Embed Size (px)
Citation preview
ITMS- 3153 Information Systems Security
1
Malicious CodeMalicious code or rogue program is the general
name for unanticipated or undesired effects in programs or program parts, caused by an agent intent on damage.
Malicious code can do anything any other program can, such as writing a message on a computer screen, stopping a running program, generating a sound, or erasing a stored file.
Malicious code runs under the user's authority. Thus, malicious code can touch everything the user can touch, and in the same ways.
2
Kinds of Malicious CodeCode Type Characteristics
Virus Attaches itself to program and propagates copies of itself to other programs
Trojan horse Contains unexpected, additional functionality
Logic bomb Triggers action when condition occurs
Time bomb Triggers action when specified time occurs
Trapdoor Allows unauthorized access to functionality
Worm Propagates copies of itself through a network
Rabbit Replicates itself without limit to exhaust resources
3
How Viruses Attach
4
E-MailSetup File
Appended VirusesThe user is unaware of the effect of the virus
if the original program still does all that it used to. Most viruses attach in this manner.
5
Viruses That Surround a Program
6
Virus that runs the original program but has control before and after its execution.
Integrated Viruses and Replacements
7
Virus replaces some of its target, integrating itself into the original code of the target.
Virus SignaturesThe virus executes in a particular way,
using certain methods to spread. Each of these characteristics yields a telltale pattern, called a signature.
The virus's signature is important for creating a program, called a virus scanner, that can detect and, in some cases, remove viruses.
8
How Viruses Gain Control
9
Homes for VirusesIt is hard to detect. It is not easily destroyed or deactivated.It spreads infection widely.It can reinfect its home program or other programs.It is easy to create.It is machine independent and operating system
independent
10
Virus Effects and Causes
11
Virus Effect How It is Caused
Attach to executable program Modify file directoryWrite to executable program file
Attach to data or control file Modify directoryRewrite dataAppend to dataAppend data to self
Remain in memory Intercept interrupt by modifying interrupt handler address tableLoad self in non transient memory area
Infect disks Intercept interruptIntercept operating system call (to format disk, for example)Modify system fileModify ordinary executable program
Virus Effects and Causes…Virus Effect How It is Caused
Conceal self Intercept system calls that would reveal self and falsify resultClassify self as "hidden" file
Spread infection Infect boot sectorInfect systems programInfect ordinary programInfect data ordinary program reads to control its execution
Prevent deactivation Activate before deactivating program and block deactivationStore copy to re infect after deactivation
12
Prevention of Virus InfectionUse only commercial software acquired from
reliable, well-established vendors.Test all new software on an isolated computer.Open attachments only when you know them
to be safe.Make a recoverable system image and store it
safely.Make and retain backup copies of executable
system files.Use virus detectors
13
TrapdoorsA trapdoor is an undocumented entry point to
a module. Developers insert trapdoors during code development, perhaps to test the module.
14
Causes of TrapdoorsForget to remove themIntentionally leave them in the program for
testingIntentionally leave them in the program for
maintenance of the finished programIntentionally leave them in the program as a
covert means of access to the component after it becomes an accepted part of a production system
15
Covert ChannelsThe communication travels unnoticed, accompanying
other, perfectly proper, communications. The general name for these extraordinary paths of communication is covert channels.
16
Controls against Program ThreatsIt is of course better to focus on prevention
than cure; how do we use controls during software development the specifying, designing, writing, and testing of the program to find and eliminate the sorts of exposures.
17
