SlideShare a Scribd company logo

Autoimmune computer virus

U
UltraUploader
1 of 10
Download to read offline
Autoimmune viruses © Alberto Cammozzo Oct 2005 1 Autoimmune computer virus October 2005 Alberto Cammozzo mmzz -at- stat.unipd.it
Autoimmune viruses © Alberto Cammozzo Oct 2005 2 Autoimmune biological virus «The immune system is a complicated network of cells and cell components (called molecules) that normally work to defend the body and eliminate infections caused by bacteria, viruses, and other invading microbes If a person has an autoimmune disease, the immune system mistakenly attacks self, targeting the cells, tissues, and organs of a person's own body.» NIH Publication No. 98-427 Understanding Autoimmune Diseases - May 1998 http://www.niaid.nih.gov/publications/autoimmune/autoimmune.htm
Autoimmune viruses © Alberto Cammozzo Oct 2005 3 Antivirus aware computer viruses «Many viruses are able to recognize certain anti-virus software, and respond differently to such software than to programs designed for other purposes. Some viruses go after the databases stored by anti-virus products. Some viruses simply go after anti-virus products, trying to erase them.» David Stang – Fighting Computer Virus Infection through Auto-Immune Responses - Applying Principles of Life to Anti-Virus Technology http://vx.netlux.org/lib/ads01.html
Autoimmune viruses © Alberto Cammozzo Oct 2005 4 Autoimmune computer viruses (AICV) are not new «Biological immune disorders in which host defenses turn against the host and actually cause damage are known as autoimmune diseases. Computer autoimmune disorders parallel their biological counterparts. Recently, a warning (defense mechanism used by computer users) turned out to be a not-so-harmless hoax. The hoax warning stated that certain files were infected by a computer virus. Heeding the warning, unsuspecting computer users removed the affected utility files from their computers' operating systems .» Trudy M. Wassenaar and Martin J. Blaser – Contagion on the Internet – Letter to Emerging Infectious Diseases Journal , March 2002 - National Center for Infectious Diseases http://www.cdc.gov/ncidod/EID/vol8no3/01-0286.htm
Autoimmune viruses © Alberto Cammozzo Oct 2005 5 How an antivirus works ● Each antivirus firm has its own antivirus database file: – containing viruses definitions or fingerprints, – updated when needed (e.g. new virus comes up). ● Antivirus client downloads frequently the updated database file from the antivirus' producer web/ftp servers. Antivirus engine runs on client's PC/server with the updated definitions of viruses from the new database file. Antivirus client will remove or quarantine files which fingerprint is in the updated database file. ● In corporate context there usually are intermediate servers.
Autoimmune viruses © Alberto Cammozzo Oct 2005 6 Threats exploiting the antivirus itself ● We alredy have malware that interferes with antivirus systems, preventing detection. ● What happens if the virus database file itself can be corrupted? – Misleading effect on antivirus's behaviour. – Making the antivirus itself damage the system it is intended to protect.
Autoimmune viruses © Alberto Cammozzo Oct 2005 7 Possible actions from an AICV ● Deletion of non-viral files from the file-system, adding their fingerprint in the database file file. – e.g. an antivirus treating as infected files beginning with string 'MZ' will delete all .EXE files. ● Allowing viruses to spread, removing their fingerprint from database file: – prevents detection of viruses that otherwise would be detected. – enables a perfect virus time-bomb: the virus silently floods the net, undetected, activating itself at a given time.
Autoimmune viruses © Alberto Cammozzo Oct 2005 8 What AV producers should do ● Technical: – Having the database file digitally signed (not encrypted) and keys properly managed. ● Make us know: – how virus database files are digitally signed, so that anyone can verify them, – how virus database files and keys are managed, to check them. – please, show us the source code.
Autoimmune viruses © Alberto Cammozzo Oct 2005 9 What we can do ● Avoiding the dangers of software monocultures: – Push BITdiversity: Biodiversity applied to IT environment: don't stick to a single O.S. – Beware of antivirus monopoly. ● Rethink redundancy: – OS redundancy: push multiple different operating systems on the key servers and clients. If the virus attacks one OS, the other will likely be safe. Traditional redundancy will fail. – Avir Redundancy: having multiple simultaneous antivirus systems with different signature files. ● Keep the data safe. – be prepared to access to your data from a different OS. – avoid proprietary data formats as hell.
Autoimmune viruses © Alberto Cammozzo Oct 2005 10 END

Recommended

Antivirus ppt
Antivirus pptAntivirus ppt
Antivirus ppt
nikkinikhita
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
Shreya Singireddy
 
Avast! antivirus protection
Avast! antivirus protectionAvast! antivirus protection
Avast! antivirus protection
Pusat Latihan Teknologi Tinggi (Adtec) Taiping
 
Anti virus
Anti virusAnti virus
Anti virus
Marlon San Luis
 
Anti virus
Anti virusAnti virus
Anti virus
Muhammad Sohaib Afzaal
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
Shreya Singireddy
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?
culltdueet65
 
Virus and Antivirus
Virus and AntivirusVirus and Antivirus
Virus and Antivirus
BordaArka
 

Recommended

Antivirus ppt
Antivirus pptAntivirus ppt
Antivirus ppt
nikkinikhita
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
Shreya Singireddy
 
Avast! antivirus protection
Avast! antivirus protectionAvast! antivirus protection
Avast! antivirus protection
Pusat Latihan Teknologi Tinggi (Adtec) Taiping
 
Anti virus
Anti virusAnti virus
Anti virus
Marlon San Luis
 
Anti virus
Anti virusAnti virus
Anti virus
Muhammad Sohaib Afzaal
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
Shreya Singireddy
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?
culltdueet65
 
Virus and Antivirus
Virus and AntivirusVirus and Antivirus
Virus and Antivirus
BordaArka
 
Viruses,antiviruses & firewalls
Viruses,antiviruses & firewallsViruses,antiviruses & firewalls
Viruses,antiviruses & firewalls
Jay Shah
 
Copy of antiviruse
Copy of antiviruseCopy of antiviruse
Copy of antiviruse
SWAMY NAYAK
 
Cataluña antivirus program
Cataluña antivirus programCataluña antivirus program
Cataluña antivirus program
Jennifer Cataluña
 
Cataluña antivirus programs paper
Cataluña antivirus programs paperCataluña antivirus programs paper
Cataluña antivirus programs paper
Jennifer Cataluña
 
Hamilton lara 2011
Hamilton lara 2011Hamilton lara 2011
Hamilton lara 2011
Lorie Jane Abao
 
Antivirus And Malware Protection
Antivirus And Malware ProtectionAntivirus And Malware Protection
Antivirus And Malware Protection
reasonsecurity
 
Taylor 1
Taylor 1Taylor 1
Taylor 1
brittneytaylor
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPt
Arnab Singha
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by Ilakia
ILAKIA
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
Shabnam Bashir
 
Lab 2
Lab 2Lab 2
Lab 2
novelinbabate2
 
Computer virus
Computer virusComputer virus
Computer virus
Flora Runyenje
 
Antivirus
AntivirusAntivirus
Antivirus
ava & araf co.
 
Virus & anti-virus
Virus & anti-virus Virus & anti-virus
Virus & anti-virus
Jayesh Naik
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Yousef Bahaa
 
An introduction to computer viruses
An introduction to computer virusesAn introduction to computer viruses
An introduction to computer viruses
UltraUploader
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Yousef Bahaa
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programs
Anuj Pawar
 
information about virus
information about virusinformation about virus
information about virus
toshan badiye
 
Automatic static unpacking of malware binaries
Automatic static unpacking of malware binariesAutomatic static unpacking of malware binaries
Automatic static unpacking of malware binaries
UltraUploader
 
An internet worm early warning system
An internet worm early warning systemAn internet worm early warning system
An internet worm early warning system
UltraUploader
 
A pilot study on college student's attitudes toward computer virus
A pilot study on college student's attitudes toward computer virusA pilot study on college student's attitudes toward computer virus
A pilot study on college student's attitudes toward computer virus
UltraUploader
 

More Related Content

What's hot

Cataluña antivirus programs paper
Cataluña antivirus programs paperCataluña antivirus programs paper
Cataluña antivirus programs paper
Jennifer Cataluña
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by Ilakia
ILAKIA
 
An introduction to computer viruses
An introduction to computer virusesAn introduction to computer viruses
An introduction to computer viruses
UltraUploader
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programs
Anuj Pawar
 

What's hot (19)

Viruses,antiviruses & firewalls
Viruses,antiviruses & firewallsViruses,antiviruses & firewalls
Viruses,antiviruses & firewalls
 
Copy of antiviruse
Copy of antiviruseCopy of antiviruse
Copy of antiviruse
 
Cataluña antivirus program
Cataluña antivirus programCataluña antivirus program
Cataluña antivirus program
 
Cataluña antivirus programs paper
Cataluña antivirus programs paperCataluña antivirus programs paper
Cataluña antivirus programs paper
 
Hamilton lara 2011
Hamilton lara 2011Hamilton lara 2011
Hamilton lara 2011
 
Antivirus And Malware Protection
Antivirus And Malware ProtectionAntivirus And Malware Protection
Antivirus And Malware Protection
 
Taylor 1
Taylor 1Taylor 1
Taylor 1
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPt
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by Ilakia
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
 
Lab 2
Lab 2Lab 2
Lab 2
 
Computer virus
Computer virusComputer virus
Computer virus
 
Antivirus
AntivirusAntivirus
Antivirus
 
Virus & anti-virus
Virus & anti-virus Virus & anti-virus
Virus & anti-virus
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
An introduction to computer viruses
An introduction to computer virusesAn introduction to computer viruses
An introduction to computer viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programs
 
information about virus
information about virusinformation about virus
information about virus
 

Viewers also liked

Automatic static unpacking of malware binaries
Automatic static unpacking of malware binariesAutomatic static unpacking of malware binaries
Automatic static unpacking of malware binaries
UltraUploader
 
An internet worm early warning system
An internet worm early warning systemAn internet worm early warning system
An internet worm early warning system
UltraUploader
 
A pilot study on college student's attitudes toward computer virus
A pilot study on college student's attitudes toward computer virusA pilot study on college student's attitudes toward computer virus
A pilot study on college student's attitudes toward computer virus
UltraUploader
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulators
UltraUploader
 
A history of computer viruses three special viruses
A history of computer viruses three special virusesA history of computer viruses three special viruses
A history of computer viruses three special viruses
UltraUploader
 
Artificial immune systems and the grand challenge for non classical computation
Artificial immune systems and the grand challenge for non classical computationArtificial immune systems and the grand challenge for non classical computation
Artificial immune systems and the grand challenge for non classical computation
UltraUploader
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer viruses
UltraUploader
 
A failure to learn from the past
A failure to learn from the pastA failure to learn from the past
A failure to learn from the past
UltraUploader
 
Are handheld viruses a significant threat
Are handheld viruses a significant threatAre handheld viruses a significant threat
Are handheld viruses a significant threat
UltraUploader
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...
UltraUploader
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superworm
UltraUploader
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manual
UltraUploader
 
Anti virus product evaluation in the real world
Anti virus product evaluation in the real worldAnti virus product evaluation in the real world
Anti virus product evaluation in the real world
UltraUploader
 
Are computer hacker break ins ethical
Are computer hacker break ins ethicalAre computer hacker break ins ethical
Are computer hacker break ins ethical
UltraUploader
 
Applied parallel coordinates for logs and network traffic attack analysis
Applied parallel coordinates for logs and network traffic attack analysisApplied parallel coordinates for logs and network traffic attack analysis
Applied parallel coordinates for logs and network traffic attack analysis
UltraUploader
 

Viewers also liked (15)

Automatic static unpacking of malware binaries
Automatic static unpacking of malware binariesAutomatic static unpacking of malware binaries
Automatic static unpacking of malware binaries
 
An internet worm early warning system
An internet worm early warning systemAn internet worm early warning system
An internet worm early warning system
 
A pilot study on college student's attitudes toward computer virus
A pilot study on college student's attitudes toward computer virusA pilot study on college student's attitudes toward computer virus
A pilot study on college student's attitudes toward computer virus
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulators
 
A history of computer viruses three special viruses
A history of computer viruses three special virusesA history of computer viruses three special viruses
A history of computer viruses three special viruses
 
Artificial immune systems and the grand challenge for non classical computation
Artificial immune systems and the grand challenge for non classical computationArtificial immune systems and the grand challenge for non classical computation
Artificial immune systems and the grand challenge for non classical computation
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer viruses
 
A failure to learn from the past
A failure to learn from the pastA failure to learn from the past
A failure to learn from the past
 
Are handheld viruses a significant threat
Are handheld viruses a significant threatAre handheld viruses a significant threat
Are handheld viruses a significant threat
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superworm
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manual
 
Anti virus product evaluation in the real world
Anti virus product evaluation in the real worldAnti virus product evaluation in the real world
Anti virus product evaluation in the real world
 
Are computer hacker break ins ethical
Are computer hacker break ins ethicalAre computer hacker break ins ethical
Are computer hacker break ins ethical
 
Applied parallel coordinates for logs and network traffic attack analysis
Applied parallel coordinates for logs and network traffic attack analysisApplied parallel coordinates for logs and network traffic attack analysis
Applied parallel coordinates for logs and network traffic attack analysis
 

Similar to Autoimmune computer virus

Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
sankhadeep
 
A distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemA distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune system
UltraUploader
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
Sejahtera Affif
 
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Cimab Butt
 

Similar to Autoimmune computer virus (20)

Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And Antivirus
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
A distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemA distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune system
 
Computer virus and cyber attack
Computer virus and cyber attackComputer virus and cyber attack
Computer virus and cyber attack
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
anti_virus
anti_virusanti_virus
anti_virus
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer viruses
 
Virus and antivirus
Virus and antivirus Virus and antivirus
Virus and antivirus
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PC
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
 
Virus-Awareness
Virus-AwarenessVirus-Awareness
Virus-Awareness
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 

More from UltraUploader

01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hacking
UltraUploader
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
UltraUploader
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
UltraUploader
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale
UltraUploader
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)
UltraUploader
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)
UltraUploader
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
UltraUploader
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
UltraUploader
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
UltraUploader
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
UltraUploader
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
UltraUploader
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassembly
UltraUploader
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
UltraUploader
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
UltraUploader
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networks
UltraUploader
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signals
UltraUploader
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
UltraUploader
 

More from UltraUploader (20)

1 (1)
1 (1)1 (1)
1 (1)
 
01 intro
01 intro01 intro
01 intro
 
01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hacking
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
 
Blast off!
Blast off!Blast off!
Blast off!
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassembly
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networks
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signals
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
 

Autoimmune computer virus

  • 1. Autoimmune viruses © Alberto Cammozzo Oct 2005 1 Autoimmune computer virus October 2005 Alberto Cammozzo mmzz -at- stat.unipd.it
  • 2. Autoimmune viruses © Alberto Cammozzo Oct 2005 2 Autoimmune biological virus «The immune system is a complicated network of cells and cell components (called molecules) that normally work to defend the body and eliminate infections caused by bacteria, viruses, and other invading microbes If a person has an autoimmune disease, the immune system mistakenly attacks self, targeting the cells, tissues, and organs of a person's own body.» NIH Publication No. 98-427 Understanding Autoimmune Diseases - May 1998 http://www.niaid.nih.gov/publications/autoimmune/autoimmune.htm
  • 3. Autoimmune viruses © Alberto Cammozzo Oct 2005 3 Antivirus aware computer viruses «Many viruses are able to recognize certain anti-virus software, and respond differently to such software than to programs designed for other purposes. Some viruses go after the databases stored by anti-virus products. Some viruses simply go after anti-virus products, trying to erase them.» David Stang – Fighting Computer Virus Infection through Auto-Immune Responses - Applying Principles of Life to Anti-Virus Technology http://vx.netlux.org/lib/ads01.html
  • 4. Autoimmune viruses © Alberto Cammozzo Oct 2005 4 Autoimmune computer viruses (AICV) are not new «Biological immune disorders in which host defenses turn against the host and actually cause damage are known as autoimmune diseases. Computer autoimmune disorders parallel their biological counterparts. Recently, a warning (defense mechanism used by computer users) turned out to be a not-so-harmless hoax. The hoax warning stated that certain files were infected by a computer virus. Heeding the warning, unsuspecting computer users removed the affected utility files from their computers' operating systems .» Trudy M. Wassenaar and Martin J. Blaser – Contagion on the Internet – Letter to Emerging Infectious Diseases Journal , March 2002 - National Center for Infectious Diseases http://www.cdc.gov/ncidod/EID/vol8no3/01-0286.htm
  • 5. Autoimmune viruses © Alberto Cammozzo Oct 2005 5 How an antivirus works ● Each antivirus firm has its own antivirus database file: – containing viruses definitions or fingerprints, – updated when needed (e.g. new virus comes up). ● Antivirus client downloads frequently the updated database file from the antivirus' producer web/ftp servers. Antivirus engine runs on client's PC/server with the updated definitions of viruses from the new database file. Antivirus client will remove or quarantine files which fingerprint is in the updated database file. ● In corporate context there usually are intermediate servers.
  • 6. Autoimmune viruses © Alberto Cammozzo Oct 2005 6 Threats exploiting the antivirus itself ● We alredy have malware that interferes with antivirus systems, preventing detection. ● What happens if the virus database file itself can be corrupted? – Misleading effect on antivirus's behaviour. – Making the antivirus itself damage the system it is intended to protect.
  • 7. Autoimmune viruses © Alberto Cammozzo Oct 2005 7 Possible actions from an AICV ● Deletion of non-viral files from the file-system, adding their fingerprint in the database file file. – e.g. an antivirus treating as infected files beginning with string 'MZ' will delete all .EXE files. ● Allowing viruses to spread, removing their fingerprint from database file: – prevents detection of viruses that otherwise would be detected. – enables a perfect virus time-bomb: the virus silently floods the net, undetected, activating itself at a given time.
  • 8. Autoimmune viruses © Alberto Cammozzo Oct 2005 8 What AV producers should do ● Technical: – Having the database file digitally signed (not encrypted) and keys properly managed. ● Make us know: – how virus database files are digitally signed, so that anyone can verify them, – how virus database files and keys are managed, to check them. – please, show us the source code.
  • 9. Autoimmune viruses © Alberto Cammozzo Oct 2005 9 What we can do ● Avoiding the dangers of software monocultures: – Push BITdiversity: Biodiversity applied to IT environment: don't stick to a single O.S. – Beware of antivirus monopoly. ● Rethink redundancy: – OS redundancy: push multiple different operating systems on the key servers and clients. If the virus attacks one OS, the other will likely be safe. Traditional redundancy will fail. – Avir Redundancy: having multiple simultaneous antivirus systems with different signature files. ● Keep the data safe. – be prepared to access to your data from a different OS. – avoid proprietary data formats as hell.
  • 10. Autoimmune viruses © Alberto Cammozzo Oct 2005 10 END