Download Malicious Software - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!
Lecture 13
Malicious Software
Malware
• [NIST05] defines malware as:
“a program that is inserted into a system, usually
covertly, with the intent of compromising the
confidentiality , integrity , or availability of the
victim’s data, applications, or operating system
or otherwise annoying or disrupting the victim.”
Classification of Malware
• classified into two broad categories based on:
- how it spreads or propagates to reach the desired targets
- the actions or payloads it performs once a target is reached
• also classified by:
- those that need a host program
- parasitic code such as viruses
- those that are independent, self-contained programs
- malware that does not replicate
- malware that does replicate
Types of Malicious Software
- propagation mechanisms include:
- infection of existing content by viruses that is subsequently spread to other systems
- exploit of software vulnerabilities by worms or drive-by-downloads to allow the malware to replicate
- social engineering attacks that convince users to bypass security mechanisms to install Trojans or to respond to phishing attacks
- payload actions performed by malware once it reaches a
target system can include:
- corruption of system or data files
- theft of service/make the system a zombie agent of attack as part of a botnet
- theft of information from the system/keylogging
- stealthing/hiding its presence on the system
Malware Evolution
CS 450/650 Fundamentals of Integrated Computer Security (^) Docsity.com^7
Malware Targets
Platform %
*nix (Linux, BSD) 0.052%
Mac (OS X primarily) 0.005%
Mobile (Symbian, WinCE) 0.020%
Other (MySQL, IIS, DOS) 0.012%
Windows (XP SP2, SP3, Vista, 7) 99.91%
CS 450/650 Lecture 16: Malicious Codes (^) Docsity.com 8
Viruses
• piece of software that infects programs
– modifies them to include a copy of the virus
– replicates and goes on to infect other content
– easily spread through network environments
• when attached to an executable program a
virus can do anything that the program is
permitted to do
– executes secretly when the host program is run
• specific to operating system and hardware
– takes advantage of their details and weaknesses
Virus Components
- means by which a virus spreads or propagates
- also referred to as the infection vector
infection mechanism
- event or condition that determines when the payload
is activated or delivered
- sometimes known as a logic bomb
trigger
- what the virus does (besides spreading)
- may involve damage or benign but noticeable activity
payload
Virus Structure
Compression Virus Logic
Macro/Scripting Code Viruses
• very common in mid-1990s
– platform independent
– infect documents (not executable portions of code)
– easily spread
• exploit macro capability of MS Office
applications
– more recent releases of products include protection
• various anti-virus programs have been
developed
– so these are no longer the predominant virus threat
Worms
• program that actively seeks out
more machines to infect
– each infected machine serves as an automated
launching pad for attacks on other machines
• exploits software vulnerabilities in client or
server programs
• can use network connections to spread from
system to system
• spreads through shared media
– USB drives, CD, DVD data disks
Worm Replication
- worm e-mails a copy of itself to other systems
- sends itself as an attachment via an instant message service
electronic mail or instant messenger facility
- creates a copy of itself or infects a file as a virus on file sharing removable media
remote execution • worm executes a copy of itself on another system capability
- worm uses a remote file access or transfer service to copy itself from one system to the other
remote file access or transfer capability
- worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other
remote login capability
Worm Propagation Model