CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.

Slides:



Advertisements
Similar presentations
CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.
Advertisements

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security
Unit 18 Data Security 1.
By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.
ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
VIRUS Jan Damsgaard Dept. of Informatics Copenhagen Business School
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses and Worms Dragan Lojpur Zhu Fang.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Viruses.
1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University
VIRUSES and DESTRUCTIVE PROGRAMS
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Malware Fighting Spyware, Viruses, and Malware Ch 4.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
D. Beecroft Fremont High School VIRUSES.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
1 Viruses and Worms. ECE Agenda How viruses work Virus detectors How worms work Example viruses/worms  Melissa  Morris  My_SQL Lab discussion.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Trend Micro Confidential 1 Virus/ Trojans/ Worms etc and some Common issues.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.
Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.
Week 6 - Wednesday.  What did we talk about last time?  Exam 1  Before that?  Program security  Non-malicious flaws.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
By Michael Carlisle CpSc 420 December 6, Worms – A Definition!  Worm – a program that copies itself from one computer to another.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
 Computer virus have become today’s headline news  With the increasing use of the Internet, it has become easier for virus to spread  Virus show us.
~Computer Virus~ The things you MUST know Brought to You By Sumanta Majumdar Dept. Of Electrical Engg. 2010,GNIT
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
The Top 10 Bugs in Windows 2000 From Jesper Johanssen’s W2K Security Vulnerabilities Lecture.
Priya Ranjan Kumar Dept. Of Computer Science Engg. 2012, RIT.
Malicious Software.
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
W elcome to our Presentation. Presentation Topic Virus.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
Computer virus Done: Aaesha Mohammed ID: H
1 Computer Virus and Antivirus A presentation by Sumon chakreborty Roll no-91/CSE/ Reg.no of
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Computer Viruses Author: Alyse Allen.
Chapter Objectives In this chapter, you will learn:
COMPUTER VIRUSES Computer Technology.
SEMINAR ON PC SECURITY FROM VIRUSES
Viruses and Other Malicious Content
Computer Technology Notes 5
Computer Viruses.
Chap 10 Malicious Software.
UNIT 18 Data Security 1.
Chap 10 Malicious Software.
Presentation transcript:

CSE331: Introduction to Networks and Security Lecture 31 Fall 2002

CSE331 Fall Recap Program Security –Buffer Overflows Today: –Computer Viruses

CSE331 Fall Buffer Overrun in the News From Slashdot –“There is an unchecked buffer in Microsoft Data Access Components (MDAC) prior to version 2.7, the company said. MDAC is a "ubiquitous" technology used in Internet Explorer and the IIS web server. The buffer can be overrun with a malformed HTTP request, allowing arbitrary code to be executed on the target machine.” –

CSE331 Fall The Consequences From Microsoft –“An attacker who successfully exploited it could gain complete control over an affected system, thereby gaining the ability to take any action that the legitimate user could take.” – echnet/security/bulletin/MS asp

CSE331 Fall Certificate Revocation Problems “A malicious attacker would be able to reintroduce the vulnerable control with just a specially [constructed] HTML document.” “the company recommends removing "Microsoft" from IE's Trusted Publisher list” –Doing so will cause a warning to appear when doing an update

CSE331 Fall Viruses A computer virus is a (malicious) program –Creates (possibly modified) copies of itself –Attaches to a host program or data –Often has other effects (deleting files, “jokes”, messages)

CSE331 Fall Virus Attachment: Append Simplest case: insert copy at the beginning of an executable file Runs before other code of the program Most common program virus Original Program Virus

CSE331 Fall Virus Attachment: Surround Runs before & after original program Virus can clean up after itself Original Program Virus

CSE331 Fall Virus Attachment: Replace Doesn’t change the size of the program Virus writer must know structure of original program Not as common, user more likely to detect. Original Program Modified Program

CSE331 Fall Virus Writer’s Goals Hard to detect Hard to destroy or deactivate Spreads infection widely/quickly Can reinfect a host Easy to create Machine/OS independent

CSE331 Fall Kinds of Viruses Boot Sector Viruses Memory Resident Viruses Macro Viruses

CSE331 Fall Bootstrap Viruses Bootstrap Process: –Firmware (ROM) copies MBR (master boot record) to memory, jumps to that program MBR (or Boot Sector) –Fixed position on disk –“Chained” boot sectors permit longer Bootstrap Loaders MBRboot

CSE331 Fall Bootstrap Viruses Virus breaks the chain Inserts virus code Reconnects chain afterwards MBRboot virus

CSE331 Fall Why the Bootstrap? Automatically executed before OS is running –Also before detection tools are running OS hides boot sector information from users –Hard to discover that the virus is there –Harder to fix Any good virus scanning software scans the boot sectors

CSE331 Fall Other Homes for Viruses System Software –IO.sys, NTLDR, NTDETECT.COM –autoexec.bat, config.sys, command.com Memory resident software –Task manager –Window manager –Winamp –RealPlayer –…

CSE331 Fall Macro Viruses Macros are just programs Word processors & Spreadsheets –Startup macro –Macros turned on by default Visual Basic Script (VBScript)

CSE331 Fall Melissa Virus Transmission Rate –The first confirmed reports of Melissa were received on Friday, March 26, –By Monday, March 29, it had reached more than 100,000 computers. –One site got 32,000 infected messages in 45 minutes. Damage –Denial of service: mail systems off-line. –Could have been much worse

CSE331 Fall Melissa Macro Virus Implementation –VBA (Visual Basic for Applications) code associated with the "document.open" method of Word Strategy – message containing an infected Word document as an attachment –Opening Word document triggers virus if macros are enabled –Under certain conditions included attached documents created by the victim

CSE331 Fall Melissa Macro Virus: Behavior Setup –lowers the macro security settings –permit all macros to run without warning –Checks registry for key value “… by Kwyjibo” –HKEY_Current_User\Software\Microsoft\Office\Melissa? Propagation –sends message to the first 50 entries in every Microsoft Outlook MAPI address book readable by the user executing the macro

CSE331 Fall Melissa Macro Virus: Behavior Propagation Continued –Infects Normal.dot template file –Normal.dot is used by all Word documents “Joke” –If minute matches the day of the month, the macro inserts message “Twenty-two points, plus triple- word-score, plus fifty points for using all my letters. Game's over. I'm outta here.”

CSE331 Fall Melissa: Remedy Filter mail for virus signature (macro in.doc files) Clean Normal.doc

CSE331 Fall “I Love You” Virus/Worm Infection Rate –At 5:00 pm EDT(GMT-4) May 8, 2000, CERT had received reports from more than 650 sites –> 500,000 individual systems VBScript Propagation – , Windows file sharing, IRC, USENET news

CSE331 Fall Love Bug Signature –An attachment named "LOVE-LETTER-FOR-YOU.TXT.VBS" –A subject of "ILOVEYOU" –Message body: "kindly check the attached LOVELETTER coming from me."

CSE331 Fall Love Bug Behavior Replaced certain files with copies of itself –Based on file extension (e.g..vbs,.js,.hta, etc) Changed Internet Explorer start page –Pointed the browser to infected web pages Mailed copies of itself Changed registry keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.