Presentation is loading. Please wait.

Presentation is loading. Please wait.

MALWARE.

Similar presentations


Presentation on theme: "MALWARE."— Presentation transcript:

1 MALWARE

2 Types of Malicious Programs
Virus Worm Logic Bomb Trojan Horse Backdoor(trapdoor) Rootkit Zombie/Bot Spyware/Keyloggers

3 Historical – first mentioned malware
Worm – Moris Internet worm of November 2, 1988 not written to cause damage, but to gauge the size of the Internet Spreading using: Unix sendmail, finger, rsh/rexec Error in spreading logic: if worm already exist do not always spread - only 1 out of 7 times (still flooding the network = DoS) 6,000 major UNIX machines infected – estimated cost $100,000–10,000,000

4 Virus and other malware
Well known malware 1999: Melissa ( ) 2000: ILOVEYOU ( ) 2001: Klez ( ) 2004 Sasser ( ) 2009: Conficker Virus(‘worm’) 2010: Stuxnet (in Iran – purpose to stop nuklear bomb )

5 Nature of Virus Four phases Dormant Phase: The Virus is idle
Propagation Phase: The Virus copying itself Triggering Phase: The event that activate the Virus Execution Phase: The function is performed

6 The Virus structure Small piece of code Briefly: Infect next
While (not trigger activated) wait Do damage To hide (live in stealth) – often compress + encrypt Mutates (change signature) – polymorph Mutates dynamic for each iteration - metamorphic

7 Virus Countermeasures (antivirus)
Ideal: Prevent viruses coming in (not possible) Real life: Detection: is there a virus Identify: which virus Remove: clean up all traces of the virus (perhaps set program in suspension)

8 Virus Countermeasures (antivirus) cont.
How to Recognize signature (file size, code, file name …) simple but work for known viruses – if not too hidden Detect suspicious behavior (write to boot sector, change system files, TSR) complex work for ‘unknown’ viruses Problems to face False positive (find virus – which is not a virus) False negative (do not find a real virus)

9 Virus Countermeasures (antivirus) cont. 2
Advanced Techniques e.g. Generic Decryption (shortened) ‘run’ possible infected files on a cpu-emulator => let the virus unpack/decrypt => now possible to detect from signature

10 Worms Worm Malware: make a copy and propagate by it self i.e. do not need a host-program (like viruses) Structure: more or less the same as virus (try to hide)

11 Worms Countermeasure approaches
In general try to prevent spreading by closing in- and out-going traffic Signature based filtering (no in/out of the signature) Like Firewall – look at content / payload off in/out packets Threshold random walk (TRW) limited no of connecting to diff. networks Rate Limiting / halting stop when some max rate had been exceeded

12 Others Logic Bomb (like salary database trigger)
Rootkit designed to hide the existence of certain processes or programs – i.e. Sony BMG copy protection rootkit scandal Zombie/Bot programs/computers under remote direction Botnet – most wide spread BredoLab/Oficia approx. 30 mill bots (cost bots $ / day)

13 Literature Network Security Essentials 4th ed. Pearson2011 – W. Stalling


Download ppt "MALWARE."

Similar presentations


Ads by Google