4. • “Malicious software” designed to infiltrate a computer without the owner's informed consent.
• Malware includes:
• Computer viruses
• Worms
• Trojan horses
• Backdoors (Method of bypassing normal authentication procedures and usually installed using
Trojan horses or worms.)
• For profit (Spyware, botnets, keyloggers, ransomware, adware and dialers)
Malwares
5. Backdoor or Trapdoor
• secret entry point into a program
• allows those who know access bypassing usual security procedures
• have been commonly used by developers
• a threat when left in production programs allowing exploited by attackers
• very hard to block in OS
• requires good s/w development & update
6.
7. Vital Information Resources Under Seize (Virus)
• A computer virus is a malicious computer program (executable file) that
can copy itself and infect a computer without permission or knowledge
of the user.
• A virus can only spread from one computer to another by:
• Sending it over a network as a file or as an email payload.
• Carrying it on a removable medium.
• Viruses need USER INTERVENTION to spread …
• Some viruses are programmed to damage the computer by damaging
programs, deleting files, or reformatting the hard disk.
• Others are not designed to do any damage, but simply replicate
themselves and perhaps make their presence known by presenting text,
video, or audio messages.
8. Terms used in Virus
• Infection mechanism: The means by which a virus
spreads, enabling it to replicate. The mechanism is also
referred to as the infection vector.
• Trigger: The event or condition that determines when
the payload is activated or delivered.
• Payload: What the virus does, besides spreading. The
payload may involve damage or may involve benign but
noticeable activity.
9. Phase of Virus
• Dormant phase: The virus is idle. The virus will
eventually be activated by some event, such as a date,
the presence of another program or file, or the capacity
of the disk exceeding some limit. Not all viruses have
this stage.
• Propagation phase: The virus places a copy of itself into
other programs or into certain system areas on the disk.
The copy may not be identical to the propagating
version; viruses often morph to evade detection. Each
infected program will now contain a clone of the virus,
which will itself enter a propagation phase.
10. Phase of Virus(cont.)
• Triggering phase: The virus is activated to perform the
function for which it was intended. As with the dormant
phase, the triggering phase can be caused by a variety
of system events, including a count of the number of
times that this copy of the virus has made copies of
itself.
• Execution phase: The function is performed. The
function may be harmless, such as a message on the
screen, or damaging, such as the destruction of
programs and data files.
11. Types of viruses
▪ boot sector
virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks
(some infect the boot sector of the hard disk instead of the MBR).
▪ file infector
virus that usually infects memory and executable files, Once they are in system they remain for a
long time.
▪ macro virus
virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be
performed automatically when the application is started or something else triggers it. Macro
viruses tend to be surprising but relatively harmless.
▪ encrypted virus
virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its
program code to make it difficult to detect. An encrypted virus's code begins with a decryption
algorithm and continues with scrambled or encrypted code for the remainder of the virus.
12. Types of viruses(cont.)
▪ stealth virus
virus that uses various mechanisms to avoid detection by antivirus software
▪ polymorphic virus
virus which is able to modify itself and making clone of it
▪ metamorphic virus
virus that can transform based on the ability to translate, edit and rewrite its own code. It is
considered the most infectious computer virus, and it can do serious damage to a system if it isn't
detected quickly.
15. Worms
• replicating program that propagates over net
==>using email, remote exec, remote login
• has phases like a virus
• may disguise itself as a system process
• implemented by Xerox Palo Alto labs in 1980’s
16. SQL slammer Worm
• In January 2001, the SQL Slammer Worm slowed down global
Internet traffic as a result of DoS.
• The worm exploited a buffer overflow bug in Microsoft's SQL Server.
19. Trojans
• A Trojan is a program that appears, to the user, to perform a
desirable function but, in fact, facilitates unauthorized access
to the user's computer system.
• Trojans may appear to be useful or interesting programs, or at
the very least harmless to an unsuspecting user, but are
actually harmful when executed.
• Trojans are not self-replicating which distinguishes them from
viruses and worms.