Information Security &
Privacy
AlBaha University
Faculty of Computer Science and Information Technology
Department of Computer Science
Dr. Sonia ABDELKARIM
1.1
� Malicious Software
Chapter 9
AlBaha University Faculty of Computer Science and Information Technology Dr. Sonia Abdelkarim 1.2
�Viruses and Other Malicious Content
computer viruses have got a lot of publicity
one of a family of malicious software
effects usually obvious
have figured in news reports, fiction, movies
(often exaggerated)
getting more attention than deserve
are a concern though
3
�Malicious Software
4
�Backdoor or Trapdoor
• secret entry point into a program
• allows those who know access bypassing usual security
procedures
• have been commonly used by developers
• a threat when left in production programs allowing
exploited by attackers
• very hard to block in O/S
• requires good s/w development & update
5
�Logic Bomb
• one of oldest types of malicious software
• code embedded in legitimate program
• activated when specified conditions met
• eg presence/absence of some file
• particular date/time
• particular user
• when triggered typically damage system
• modify/delete files/disks, halt machine, etc
6
�Trojan Horse
• program with hidden side-effects
• which is usually superficially attractive
• eg game, s/w upgrade etc
• when run performs some additional tasks
• allows attacker to indirectly gain access they do not have directly
• often used to propagate a virus/worm or install a backdoor
• or simply to destroy data
7
�Mobile Code
program/script/macro that runs unchanged
on heterogeneous collection of platforms
on large homogeneous collection (Windows)
transmitted from remote system to local system & then
executed on local system
often to inject virus, worm, or Trojan horse
or to perform own exploits
unauthorized data access, root compromise
8
� Multiple-Threat Malware
malware may operate in multiple ways
multipartite virus infects in multiple ways
eg. multiple file types
blended attack uses multiple methods of infection or
transmission
to maximize speed of contagion and severity
may include multiple types of malware
eg. Nimda has worm, virus, mobile code
can also use IM & P2P
9
� Viruses
piece of software that infects programs
modifying them to include a copy of the virus
so it executes secretly when host program is run
specific to operating system and hardware
taking advantage of their details and weaknesses
a typical virus goes through phases of:
dormant
propagation
triggering
execution
10
�Virus Structure
components:
infection mechanism - enables replication
trigger - event that makes payload activate
payload - what it does, malicious or benign
prepended / postpended / embedded
when infected program invoked, executes virus code then
original program code
can block initial infection (difficult)
or propogation (with access controls)
11
�Virus Structure
12
�Compression Virus
13
�Virus Classification
boot sector
file infector
macro virus
encrypted virus
stealth virus
polymorphic virus
metamorphic virus
14
�Macro Virus
became very common in mid-1990s since
platform independent
infect documents
easily spread
exploit macro capability of office apps
executable program embedded in office doc
often a form of Basic
more recent releases include protection
recognized by many anti-virus programs
15
�E-Mail Viruses
more recent development
e.g. Melissa
exploits MS Word macro in attached doc
if attachment opened, macro activates
sends email to all on users address list
and does local damage
then saw versions triggered reading email
hence much faster propagation
16
�Virus Countermeasures
• prevention - ideal solution but difficult
• realistically need:
• detection
• identification
• removal
• if detect but can’t identify or remove, must
discard and replace infected program
17
�Anti-Virus Evolution
virus & antivirus tech have both evolved
early viruses simple code, easily removed
as become more complex, so must the countermeasures
generations
first - signature scanners
second - heuristics
third - identify actions
fourth - combination packages
18
�Thank You
