Download presentation
Presentation is loading. Please wait.
1
NET 311 Information Security
Networks and Communication Department Lecture 7: Malicious Software (Cont.) (Chapter 21)
2
lecture contents: Malicious Software Trojan horses Worms Backdoors
Spammers 19-Sep-18 Networks and Communication Department
3
Trojan Horse A program that appears to have some useful purpose, but really masks some hidden malicious functionality Usually superficially attractive with hidden side-effects ** eg game, s/w upgrade etc when run performs some additional tasks allows attacker to indirectly gain access they do not have directly Often used to propagate a virus/worm or install a backdoor or simply to destroy data 19-Sep-18 Networks and Communication Department
4
Trojans Unlike viruses, Trojan horses do not replicate themselves .
Unlike viruses, which are just bad tricks, Trojan horses usually attempt to do something useful for their creator The main use of Trojans is to collect information from your computer This is why they are called spyware 19-Sep-18 Networks and Communication Department
5
Trojans’ behaviour Simple examples of typical behavior of a Trojan include: Attempting to send messages to its creator. Opening a TCP/IP port on your computer, to allow its creator to connect to your computer. 19-Sep-18 Networks and Communication Department
6
How Trojans collect information
Keystroke trackers (also known as keystroke recorders) – record what the user has typed Fake login screens – they emulate login to find out your password Garbage trackers – they look in the RAM or on the disk for documents which might be encrypted when they are stored in files. - 85% of documents edited yesterday can be found in unused sectors of the hard drive 6
7
Protection against Trojans
Before your computer is infected: * Do not download software from untrusted sources When your computer is infected: * Checking logs * Using sandboxes (what is a sandbox?) * Using firewalls (what is a firewall?) 7
8
Worms A worm is a self-replicating piece of code that spreads via networks and usually doesn’t require human interaction to propagate. Example: Melissa virus from the previous lecture could be also classified as a worm
9
Trapdoors/backdoors A backdoor is a secret entry point to a program .
It allows attackers to bypass normal security procedures, gaining access on the attacker’s own terms. a threat when left in production programs allowing exploited by attackers requires good s/w development & update (this is the definition given with respect to one separate program) A backdoor, or trapdoor, is a secret entry point into a program that allows someone that is aware of it to gain access without going through the usual security access procedures. Have been used legitimately for many years to debug and test programs, but become a threat when left in production programs, allowing intruders to gain unauthorized access. It is difficult to implement operating system controls for backdoors. Security measures must focus on the program development and software update activities. A BACKDOOR HAS multiple meanings. It can refer to a legitimate point of access embedded in a system or software program for remote administration. Generally this kind of backdoor is undocumented and is used for the maintenance and upkeep of software or a system. Some administrative backdoors are protected with a hardcoded username and password that cannot be changed; though some use credentials that can be altered. Often, the backdoor’s existence is unknown to the system owner and is known only to the software maker. Built-in administrative backdoors create a vulnerability in the software or system that intruders can use to gain access to a system or data. Attackers also can install their own backdoor on a targeted system. Doing so allows them to come and go as they please and gives them remote access to the system. Malware installed on systems for this purpose is often called a remote access Trojan, or a RAT, and can be used to install other malware on the system or exfiltrate data. A programmer may sometimes install a backdoor so that the program can be accessed for troubleshooting and testing. 9
10
Backdoors (relative to one program)
11
Trapdoors/backdoors A backdoor is a is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms. (this is the definition given with respect to the whole computer system)
12
Backdoors (relative to a computer)
A program to be infected
13
Backdoors Remote execution of individual commands
Remote command-line access Remote control of the GUI
14
Code in e-mail messages
These are simple techniques which an attacker can use. It is possible to include executable code (e.g. JavaScript) in messages. This can be used to collect information about the receiver of the message. In more dangerous cases, the code can affect the work of the receiver’s computer
15
Code in e-mail messages
Example: spammers check the validity of addresses using HTML messages <html> <body> <imgsrc=“ </body> </html>
16
How spammers check the validity of e-mail addresses
The idea is as follows. the spammer generates a numbered list of addresses, for example: 1 2 ………… 3495 The spammer sends a message to each address, which includes the number of this address in the list as an argument of a script 19-Sep-18 Networks and Communication Department
17
Code in e-mail messages
<img src=“
18
Code in e-mail messages
Spammers can organize a denial-of-service attack using images in messages. Messages are sent to multiple addresses, including a request of information from a server. <img src=“ Distributed denial of service (DDoS) attacks present a significant security threat to corporations, and the threat appears to be growing. DDoS attacks make computer systems inaccessible by flooding servers, networks, or even end user systems with useless traffic so that legitimate users can no longer gain access to those resources. In a typical DDoS attack, a large number of compromised (zombie) hosts are amassed to send useless packets. In recent years, the attack methods and tools have become more sophisticated, effective, and more difficult to trace to the real attackers, while defense technologies have been unable to withstand large-scale attacks. 19-Sep-18 Networks and Communication Department
19
Code in e-mail messages
<img src=“
20
References Cryptography and Network Security: Principles and practice’, William Stallings Fifth edition, Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter 21 – “Malicious Software”. Lecture slides by Dr Alexei Vernitski, University of Essex , 2013 19-Sep-18 Networks and Communication Department
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.