Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
65 views11 pages

Understanding Malicious Software

The document discusses different types of malicious programs such as viruses, worms, Trojan horses, logic bombs, and trapdoors. It defines these programs and explains how they spread. Viruses replicate by inserting copies of themselves into other programs or files. Worms replicate across networks by attaching to emails or documents. The document also outlines the lifecycle of viruses from dormant to propagation to triggering phases. It describes different categories of viruses and approaches to antivirus detection from signature-based to heuristic to activity monitoring.

Uploaded by

asad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views11 pages

Understanding Malicious Software

The document discusses different types of malicious programs such as viruses, worms, Trojan horses, logic bombs, and trapdoors. It defines these programs and explains how they spread. Viruses replicate by inserting copies of themselves into other programs or files. Worms replicate across networks by attaching to emails or documents. The document also outlines the lifecycle of viruses from dormant to propagation to triggering phases. It describes different categories of viruses and approaches to antivirus detection from signature-based to heuristic to activity monitoring.

Uploaded by

asad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Viruses and ”Malicious

Programs”

Data and Network Security 1


Viruses and ”Malicious
Programs”
• Computer “Viruses” and related programs have the
ability to replicate themselves on an ever increasing
number of computers. They originally spread by people
sharing floppy disks. Now they spread primarily over
the Internet (a “Worm”).

• Other “Malicious Programs” may be installed by hand on


a single machine. They may also be built into widely
distributed commercial software packages. These are
very hard to detect before the payload activates
(Trojan Horses, Trap Doors, and Logic Bombs).

Data and Network Security 2


Taxanomy of Malicious Programs
Malicious
Programs

Need Host Independent


Program

Trapdoors Logic Trojan Viruses Bacteria Worms


Bombs Horses

Data and Network Security 3


Definitions
• Virus - code that copies itself into other programs.

• A “Bacteria” replicates until it fills all disk space, or


CPU cycles.

• Payload - harmful things the malicious program does,


after it has had time to spread.

• Worm - a program that replicates itself across the


network (usually riding on email messages or attached
documents (e.g., macro viruses).

Data and Network Security 4


Definitions
• Trojan Horse - instructions in an otherwise good
program that cause bad things to happen (sending
your data or password to an attacker over the net).

• Logic Bomb - malicious code that activates on an


event (e.g., date).

• Trap Door (or Back Door) - undocumented entry point


written into code for debugging that can allow
unwanted users.

• Easter Egg - extraneous code that does something


“cool.” A way for programmers to show that they
control the product.
Data and Network Security 5
Types of Viruses
• Parasitic Virus - attaches itself to executable files as part
of their code. Runs whenever the host program runs.

• Memory-resident Virus - Lodges in main memory as part of


the residual operating system.

• Boot Sector Virus - infects the boot sector of a disk, and


spreads when the operating system boots up (original DOS
viruses).

• Stealth Virus - explicitly designed to hide from Virus


Scanning programs.

• Polymorphic Virus - mutates with every new host to prevent


signature detection.
Data and Network Security 6
Virus Phases
• Dormant phase - the virus is idle

• Propagation phase - the virus places an identical


copy of itself into other programs

• Triggering phase – the virus is activated to


perform the function for which it was intended

• Execution phase – the function is performed

Data and Network Security 7


Macro Viruses
• Microsoft Office applications allow “macros” to be
part of the document. The macro could run whenever
the document is opened, or when a certain command is
selected (Save File).

• Platform independent.

• Infect documents, delete files, generate email and


edit letters.

Data and Network Security 8


Antivirus Approaches
1st Generation, Scanners: searched files for any of a
library of known virus “signatures.” Checked
executable files for length changes.

2nd Generation, Heuristic Scanners: looks for more


general signs than specific signatures (code
segments common to many viruses). Checked files
for checksum or hash changes.

3rd Generation, Activity Traps: stay resident in


memory and look for certain patterns of software
behavior (e.g., scanning files).

4th Generation, Full Featured: combine the best of


the techniques above.
Data and Network Security 9
Advanced Antivirus
Techniques
• Generic Decryption (GD)
– CPU Emulator
– Virus Signature Scanner
– Emulation Control Module
• For how long should a GD scanner run
each interpretation?

Data and Network Security 10


Virus Protection
Have a well-known virus protection program, configured to
scan disks and downloads automatically for known viruses.

Do not execute programs (or "macro's") from unknown


sources (e.g., PS files, Hypercard files, MS Office documents,

Avoid the most common operating systems and email

programs, if possible.

Data and Network Security 11

You might also like