Program Threats

  • 6,306 views
Uploaded on

 

More in: Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
6,306
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
133
Comments
2
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Program ThreatsVirus & logic bomb
    Prepared and presented by :
    Medhat Dawoud
    5/10/2010
    1
  • 2. Program threats
    Stack and Buffer
    overflow
    Trojan horse
    Worms
    Trap door
    Logic Bomb
    Virus
    5/10/2010
    2
  • 3. Logic Bomb
    Program that initiates a security incident under certain circumstances.
    Known by the Mentor Programmers (or any other one want to be professional in IT world).
    5/10/2010
    3
  • 4. Virus
    • Code fragment embedded in legitimate program.
    • 5. How do viruses work ?
    • 6. Very specific to CPU architecture, operating system, applications.
    • 7. Usually borne via email or as a macro.
    5/10/2010
    4
  • 8. Virus Con.
    "payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.
    Virus dropper inserts virus onto the system.
    virus signature is a pattern (a series of bytes) that can be used to identify the virus .
    5/10/2010
    5
  • 9. Virus Categories
    Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more categories:
    File
    Boot
    Macro
    Source code
    Polymorphic
    Encrypted
    Stealth
    Tunneling
    Multipartite
    Armored
    5/10/2010
    6
  • 10. File
    Append itself to a file.
    Change the start of the program to its code.
    Known as parasitic viruses.
    usually with extensions .BIN, .COM, .EXE, .OVL, .DRV.
    5/10/2010
    7
  • 11. Boot
    The boot sector carries the Mater Boot Record (MBR) which read and load the operating system.
    Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.
    Executed every time the system is booting.
    Known as memory viruses.
    5/10/2010
    8
  • 12. 5/10/2010
    9
  • 13. Example for :Wreak havoc
    5/10/2010
    10
  • 14. Macro
    Written in a high-level language.
    macros start automatically when a document is opened or closed (word – Excel).
    can be spread through e-mail attachments, discs, networks, modems, and the Internet.
    5/10/2010
    11
  • 15. Viruses for free
    Antivirus with
    Millions $$
    5/10/2010
    12
  • 16. Source code
    Looks for a source code and modifies it to include the virus and to help spread the virus.
    5/10/2010
    13
  • 17. 5/10/2010
    14
  • 18. Polymorphic
    Change virus’s signature each time.
    It’s designed to avoid detection by antivirus software.
    A polymorphic virus acts like a chameleon.
    5/10/2010
    15
  • 19. Encrypted
    Encrypted virus to avoid detection.
    It has a decryption code along with the encrypted virus.
    5/10/2010
    16
  • 20. Stealth
    It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it.
     in fact, the first computer virus,
    was a stealth virus
    5/10/2010
    17
  • 21. Tunneling
    Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection.
    Try to  intercept the actions before the anti-virus software can detect the malicious code.
    5/10/2010
    18
  • 22. Multipartite
    Infect multiple parts of the system.
    Including boot sector, memory, and files.
    So it’s difficult to be detected by the antivirus scanner.
    5/10/2010
    19
  • 23. Armored
    The most dangerous type.
     The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult.
    Virus droppers and other full files which are part of a virus infestation are hidden.
    5/10/2010
    20
  • 24. Any Questions ?
    5/10/2010
    21