Program Threats


Published on

Published in: Education
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Program Threats

  1. 1. Program ThreatsVirus & logic bomb<br />Prepared and presented by :<br />Medhat Dawoud<br />5/10/2010<br />1<br />
  2. 2. Program threats<br />Stack and Buffer<br />overflow<br />Trojan horse<br />Worms <br />Trap door<br />Logic Bomb<br />Virus <br />5/10/2010<br />2<br />
  3. 3. Logic Bomb<br />Program that initiates a security incident under certain circumstances.<br />Known by the Mentor Programmers (or any other one want to be professional in IT world).<br />5/10/2010<br />3<br />
  4. 4. Virus<br /><ul><li>Code fragment embedded in legitimate program.
  5. 5. How do viruses work ?
  6. 6. Very specific to CPU architecture, operating system, applications.
  7. 7. Usually borne via email or as a macro.</li></ul>5/10/2010<br />4<br />
  8. 8. Virus Con.<br />"payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.<br />Virus dropper inserts virus onto the system.<br />virus signature is a pattern (a series of bytes) that can be used to identify the virus .<br />5/10/2010<br />5<br />
  9. 9. Virus Categories<br />Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more categories:<br />File<br />Boot<br />Macro<br />Source code<br />Polymorphic<br />Encrypted<br />Stealth<br />Tunneling<br />Multipartite<br />Armored<br />5/10/2010<br />6<br />
  10. 10. File<br />Append itself to a file.<br />Change the start of the program to its code.<br />Known as parasitic viruses.<br />usually with extensions .BIN, .COM, .EXE, .OVL, .DRV.<br />5/10/2010<br />7<br />
  11. 11. Boot<br />The boot sector carries the Mater Boot Record (MBR) which read and load the operating system.<br />Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.<br />Executed every time the system is booting.<br />Known as memory viruses.<br />5/10/2010<br />8<br />
  12. 12. 5/10/2010<br />9<br />
  13. 13. Example for :Wreak havoc<br />5/10/2010<br />10<br />
  14. 14. Macro<br />Written in a high-level language.<br />macros start automatically when a document is opened or closed (word – Excel).<br />can be spread through e-mail attachments, discs, networks, modems, and the Internet.<br />5/10/2010<br />11<br />
  15. 15. Viruses for free<br />Antivirus with<br />Millions $$<br />5/10/2010<br />12<br />
  16. 16. Source code<br />Looks for a source code and modifies it to include the virus and to help spread the virus.<br />5/10/2010<br />13<br />
  17. 17. 5/10/2010<br />14<br />
  18. 18. Polymorphic<br />Change virus’s signature each time.<br />It’s designed to avoid detection by antivirus software.<br />A polymorphic virus acts like a chameleon.<br />5/10/2010<br />15<br />
  19. 19. Encrypted<br />Encrypted virus to avoid detection.<br />It has a decryption code along with the encrypted virus.<br />5/10/2010<br />16<br />
  20. 20. Stealth<br />It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it.<br /> in fact, the first computer virus,<br /> was a stealth virus<br />5/10/2010<br />17<br />
  21. 21. Tunneling<br />Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection.<br />Try to  intercept the actions before the anti-virus software can detect the malicious code.<br />5/10/2010<br />18<br />
  22. 22. Multipartite<br />Infect multiple parts of the system.<br />Including boot sector, memory, and files.<br />So it’s difficult to be detected by the antivirus scanner.<br />5/10/2010<br />19<br />
  23. 23. Armored<br />The most dangerous type.<br /> The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult.<br />Virus droppers and other full files which are part of a virus infestation are hidden.<br />5/10/2010<br />20<br />
  24. 24. Any Questions ?<br />5/10/2010<br />21<br />