Malicious Software - Integrated Computer Security - Lecture Slides, Slides of Computer Security

These lecture slides are very easy to understand the ntegrated Computer Security system.The major points in these lecture slides are:Malicious Software, Malware, Intent, Compromising, Availability, Integrity, Confidentiality, Applications, Operating System, Disrupting the Victim

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 13
Malicious Software
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download Malicious Software - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Lecture 13

Malicious Software

Malware

• [NIST05] defines malware as:

“a program that is inserted into a system, usually

covertly, with the intent of compromising the

confidentiality , integrity , or availability of the

victim’s data, applications, or operating system

or otherwise annoying or disrupting the victim.”

Classification of Malware

• classified into two broad categories based on:

  • how it spreads or propagates to reach the desired targets
  • the actions or payloads it performs once a target is reached

• also classified by:

  • those that need a host program
    • parasitic code such as viruses
  • those that are independent, self-contained programs
    • worms, trojans, and bots
  • malware that does not replicate
    • trojans and spam e-mail
  • malware that does replicate
    • viruses and worms

Types of Malicious Software

  • propagation mechanisms include:
    • infection of existing content by viruses that is subsequently spread to other systems
    • exploit of software vulnerabilities by worms or drive-by-downloads to allow the malware to replicate
    • social engineering attacks that convince users to bypass security mechanisms to install Trojans or to respond to phishing attacks
  • payload actions performed by malware once it reaches a

target system can include:

  • corruption of system or data files
  • theft of service/make the system a zombie agent of attack as part of a botnet
  • theft of information from the system/keylogging
  • stealthing/hiding its presence on the system

Malware Evolution

CS 450/650 Fundamentals of Integrated Computer Security (^) Docsity.com^7

Malware Targets

Platform %

*nix (Linux, BSD) 0.052%

Mac (OS X primarily) 0.005%

Mobile (Symbian, WinCE) 0.020%

Other (MySQL, IIS, DOS) 0.012%

Windows (XP SP2, SP3, Vista, 7) 99.91%

CS 450/650 Lecture 16: Malicious Codes (^) Docsity.com 8

Viruses

• piece of software that infects programs

– modifies them to include a copy of the virus

– replicates and goes on to infect other content

– easily spread through network environments

• when attached to an executable program a

virus can do anything that the program is

permitted to do

– executes secretly when the host program is run

• specific to operating system and hardware

– takes advantage of their details and weaknesses

Virus Components

  • means by which a virus spreads or propagates
  • also referred to as the infection vector

infection mechanism

  • event or condition that determines when the payload

is activated or delivered

  • sometimes known as a logic bomb

trigger

  • what the virus does (besides spreading)
  • may involve damage or benign but noticeable activity

payload

Virus Structure

Compression Virus Logic

Macro/Scripting Code Viruses

• very common in mid-1990s

– platform independent

– infect documents (not executable portions of code)

– easily spread

• exploit macro capability of MS Office

applications

– more recent releases of products include protection

• various anti-virus programs have been

developed

– so these are no longer the predominant virus threat

Worms

• program that actively seeks out

more machines to infect

– each infected machine serves as an automated

launching pad for attacks on other machines

• exploits software vulnerabilities in client or

server programs

• can use network connections to spread from

system to system

• spreads through shared media

– USB drives, CD, DVD data disks

Worm Replication

  • worm e-mails a copy of itself to other systems
  • sends itself as an attachment via an instant message service

electronic mail or instant messenger facility

  • creates a copy of itself or infects a file as a virus on file sharing removable media

remote execution • worm executes a copy of itself on another system capability

  • worm uses a remote file access or transfer service to copy itself from one system to the other

remote file access or transfer capability

  • worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other

remote login capability

Worm Propagation Model