SlideShare a Scribd company logo

Virus and Malicious Code Chapter 5

Download as PPT, PDF
AfiqEfendy Zaen
AfiqEfendy Zaen
Technology
1 of 29
Chapter 5Chapter 5 Virus and Malicious CodeVirus and Malicious Code
Malicious CodeMalicious Code ► Malicious code can be a program or part of aMalicious code can be a program or part of a program; a program part can even attach itself toprogram; a program part can even attach itself to another (good) program so that malicious effectanother (good) program so that malicious effect occurs whenever the good program runs.occurs whenever the good program runs. ► Malicious code can do anything other program canMalicious code can do anything other program can such as writing a message on a computer screen,such as writing a message on a computer screen, stopping a running program, generating a soundstopping a running program, generating a sound or erasing a stored file – malicious code can evenor erasing a stored file – malicious code can even do nothing at all.do nothing at all.
Malicious CodeMalicious Code So…..So….. ► What is a malicious code?What is a malicious code? ► How can it take control of a system?How can it take control of a system? ► How can it lodge in a system?How can it lodge in a system? ► How does malicious code spread?How does malicious code spread? ► How can it be recognized?How can it be recognized? ► How can it be stopped?How can it be stopped?
Malicious CodeMalicious Code Types of Malicious Code ► Virus – attach itself to program and propagates copies of itself to other programs. ► Trojan Horse – contain unexpected, additional functionality. ► Logic bomb – triggers action when condition occur. ► Time bomb - triggers action when specific time occur. ► Trapdoor – allows unauthorized access to functionality. ► Worm – propagates copies of itself through network. ► Rabbit – as a virus or worm replicates itself without limit to exhaust resources.
VirusVirus ► A virus  A program that pass on malicious code to other non malicious (program) by modifying them.  Similar to biological virus, it infects healthy subjects  Infects a program by attaching the program ►Destroy the program or coexist with it. ►A good program, once infected becomes a carrier and infects other program. ►Either transient or resident (stand alone).
Trojan HorseTrojan Horse ►Trojan Horse  A malicious code, in addition to primary effect, it has a malicious effect.  Example 1: a login scripts that solicits a user’s identification and password, passes the info to the system for logging processing and keeps a copy for malicious purpose.  Example 2: a cat command that displays text and sends a copy of the text to somewhere else.
TrapdoorTrapdoor ► Trapdoor/ backdoor  A feature in a program by which someone can access the program using special privilege.  e.g. ATM provides 990099 to execute something
WormWorm ►Worm  Spread copies of itself through a network.  Worm through network and virus through other medium.  Spread itself as a stand-alone program.
Trapdoors ► A secret, undocumented entry point into a module which allows a specialized access. ► The trapdoor is inserted during code development  Test the modules, allow access in events of error ► Trapdoor are vulnerabilities because they expose the system to modification during execution. ► The programmer usually removes trapdoors during program development. But sometimes,  forget to remove them  leaves them in the program for testing and maintenance  or as a covert means of access to the routine after it becomes an accepted production program.
Trapdoors ► It can be used by anyone who discovers the trapdoor by accident or exhaustive trials. ► Examples of trapdoors in program development which can be abused  Debugging/testing software modules using drivers and stubs and debug control sequences  Poor quality program, e.g use of CASE statement which captures all “defaults”  Unused opcodes in hardware design which can be exploited to do other undocumented things ► Trapdoors are generally desirable in program development  auditors introduce fictitious transaction and trace the effect  important for program maintenance
How Viruses Attach?How Viruses Attach? (1) Appended Virus Original Program + Virus code = Original Program Virus code
How Viruses Attach?How Viruses Attach? (1) Appended Viruses ►A virus attaches itself to a program. ►Whenever the program runs, the virus is activated. ►A virus simply inserts a copy of itself into the program file before the first executable instruction, so that all the virus instruction are completely executed and then followed by the real program instruction.
How Viruses Attach?How Viruses Attach? (2) Viruses that surround a program(2) Viruses that surround a program Virus code Original Program Virus code (Part a) Original program Virus code (part b) This kind of virus that runs the original program but has control before and after its execution.
How Viruses Attach?How Viruses Attach? (3) Integrated Viruses and Replacement Original Program + Virus Code = Modified program
How Viruses Attach?How Viruses Attach? (3) Integrated Viruses and Replacement ► A virus might replace some of its target, integrating itself into the original code of the target. ► Finally, the virus can replace the entire target, either mimicking the effect of the target or ignoring the expected effect of the target and performing only the virus effect.
How Viruses Gain Control?How Viruses Gain Control? (1) Overwriting Target T T File Directory A) Overwriting T V V Disk storage Before After
How Viruses Gain Control?How Viruses Gain Control? (1) Overwriting Target ► The virus (V) has to be invoked instead of the target (T). ► The virus (V) either has to be seen to be T, saying effectively “I’m T” ► Or the virus (V) has to push T out of the way and become a substitute for T, saying effectively “call me instead of T”
How Viruses Gain Control?How Viruses Gain Control? (2) Changing Pointers T T B ) Changing Pointer T V T V The virus change the pointers in the file table so that V is located instead of T whenever T is accessed through the file system.
Home for VirusesHome for Viruses Boot Sector Viruses ► A special case of virus attachment, but a fairly a popular one. ► When a computer is started, control start with a firmware that determines which hardware components are present, test them and transfer control to OS. ► The OS is software stored on disk. The OS has to start with code that copies it from disk to memory and transfers control to it, called bootstrap load. ► Booting: The firmware read the boot sector( a fixed location on the h/disk) to a fixed location on memory and jump to the address that contain bootstrap loader.
Home for VirusesHome for Viruses ► The loader load the OS to the memory. ► Boot sector on PC is less than 512 byte ► Chaining is used to support big bootstrap ► This mechanism can be utilized by virus installation ► Virus writer can break the chain and point to the virus code and reconnect the chain after virus installation ► The advantage: virus gains control early during the boot process. ► Hiding in the boot area which is not accessible by users.
Home for VirusesHome for Viruses Bootstrap loader System initialize Bootstrap loaderSystem initialize Virus code Before Infection After Infection Boot Sector Boot Sector Other sectors Other sectors
Home for VirusesHome for Viruses A virus can: ► attach itself to the system files IO.SYS or MSDOS.SYS ► attach itself to any other program loaded because of an entry in CONFIG.SYS or AUTOEXEC.BAT or ► add an entry to CONFIG>SYS or AUTOEXEC.BAT to cause it to be loaded ► Example: CIH virus, BRAIN virus
Home for VirusesHome for Viruses Memory-Resident Viruses ► Some part of OS or program execute, terminate and disappears, with their space in memory being available for anything executed later. ► Frequently used code remain in special memory and is called “resident code” or TSR. ► Virus writers also like to attach viruses to resident code because it is activated many times while the machine is running. ► Each time the resident code runs, the virus does too ► Once activated, the virus can look for and infect uninfected carrier ► Virus may target the uninfected diskette.
Home for VirusesHome for Viruses Other Homes For Viruses ► A popular home for viruses is an application program. ► Word Processing and spreadsheet has a macro where users may record a series of commands with a single invocation ► Writer may create a startup macro that contains virus ► It also embeds a copy of itself in data files so that the infection spread to anyone receiving it ► Libraries are also excellent places for viruses. Because it is used by many program and thus the code in them has broad effect and also shared between users
Virus SignatureVirus Signature ► A virus code cannot be completely invisible. ► Code must be in memory to be executed. ► Viruses has their own characteristic/behavior – signature (1) Storage pattern - viruses that attach to programs that are stored on disks.  The attached virus piece is invariant, so that the start of the virus code becomes a detectable signature.  Small portion but JUMP to virus module
Virus SignatureVirus Signature (2) Execution Pattern ► A virus writer may want a virus to do several things:  spread infection  avoid detection  cause harm - The harm that a virus can cause is unlimited ► Do nothing ► Display message on the screen ► Play music ► Erase file/entire disk ► Prevent booting ► Writing on the h/disk
Virus SignatureVirus Signature (3) Transmission pattern ► A virus also has to have some means of transmission from one disk to another ► Viruses can travel during the boot process, with an executable file, or in data files. ► Viruses travel during execution of an infected program. ► Because a virus can execute any instruction a program can, virus travel is not confined to any single medium or execution pattern.
Virus SignatureVirus Signature (4) Polymorphic Viruses ►Is a virus that can change its appearance. ►“Poly” means “many” and “morph” means “form”. ►To avoid detection, not every copy of a polymorphic virus has to differ from every other copy.
Preventing VirusPreventing Virus ► Use only commercial software acquired from reliable, well established vendors. ► Test all new software on an isolated computers. ► Make a bootable diskettes and store it safely - write protect before booting ► Make and retain backup copies of executable system files. ► Use virus detectors regularly. ► Don’t trust any source from outside until its been test first.

Recommended

Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threatsAzri Abdin
 
Virus
VirusVirus
Virus
Protik Roy
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Rootkits
RootkitsRootkits
Rootkits
TharinduUdaraRanasin
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
 
Program security
Program securityProgram security
Program security
G Prachi
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
sandeep shergill
 

Recommended

Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threatsAzri Abdin
 
Virus
VirusVirus
Virus
Protik Roy
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Rootkits
RootkitsRootkits
Rootkits
TharinduUdaraRanasin
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
 
Program security
Program securityProgram security
Program security
G Prachi
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
sandeep shergill
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
Education
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Windows Security
Windows Security Windows Security
Windows Security
Pooja Talreja
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
Madhusudhan G
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
DEEPAK948083
 
Computer virus
Computer virusComputer virus
Computer virusRahul Baghla
 

More Related Content

What's hot

Lecture 3
Lecture 3Lecture 3
Lecture 3
Education
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Windows Security
Windows Security Windows Security
Windows Security
Pooja Talreja
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
Madhusudhan G
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 

What's hot (20)

Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Malware
MalwareMalware
Malware
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 
Windows Security
Windows Security Windows Security
Windows Security
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 

Similar to Virus and Malicious Code Chapter 5

5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
DEEPAK948083
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptx
SridharChowdary10
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_study
dilsherece
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solutionManoj Dongare
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent themkrunal gandhi
 
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogSality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
TotalDefense
 
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Cimab Butt
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
Prasad Athukorala
 
11 virus vs. antivirus
11 virus vs. antivirus11 virus vs. antivirus
11 virus vs. antivirus
singhhp10699
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
Nishant Reshwal
 
Viruses notes
Viruses notesViruses notes
Viruses notes
Dara Corporates
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer virus & its cure
Computer virus & its cure Computer virus & its cure
Computer virus & its cure
shubhamverma2711
 

Similar to Virus and Malicious Code Chapter 5 (20)

5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
 
Computer virus
Computer virusComputer virus
Computer virus
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptx
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_study
 
Compter virus and its solution
Compter virus and its solutionCompter virus and its solution
Compter virus and its solution
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent them
 
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense BlogSality, a parasitic virus gets a upgrade – TotalDefense Blog
Sality, a parasitic virus gets a upgrade – TotalDefense Blog
 
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)Virusandantivirusfinalppt 110413033802-phpapp02 (1)
Virusandantivirusfinalppt 110413033802-phpapp02 (1)
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & Malware
 
virus
virusvirus
virus
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 
11 virus vs. antivirus
11 virus vs. antivirus11 virus vs. antivirus
11 virus vs. antivirus
 
Computer virus 2
Computer virus 2Computer virus 2
Computer virus 2
 
Viruses notes
Viruses notesViruses notes
Viruses notes
 
Virus
VirusVirus
Virus
 
over view of viruses
over view of virusesover view of viruses
over view of viruses
 
Presentation2
Presentation2Presentation2
Presentation2
 
Computer virus & its cure
Computer virus & its cure Computer virus & its cure
Computer virus & its cure
 

More from AfiqEfendy Zaen

Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6AfiqEfendy Zaen
 
Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4AfiqEfendy Zaen
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2AfiqEfendy Zaen
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2AfiqEfendy Zaen
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
10. cash flow in capital budgeting
10. cash flow in capital budgeting10. cash flow in capital budgeting
10. cash flow in capital budgetingAfiqEfendy Zaen
 
10. short term financial planning
10. short term financial planning10. short term financial planning
10. short term financial planningAfiqEfendy Zaen
 
4. time value of money
4. time value of money4. time value of money
4. time value of money
AfiqEfendy Zaen
 
3 financial ratio
3 financial ratio3 financial ratio
3 financial ratio
AfiqEfendy Zaen
 
2. financial statement cash flow
2. financial statement cash flow2. financial statement cash flow
2. financial statement cash flow
AfiqEfendy Zaen
 
1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of FinanceAfiqEfendy Zaen
 

More from AfiqEfendy Zaen (16)

Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
10. cash flow in capital budgeting
10. cash flow in capital budgeting10. cash flow in capital budgeting
10. cash flow in capital budgeting
 
10. short term financial planning
10. short term financial planning10. short term financial planning
10. short term financial planning
 
9. cost of capital
9. cost of capital9. cost of capital
9. cost of capital
 
8. stock valuation
8. stock valuation8. stock valuation
8. stock valuation
 
6. risk return
6. risk return6. risk return
6. risk return
 
6. bond valuation
6. bond valuation6. bond valuation
6. bond valuation
 
4. time value of money
4. time value of money4. time value of money
4. time value of money
 
3 financial ratio
3 financial ratio3 financial ratio
3 financial ratio
 
2. financial statement cash flow
2. financial statement cash flow2. financial statement cash flow
2. financial statement cash flow
 
1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance
 

Recently uploaded

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 

Recently uploaded (20)

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Virus and Malicious Code Chapter 5

  • 1. Chapter 5Chapter 5 Virus and Malicious CodeVirus and Malicious Code
  • 2. Malicious CodeMalicious Code ► Malicious code can be a program or part of aMalicious code can be a program or part of a program; a program part can even attach itself toprogram; a program part can even attach itself to another (good) program so that malicious effectanother (good) program so that malicious effect occurs whenever the good program runs.occurs whenever the good program runs. ► Malicious code can do anything other program canMalicious code can do anything other program can such as writing a message on a computer screen,such as writing a message on a computer screen, stopping a running program, generating a soundstopping a running program, generating a sound or erasing a stored file – malicious code can evenor erasing a stored file – malicious code can even do nothing at all.do nothing at all.
  • 3. Malicious CodeMalicious Code So…..So….. ► What is a malicious code?What is a malicious code? ► How can it take control of a system?How can it take control of a system? ► How can it lodge in a system?How can it lodge in a system? ► How does malicious code spread?How does malicious code spread? ► How can it be recognized?How can it be recognized? ► How can it be stopped?How can it be stopped?
  • 4. Malicious CodeMalicious Code Types of Malicious Code ► Virus – attach itself to program and propagates copies of itself to other programs. ► Trojan Horse – contain unexpected, additional functionality. ► Logic bomb – triggers action when condition occur. ► Time bomb - triggers action when specific time occur. ► Trapdoor – allows unauthorized access to functionality. ► Worm – propagates copies of itself through network. ► Rabbit – as a virus or worm replicates itself without limit to exhaust resources.
  • 5. VirusVirus ► A virus  A program that pass on malicious code to other non malicious (program) by modifying them.  Similar to biological virus, it infects healthy subjects  Infects a program by attaching the program ►Destroy the program or coexist with it. ►A good program, once infected becomes a carrier and infects other program. ►Either transient or resident (stand alone).
  • 6. Trojan HorseTrojan Horse ►Trojan Horse  A malicious code, in addition to primary effect, it has a malicious effect.  Example 1: a login scripts that solicits a user’s identification and password, passes the info to the system for logging processing and keeps a copy for malicious purpose.  Example 2: a cat command that displays text and sends a copy of the text to somewhere else.
  • 7. TrapdoorTrapdoor ► Trapdoor/ backdoor  A feature in a program by which someone can access the program using special privilege.  e.g. ATM provides 990099 to execute something
  • 8. WormWorm ►Worm  Spread copies of itself through a network.  Worm through network and virus through other medium.  Spread itself as a stand-alone program.
  • 9. Trapdoors ► A secret, undocumented entry point into a module which allows a specialized access. ► The trapdoor is inserted during code development  Test the modules, allow access in events of error ► Trapdoor are vulnerabilities because they expose the system to modification during execution. ► The programmer usually removes trapdoors during program development. But sometimes,  forget to remove them  leaves them in the program for testing and maintenance  or as a covert means of access to the routine after it becomes an accepted production program.
  • 10. Trapdoors ► It can be used by anyone who discovers the trapdoor by accident or exhaustive trials. ► Examples of trapdoors in program development which can be abused  Debugging/testing software modules using drivers and stubs and debug control sequences  Poor quality program, e.g use of CASE statement which captures all “defaults”  Unused opcodes in hardware design which can be exploited to do other undocumented things ► Trapdoors are generally desirable in program development  auditors introduce fictitious transaction and trace the effect  important for program maintenance
  • 11. How Viruses Attach?How Viruses Attach? (1) Appended Virus Original Program + Virus code = Original Program Virus code
  • 12. How Viruses Attach?How Viruses Attach? (1) Appended Viruses ►A virus attaches itself to a program. ►Whenever the program runs, the virus is activated. ►A virus simply inserts a copy of itself into the program file before the first executable instruction, so that all the virus instruction are completely executed and then followed by the real program instruction.
  • 13. How Viruses Attach?How Viruses Attach? (2) Viruses that surround a program(2) Viruses that surround a program Virus code Original Program Virus code (Part a) Original program Virus code (part b) This kind of virus that runs the original program but has control before and after its execution.
  • 14. How Viruses Attach?How Viruses Attach? (3) Integrated Viruses and Replacement Original Program + Virus Code = Modified program
  • 15. How Viruses Attach?How Viruses Attach? (3) Integrated Viruses and Replacement ► A virus might replace some of its target, integrating itself into the original code of the target. ► Finally, the virus can replace the entire target, either mimicking the effect of the target or ignoring the expected effect of the target and performing only the virus effect.
  • 16. How Viruses Gain Control?How Viruses Gain Control? (1) Overwriting Target T T File Directory A) Overwriting T V V Disk storage Before After
  • 17. How Viruses Gain Control?How Viruses Gain Control? (1) Overwriting Target ► The virus (V) has to be invoked instead of the target (T). ► The virus (V) either has to be seen to be T, saying effectively “I’m T” ► Or the virus (V) has to push T out of the way and become a substitute for T, saying effectively “call me instead of T”
  • 18. How Viruses Gain Control?How Viruses Gain Control? (2) Changing Pointers T T B ) Changing Pointer T V T V The virus change the pointers in the file table so that V is located instead of T whenever T is accessed through the file system.
  • 19. Home for VirusesHome for Viruses Boot Sector Viruses ► A special case of virus attachment, but a fairly a popular one. ► When a computer is started, control start with a firmware that determines which hardware components are present, test them and transfer control to OS. ► The OS is software stored on disk. The OS has to start with code that copies it from disk to memory and transfers control to it, called bootstrap load. ► Booting: The firmware read the boot sector( a fixed location on the h/disk) to a fixed location on memory and jump to the address that contain bootstrap loader.
  • 20. Home for VirusesHome for Viruses ► The loader load the OS to the memory. ► Boot sector on PC is less than 512 byte ► Chaining is used to support big bootstrap ► This mechanism can be utilized by virus installation ► Virus writer can break the chain and point to the virus code and reconnect the chain after virus installation ► The advantage: virus gains control early during the boot process. ► Hiding in the boot area which is not accessible by users.
  • 21. Home for VirusesHome for Viruses Bootstrap loader System initialize Bootstrap loaderSystem initialize Virus code Before Infection After Infection Boot Sector Boot Sector Other sectors Other sectors
  • 22. Home for VirusesHome for Viruses A virus can: ► attach itself to the system files IO.SYS or MSDOS.SYS ► attach itself to any other program loaded because of an entry in CONFIG.SYS or AUTOEXEC.BAT or ► add an entry to CONFIG>SYS or AUTOEXEC.BAT to cause it to be loaded ► Example: CIH virus, BRAIN virus
  • 23. Home for VirusesHome for Viruses Memory-Resident Viruses ► Some part of OS or program execute, terminate and disappears, with their space in memory being available for anything executed later. ► Frequently used code remain in special memory and is called “resident code” or TSR. ► Virus writers also like to attach viruses to resident code because it is activated many times while the machine is running. ► Each time the resident code runs, the virus does too ► Once activated, the virus can look for and infect uninfected carrier ► Virus may target the uninfected diskette.
  • 24. Home for VirusesHome for Viruses Other Homes For Viruses ► A popular home for viruses is an application program. ► Word Processing and spreadsheet has a macro where users may record a series of commands with a single invocation ► Writer may create a startup macro that contains virus ► It also embeds a copy of itself in data files so that the infection spread to anyone receiving it ► Libraries are also excellent places for viruses. Because it is used by many program and thus the code in them has broad effect and also shared between users
  • 25. Virus SignatureVirus Signature ► A virus code cannot be completely invisible. ► Code must be in memory to be executed. ► Viruses has their own characteristic/behavior – signature (1) Storage pattern - viruses that attach to programs that are stored on disks.  The attached virus piece is invariant, so that the start of the virus code becomes a detectable signature.  Small portion but JUMP to virus module
  • 26. Virus SignatureVirus Signature (2) Execution Pattern ► A virus writer may want a virus to do several things:  spread infection  avoid detection  cause harm - The harm that a virus can cause is unlimited ► Do nothing ► Display message on the screen ► Play music ► Erase file/entire disk ► Prevent booting ► Writing on the h/disk
  • 27. Virus SignatureVirus Signature (3) Transmission pattern ► A virus also has to have some means of transmission from one disk to another ► Viruses can travel during the boot process, with an executable file, or in data files. ► Viruses travel during execution of an infected program. ► Because a virus can execute any instruction a program can, virus travel is not confined to any single medium or execution pattern.
  • 28. Virus SignatureVirus Signature (4) Polymorphic Viruses ►Is a virus that can change its appearance. ►“Poly” means “many” and “morph” means “form”. ►To avoid detection, not every copy of a polymorphic virus has to differ from every other copy.
  • 29. Preventing VirusPreventing Virus ► Use only commercial software acquired from reliable, well established vendors. ► Test all new software on an isolated computers. ► Make a bootable diskettes and store it safely - write protect before booting ► Make and retain backup copies of executable system files. ► Use virus detectors regularly. ► Don’t trust any source from outside until its been test first.

Editor's Notes

  1. Stub & debug – routine to inject data in and extract result from component being tested.