classification Categories.
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Chapter 11 Malicious Software
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Viruses and Related Threats. 2 Summary  have considered:  various malicious programs  trapdoor, logic bomb, trojan horse, zombie  viruses  worms.
Fourth Edition by William Stallings Adapted form lecture slides by Lawrie Brown.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Malicious Software.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Advanced Anti-Virus Techniques
Cryptography and Network Security Chapter 19 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
Attack Methods  Attacks  DoS (Denial of Service)  Malware.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Company LOGO Malicious SW By Dr. Shadi Masadeh 1.
MALWARE.
LECTURE 6 MALICIOUS SOFTWARE
Malicious Software.
Viruses and Other Malicious Content
BINF 711 Amr El Mougy Sherif Ismail
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Presentation transcript:

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses, logic bombs, and backdoors independent self-contained programs e.g. worms, bots replicating or not sophisticated threat to computer systems Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Malware Terminology Virus Worm Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Auto-rooter Kit (virus generator) Spammer and Flooder programs Keyloggers Rootkit Zombie, bot Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Viruses piece of software that infects programs modifying them to include a copy of the virus so it executes secretly when host program is run specific to operating system and hardware taking advantage of their details and weaknesses a typical virus goes through phases of: dormant propagation triggering execution Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Virus Structure components: infection mechanism - enables replication trigger - event that makes payload activate payload - what it does, malicious or benign prepended / postpended / embedded when infected program invoked, executes virus code then original program code can block initial infection (difficult) or propogation (with access controls) Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Virus Structure Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Compression Virus Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Virus Classification boot sector file infector macro virus encrypted virus stealth virus polymorphic virus metamorphic virus Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Macro Virus became very common in mid-1990s since platform independent infect documents easily spread exploit macro capability of office apps executable program embedded in office doc often a form of Basic more recent releases include protection recognized by many anti-virus programs Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Virus Countermeasures prevention - ideal solution but difficult realistically need: detection identification removal if detect but can’t identify or remove, must discard and replace infected program Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Anti-Virus Evolution virus & antivirus tech have both evolved early viruses simple code, easily removed as become more complex, so must the countermeasures generations first - signature scanners second - heuristics third - identify actions fourth - combination packages Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Generic Decryption runs executable files through GD scanner: CPU emulator to interpret instructions virus scanner to check known virus signatures emulation control module to manage process lets virus decrypt itself in interpreter periodically scan for virus signatures issue is long to interpret and scan tradeoff chance of detection vs time delay Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Digital Immune System Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Behavior-Blocking Software Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Worms/ virus replicating program that propagates over net using , remote exec, remote login has phases like a virus: dormant, propagation, triggering, execution propagation phase: searches for other systems, connects to it, copies self to it and runs may disguise itself as a system process concept seen in Brunner’s “Shockwave Rider” implemented by Xerox Palo Alto labs in 1980’s Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Morris Worm one of best know worms released by Robert Morris in 1988 various attacks on UNIX systems cracking password file to use login/password to logon to other systems exploiting a bug in the finger protocol exploiting a bug in sendmail if succeed have remote shell access sent bootstrap program to copy worm over Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Worm Propagation Model Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Recent Worm Attacks SQL Slammer early 2003, attacks MS SQL Server compact and very rapid spread Mydoom mass-mailing worm that appeared in 2004 installed remote access backdoor in infected systems Valentin E and Nuwar OL Spread by Users ‘enticed’ by romantic messages Activity disguised by the display of a greetings card Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Worm Technology multiplatform multi-exploit ultrafast spreading polymorphic metamorphic transport vehicles zero-day exploit Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Worm Countermeasures overlaps with anti-virus techniques once worm on system A/V can detect worms also cause significant net activity worm defense approaches include: signature-based worm scan filtering filter-based worm containment payload-classification-based worm containment threshold random walk scan detection rate limiting and rate halting Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Proactive Worm Containment Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Network Based Worm Defense Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Bots program taking over other computers to launch hard to trace attacks if coordinated form a botnet characteristics: remote control facility via IRC/HTTP etc spreading mechanism attack software, vulnerability, scanning strategy various counter-measures applicable Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Summary introduced types of malicous software incl backdoor, logic bomb, trojan horse, mobile virus types and countermeasures worm types and countermeasures bots Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Useful Resources  Most of the anti virus vendors maintain web sites with information about current malware e.g. Symantec  CERT has lots of useful information at: Also NIST at: Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.