Get documents about "Lecture2 CIS 6930 Dr.Nemo
Document Sample
Computer and Network Security Lecture 2 Richard Newman
• Program Threats - Malicious code / Rogue program
– Aimed for undesired effects in programs.
E.g.
– Virus
A program that can pass on malicious code to other non malicious programs by modifying
them.
– Worm
A program that spreads copies of itself through a computer network.
– Trap door
A feature in a program that can allow someone to access assets through non obvious/
indirect / specially privilege ways.
– Trojan horse
Does what it is suppose to do but also covertly (non obvious ) does something malicious.
– Bacterium / Rabbit
A virus or worm that self-replicates to exhaust a computing resource.
– Logic Bomb
Does something malicious when a specified condition occurs - Like a trigger.
– Time Bomb
A logic bomb triggered by a specific date or time.
Computer and Network Security Lecture 2 Richard Newman
• Virus are not distributive in nature
but Worms are
• Bacteria are runway programs that
replicate themselves.
E.g: fork();
fork();
Computer and Network Security Lecture 2 Richard Newman
• Virus
• Contaminated program that looks for
other programs to infect.
• Properties
– 1. Stealth (Difficult to detect) Virus
– 2. Robust (Difficult to destroy / Data
deactivate)
– 3. Efficient (Move quickly) code
– 4. Infectious (Spread easily / widely)
– 5. Malicious (Destructive /
Compromising)
– 6. Portable
– ... virus
Original Virus
program
Computer and Network Security Lecture 2 Richard Newman
• Virus
•
• Methods
– Polymorphism
– Modify system utilities to falsify
reports
– Modify interrupt handlers to
intercept disk access
– Mark virus sectors as BAD
– Self compress
Computer and Network Security Lecture 2 Richard Newman
• Types of Virus
• Boot Sector
• Interrupt vector
• System
• Configuration / autoexec files
• Application / System utilities
• Data files
• Detection methods
– Static
• Signature
– Specific code, data sequence, location peculiar to virus
• Size
• Last modification time
• Integration checks - Cryptographic seal
– Dynamic
• Execution time checks
– Illegal operation
– Writes to files outside of “normal behavior space”
– Sequence of system calls that are not “normal”
Computer and Network Security Lecture 2 Richard Newman
• How virus gain control
Virus integrated into program
Physically
Original
Start program
Virus Original
code program
VC part
Start
VC part Logically Start
Original
program
VC part
Virus surrounding a program
Computer and Network Security Lecture 2 Richard Newman
• Changing pointers
T T
V T T V
Over writing
T T
T V
V
Computer and Network Security Lecture 2 Richard Newman
• Virus Infection
Before infection
Chain
System
Bootstrap
Initialization
Loader
Other Sectors
After infection
Chain
System Bootstrap
Virus code Initialization Loader
Chain
Other Sectors
Computer and Network Security Lecture 2 Richard Newman
• Virus Infection
Scramble and copy to unused
area
Virus code
pointer
Mark unused
but has virus code
Stealth
