Topics in Malware - Computer and Network Security - Lecture Slides, Slides of Computer Science

These are the Lecture Slides of Computer and Network Security which includes Authorization, Social Security Number, Trouble with Passwords, Cryptographic Keys, Dictionary Attack, Bad Passwords, Password Experiment, Random Characters etc. Key important points are: Topics in Malware, Malicious Software, Spying Program, Uses of Malware, Typical Purposes of Malware, Resource Theft, Backdoor Access, Types of Malware, Trojan Horses, Viruses Operation

Typology: Slides

2012/2013

Uploaded on 03/22/2013

dhimant
dhimant 🇮🇳

4.3

(8)

128 documents

1 / 75

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Topics in Malware
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b

Partial preview of the text

Download Topics in Malware - Computer and Network Security - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Topics in Malware

What is Malware?

-^ Malware (malicious software) is any programthat works against the interest of the system’suser or owner. •^ Question:

Is a program that spies on the web

browsing habits of the employees of acompany considered malware? • What if the CEO authorized the installation ofthe spying program?

Typical purposes of Malware • Backdoor access:^ –^ Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks:^ –^ Infect a huge number of machines to try simultaneously toconnect to a target server in hope of overwhelming it andmaking it crash. • Vandalism:^ –^ E.g., defacing a web site. • Resource Theft:^ –^ E.g., stealing other user’s computing and network resources,such as using your neighbors’ Wireless Network. • Information Theft:^ –^ E.g., stealing other user’s credit card numbers

Types of Malware

•^ Viruses •^ Worms •^ Trojan Horses •^ Backdoors •^ Mobile code •^ Adware •^ Sticky software

Viruses (Cont’d)

-^ Some viruses are harmful (e.g.,):^ –^

delete valuable information from a computer’sdisk, – freeze the computer.

-^ Other viruses are harmless (e.g.,):^ –^

display annoying messages to attract userattention, – just replicate themselves.

Viruses: Operation

•^ Viruses typically attach themselves toexecutable program files^ –^

e.g.,^

.exe^

files in MS Windows

•^ Then the virus slowly duplicates itselfinto many executable files on theinfected system. •^ Viruses require human intervention toreplicate.

The first computer viruses • A program called

Elk Cloner

is credited with being the

first computer virus to appear "in the wild". Written in1982 by Rich Skrenta, it attached itself to the AppleDOS 3.3 operating system and spread by floppy disk. • The first PC virus was a boot sector virus called(c)Brain, created in 1986 by two brothers, Basit andAmjad Farooq Alvi, operating out of Lahore, Pakistan.

Worms

-^ Worms are malicious programs that use the Internetto spread. •^ Similar to a virus, a worm self-replicates. •^ Unlike a virus, a worm does not need humanintervention to replicate. •^ Worms have the ability to spread uncontrollably in avery brief period of time.^ –^

Almost every computer system in the world is attached to thesame network.

Trojan horses

•^ A Trojan Horse is a seemingly innocentapplication that contains malicious codethat is hidden somewhere inside it. •^ Trojans are often useful programs thathave unnoticeable, yet harmful, sideeffects.

Trojan horses: Operation (1) • Embed a malicious element inside anotherwise benign program. • The victim:^ 1.^ receives the infected program,^ 2.^ launches it,^ 3.^ remains oblivious of the fact that the system hasbeen infected. – The application continues to operatenormally to eliminate any suspicion.

Backdoors

•^ A backdoor is malware that creates acovert access channel that the attackercan use for:^ –^

connecting, – controlling, – spying, – or otherwise interacting with the victim’ssystem.

Backdoors: Operation

-^ Backdoors can be embedded in actualprograms that, when executed, enable theattacker to connect to and to use the systemremotely. •^ Backdoors may be planted into the sourcecode by rogue software developers beforethe product is released.^ –^

This is more difficult to get away with if theprogram is open source.

Mobile code (Cont’d)

•^ Java scripts are distributed in sourcecode form making them easy toanalyze. •^ ActiveX components are conventionalexecutables that contain native IA-32machine code. •^ Java applets are in bytecode form,which makes them easy to decompile.

Mobile code: Operation

-^ Web sites quickly download and launch a program onthe end user’s system. •^ User might see a message that warns about aprogram that is about to be installed and launched.^ –^

Most users click OK to allow the program to run. – They may not consider the possibility that malicious code isabout to be downloaded and executed on their system.