Presentation is loading. Please wait.

Presentation is loading. Please wait.

MALWARE.

Published byGervase Dean Modified over 7 years ago

Similar presentations

Presentation on theme: "MALWARE."— Presentation transcript:

1 MALWARE

2 Types of Malicious Programs
Virus Worm Logic Bomb Trojan Horse Backdoor(trapdoor) Rootkit Zombie/Bot Spyware/Keyloggers

3 Historical – first mentioned malware
Worm – Moris Internet worm of November 2, 1988 not written to cause damage, but to gauge the size of the Internet Spreading using: Unix sendmail, finger, rsh/rexec Error in spreading logic: if worm already exist do not always spread - only 1 out of 7 times (still flooding the network = DoS) 6,000 major UNIX machines infected – estimated cost $100,000–10,000,000

4 Virus and other malware
Well known malware 1999: Melissa ( ) 2000: ILOVEYOU ( ) 2001: Klez ( ) 2004 Sasser ( ) 2009: Conficker Virus(‘worm’) 2010: Stuxnet (in Iran – purpose to stop nuklear bomb )

5 Nature of Virus Four phases Dormant Phase: The Virus is idle
Propagation Phase: The Virus copying itself Triggering Phase: The event that activate the Virus Execution Phase: The function is performed

6 The Virus structure Small piece of code Briefly: Infect next
While (not trigger activated) wait Do damage To hide (live in stealth) – often compress + encrypt Mutates (change signature) – polymorph Mutates dynamic for each iteration - metamorphic

7 Virus Countermeasures (antivirus)
Ideal: Prevent viruses coming in (not possible) Real life: Detection: is there a virus Identify: which virus Remove: clean up all traces of the virus (perhaps set program in suspension)

8 Virus Countermeasures (antivirus) cont.
How to Recognize signature (file size, code, file name …) simple but work for known viruses – if not too hidden Detect suspicious behavior (write to boot sector, change system files, TSR) complex work for ‘unknown’ viruses Problems to face False positive (find virus – which is not a virus) False negative (do not find a real virus)

9 Virus Countermeasures (antivirus) cont. 2
Advanced Techniques e.g. Generic Decryption (shortened) ‘run’ possible infected files on a cpu-emulator => let the virus unpack/decrypt => now possible to detect from signature

10 Worms Worm Malware: make a copy and propagate by it self i.e. do not need a host-program (like viruses) Structure: more or less the same as virus (try to hide)

11 Worms Countermeasure approaches
In general try to prevent spreading by closing in- and out-going traffic Signature based filtering (no in/out of the signature) Like Firewall – look at content / payload off in/out packets Threshold random walk (TRW) limited no of connecting to diff. networks Rate Limiting / halting stop when some max rate had been exceeded

12 Others Logic Bomb (like salary database trigger)
Rootkit designed to hide the existence of certain processes or programs – i.e. Sony BMG copy protection rootkit scandal Zombie/Bot programs/computers under remote direction Botnet – most wide spread BredoLab/Oficia approx. 30 mill bots (cost bots $ / day)

13 Literature Network Security Essentials 4th ed. Pearson2011 – W. Stalling

Download ppt "MALWARE."

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Lecture 14 Malicious Software (cont) modified from slides of Lawrie Brown.

Lecture 14 Malicious Software (cont) modified from slides of Lawrie Brown.
Chapter 14 Computer Security Threats

Chapter 14 Computer Security Threats
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
After this session, you should be able to:

After this session, you should be able to:
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.

Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.
By:Tanvi lotliker TE COMPUTER

By:Tanvi lotliker TE COMPUTER
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
Malicious Software Malicious Software Han Zhang & Ruochen Sun.

Malicious Software Malicious Software Han Zhang & Ruochen Sun.
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Malicious Software.

1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google