Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Computer Viruses.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Computer Viruses. History Malicious software – 1970’s Programs distributed over exchange servers speeds spread of viruses Brain sparks term: Virus.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

GROUP MEMBERS ALI RAZA EHTASHAM ZAFAR SOHAIB AHMED BILAL HASSAN FAHAD ABDUL AZIZ.

Viruses & Destructive Programs

Chapter Nine Maintaining a Computer Part III: Malware.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Video Following is a video of what can happen if you don’t update your security settings! security.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Lecture 8: Files and Viruses Tonga Institute of Higher Education IT 141: Information Systems.

32-1 Internet Safety/Security Issues Trojan/Virus precautions When you run an executable program from an untrusted source you’re opening yourself.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Computer Network Forensics Lecture - Virus © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

 a crime committed on a computer network, esp. the Internet.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Trend Micro Confidential 1 Virus/ Trojans/ Worms etc and some Common issues.

1 Higher Computing Topic 8: Supporting Software Updated

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Computer Viruses Susan Rascati CS30 Section 11 George Washington University.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Types of Electronic Infection

信息处理技术 Technology of Information Processing 潘晟旻 Instructor: Pan Shengmin 潘晟旻 Computer Center. Kun Ming University of Science & Technology.

~Computer Virus~ The things you MUST know Brought to You By Sumanta Majumdar Dept. Of Electrical Engg. 2010,GNIT

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Malicious Software.

Computer Skills and Applications Computer Security.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

W elcome to our Presentation. Presentation Topic Virus.

Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.

VIRUSES AND SECURITY  In an information-driven world, individuals and organization must manage and protect against risks such as viruses, which are spread.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

COMPUTER VIRUSES ….! Presented by: BSCS-I Maheen Zofishan Saba Naz Numan Sheikh Javaria Munawar Aisha Fatima.

PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

bitdefender virus protection

Chapter 40 Internet Security.

Tonga Institute of Higher Education IT 141: Information Systems

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Chap 10 Malicious Software.

Chapter 22: Malicious Logic

Chap 10 Malicious Software.

Malicious Program and Protection

Presentation transcript:

Malicious Code Brian E. Brzezicki

Malicious Code (from Chapter 13 and 11)

Malicious Code Once upon a time hackers tried to exploit technical flaws in systems. While that still happens today, hackers are increasingly trying to “trick” people into running malicious code.. Which then tries to take control of a system (or help a hacker steal passwords and resources)

Malicious Code Software that has been designed to do bad things. Some types that we will talk about in the next couple slides are Viruses – Program – Boot Sector – Macro Trojan Horses Worms Logic Bombs Spyware

Viruses

Viruses (410) The “original” malware. Can someone tell me how a virus works? Traits – Requires human intervention to spread and attack

Program Virus (410) This is the kind of virus we just discussed. Infects other executable software with it’s own virus code. Examples of Executable code is Web browser Spreadsheet program Word processor Anything that you “run” and it does something

Boot Sector Virus (410) Specifically try to attack the boot sector of hard drives and floppy drives.

Macro Virus (410) Viruses used to effect ONLY executable code (not data such as wordprocessors or images). Another type of “virus” actually embeds itself into data files and tells the reading program to do commands on it’s behalf) Uses Macros… what’s a Macro?

Advanced Viruses Stealth Virus – tried to evade anti-virus software by various methods Polymorphic Virus – actually evolves and changes it’s code as it spreads. This defeats signature checking

Anti-Virus Contermeasures (ch 11…pg 307) Anti-Virus software attempt to detect and stop viri from infecting our computers. 2 Main types (talk about each in next slides) Signature Based Heuristic

Signature (ch ) Viri is software, which is nothing but a set of computer instructions that “does something”. Viri generally do some bad action and also replicate. The code that each virus uses to do harm and replicate can be isolated. This is called a signature. Anti Virus product that use signatures have a database of known virus signature and they scan files against this signature database (more)

Signature based anti-virus (ch ) Advantages Signatures in known database Easy operation, few false positives Disadvantages Must subscribe to anti-virus database service Must constantly update virus signature database Cannot protect against unseen/new viri

Heuristic Anti-Virus (ch ) Looks for suspicious behavior. May “sandbox” code and run in a virtual environment. Advantages Can catch new viri Disadvantages Higher rate of false positives

Virus Countermeasures (411) Countermeasures Never run code if you don’t know what or where that executable has been ;) Run anti-virus software on all workstations and major servers that accept incoming data to users ( , instant messaging, web proxies)

Trojan (horse)

Trojan (412) Like the Trojan Horse, a Trojan program seems like a “gift”. Seems to be some useful program, and it even might do something useful… however inside there is code to do bad things. Can do really anything. Countermeasures User Education Don’t run software that you are not familiar with and that you don’t have “real distribution” media for. Software Signing Anti-virus software to detect known Trojans

Worms (414) Once Run a worm usually does something bad, but then tried to actively spread. Unlike a virus that simply copies itself into other executables. A worm “self-propagates” and tried to spread in any way possible. It might try to scan networks for known security weaknesses and “hack” machines as a method of spreading. Another example is via . (more)

Famous Worm Attacks (415) Morris Worm – First known worm Simply spread didn’t do anything else Did eat up a lot of CPU and network bandwidth, brought internet to a halt in Did password guessing and auto-hacking Code Red Attacked IIS, using a buffer overflow, targeted other IIS servers Nimba 5 methods of propagation , network shares, compromised web sites, IIS holes, and backdoors from other worms.

Worm Countermeasures Counter measures Remove un-necessary services Patch OS and applications Beware of

Hoaxes (37) Chain letters, fake virus reports Does not necessarily pose a threat but Wastes employee time and productivity Causes confusion, FUD Could cause users to modify settings Wastes network resources as messages are spread. Wastes IT/helpdesk time. Countermeasures User education Centralized information base and IT communication

Logic Bombs (413) What is a Logic Bomb… anyone? Countermeasures Inventory all software and keep checksums. (tripwire)

Spy Ware (412) We already talked about spyware previously. Anyone care to refresh us?

Malicious Code review Q. How does a virus replicate? Q. How is a virus different than a worm? Q. Why are worms difficult to detect? Q. What is a Logic Bomb.? What is a way a logic bomb usually gets on a system?