Threats Environment:

Attackers and Cybercrimes

‫ اﻟﻣﮭﺎﺟﻣون واﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ‬:‫ﺑﯾﺋﺔ اﻟﺗﮭدﯾدات‬
Chapter 2

CSE 451 - Computer & Network Security

Outline
• Part 1 • Part 2 • Part 3
• Cybercrimes • Cyber Threats • Malicious Software
• Cyber Attacks • Internal Threats • Computer viruses
• Cyber Warfare (Insider Threats) • Virus
• Cyber Attack • External Threats Countermeasures
Scenarios • Passive attacks • Antivirus Techniques
• Attacks Objectives • Active attacks

CSE 451 - Computer & Network Security

2
 Part 1

CSE 451 - Computer & Network Security

3
Outline
• Introduction • Cyber Warfare
• Cybercrimes • Cyber Attack
• Cyber Attacks Scenarios
• Cyber Attack Tools • Attacks Objectives
• Characteristics of
Attacks
• Crime scene
• Laws

CSE 451 - Computer & Network Security

4
What differentiates cybercrime from
traditional criminal activity?
‫ﻣﺎ اﻟذي ﯾﻣﯾز اﻟﺟرﯾﻣﺔ اﻟﺳﯾﺑراﻧﯾﺔ ﻋن اﻟﻧﺷﺎط اﻹﺟراﻣﻲ اﻟﺗﻘﻠﯾدي؟‬

• The use of computers, electronical and digital devices

‫اﺳﺗﺧدام أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر واﻷﺟﮭزة اﻹﻟﻛﺗروﻧﯾﺔ واﻟرﻗﻣﯾﺔ‬

CSE 451 - Computer & Network Security

5
Cybercrimes
• Definition: :‫ﺗﻌرﯾف‬
• Cybercrime is a crime committed over the internet with the use of a
computer and a network or networked device.
‫اﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ ھﻲ ﺟرﯾﻣﺔ ﺗرﺗﻛب ﻋﺑر اﻹﻧﺗرﻧت ﺑﺎﺳﺗﺧدام ﺟﮭﺎز ﻛﻣﺑﯾوﺗر‬
.‫وﺷﺑﻛﺔ أو ﺟﮭﺎز ﻣﺗﺻل ﺑﺎﻟﺷﺑﻛﺔ‬

CSE 451 - Computer & Network Security

6
 Cyber Attacks
• Definition:
• Is any type of offensive action used by cyber criminals to hack and
deploy malicious action in a system with the purpose of stealing,
altering, destroying or taking any advantage from this action.
‫ھو أي ﻧوع ﻣن اﻹﺟراءات اﻟﮭﺟوﻣﯾﺔ اﻟﺗﻲ ﯾﺳﺗﺧدﻣﮭﺎ ﻣﺟرﻣو اﻹﻧﺗرﻧت ﻻﺧﺗراق وﻧﺷر إﺟراءات ﺿﺎرة ﻓﻲ ﻧظﺎم ﺑﻐرض‬
.‫ﺳرﻗﺔ أو ﺗﻐﯾﯾر أو ﺗدﻣﯾر أو اﻻﺳﺗﻔﺎدة ﻣن ھذا اﻹﺟراء‬
• Cyber attacks target computers, networks, information systems, IT
infrastructure of all types and sizes of devices including , individual
users and organizations anytime and every where
‫ﺗﺳﺗﮭدف اﻟﮭﺟﻣﺎت اﻟﺳﯾﺑراﻧﯾﺔ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر واﻟﺷﺑﻛﺎت وأﻧظﻣﺔ اﻟﻣﻌﻠوﻣﺎت‬
• No one is safe!!! ‫واﻟﺑﻧﯾﺔ اﻟﺗﺣﺗﯾﺔ ﻟﺗﻛﻧوﻟوﺟﯾﺎ اﻟﻣﻌﻠوﻣﺎت ﺑﺟﻣﯾﻊ أﻧواﻋﮭﺎ وأﺣﺟﺎﻣﮭﺎ ﺑﻣﺎ ﻓﻲ ذﻟك‬
!!‫ﻻ أﺣد آﻣن‬
‫اﻟﻣﺳﺗﺧدﻣﯾن اﻷﻓراد واﻟﻣؤﺳﺳﺎت ﻓﻲ أي وﻗت وﻓﻲ ﻛل ﻣﻛﺎن‬
CSE 451 - Computer & Network Security
7
/=‫ﺻﺎدﻗﯾﯾن و ﻣﺣد اﻣن ﻋﺷﺎن ﻛذا ﻋﻧدي ﺗرﺳت اﯾﺷوز‬
Cyber Attacks
Examples:
• Cyber trespass
• Hacking (snooping)
• Unauthorised access
• Breaching network security
‫اﻟﺗﻌدي اﻟﺳﯾﺑراﻧﻲ‬
(‫اﻟﻘرﺻﻧﺔ )اﻟﺗطﻔل‬
‫اﻟوﺻول ﻏﯾر اﻟﻣﺻرح ﺑﮫ‬
‫ﺧرق أﻣن اﻟﺷﺑﻛﺔ‬
• Cyber theft
• Embezzlement
• Unlawful appropriation
• Corporate / industrial espionage
• Plagiarism
• Piracy
• Identity theft
• DNS cache poisoning
‫اﻟﺳرﻗﺔ اﻹﻟﻛﺗروﻧﯾﺔ‬
‫اﺧﺗﻼس‬
‫اﻻﺳﺗﯾﻼء ﻏﯾر اﻟﻣﺷروع‬
‫ اﻟﺻﻧﺎﻋﻲ‬/ ‫اﻟﺗﺟﺳس اﻟﻣؤﺳﺳﻲ‬
‫اﻻﻧﺗﺣﺎل‬
‫ﻗرﺻﻧﺔ‬
‫ﺳرﻗﺔ اﻟﮭوﯾﺔ‬
8
‫ﺗﺳﻣم ذاﻛرة اﻟﺗﺧزﯾن اﻟﻣؤﻗت ﻟﻧظﺎم أﺳﻣﺎء اﻟﻧطﺎﻗﺎت‬
Cybercrimes
• Cyber trespass:
Gaining access to just snoop around
:‫اﻟﺗﻌدي اﻟﺳﯾﺑراﻧﻲ‬
‫اﻟوﺻول إﻟﻰ ﻣﺟرد اﻟﺗطﻔل‬
.
• Cyber Theft:
Gaining access to actually steal something, data (credit card numbers,
customer’s details, etc) or even transferring money.
:‫اﻟﺳرﻗﺔ اﻹﻟﻛﺗروﻧﯾﺔ‬
‫اﻟوﺻول إﻟﻰ ﺳرﻗﺔ ﺷﻲء ﻣﺎ أو ﺑﯾﺎﻧﺎت )أرﻗﺎم ﺑطﺎﻗﺎت اﻻﺋﺗﻣﺎن أو ﺗﻔﺎﺻﯾل اﻟﻌﻣﯾل‬
‫أو ﻣﺎ إﻟﻰ ذﻟك( أو ﺣﺗﻰ ﺗﺣوﯾل اﻷﻣوال‬

CSE 451 - Computer & Network Security

9
Cybercrimes
Cyber fraud
• Promoting falsehoods to obtain something of value or benefit.
• Trying to get people to send you either money or their bank account
details, by offering them the chance to make a lot of money quickly.
• e.g. emails asking for money.
‫اﻻﺣﺗﯾﺎل اﻹﻟﻛﺗروﻧﻲ‬
.‫ﺗروﯾﺞ اﻷﻛﺎذﯾب ﻟﻠﺣﺻول ﻋﻠﻰ ﺷﻲء ذي ﻗﯾﻣﺔ أو ﻓﺎﺋدة‬
‫ ﻣن ﺧﻼل ﻣﻧﺣﮭم‬، ‫ﻣﺣﺎوﻟﺔ ﺟﻌل اﻟﻧﺎس ﯾرﺳﻠون ﻟك إﻣﺎ اﻷﻣوال أو ﺗﻔﺎﺻﯾل ﺣﺳﺎﺑﺎﺗﮭم اﻟﻣﺻرﻓﯾﺔ‬
.‫اﻟﻔرﺻﺔ ﻟﻛﺳب اﻟﻛﺛﯾر ﻣن اﻟﻣﺎل ﺑﺳرﻋﺔ‬
.‫ﻋﻠﻰ ﺳﺑﯾل اﻟﻣﺛﺎل رﺳﺎﺋل اﻟﺑرﯾد اﻹﻟﻛﺗروﻧﻲ اﻟﺗﻲ ﺗطﻠب اﻟﻣﺎل‬

CSE 451 - Computer & Network Security

10
Cybercrimes
Destructive Cyber crimes
• Hacking into systems & destroying data, or system
• Introducing viruses or worms
• The WhiteHouse and the Pentagon were hacked into on a regular
basis before security was stepped up.
• DOS attacks have caused huge financial loses in US
‫اﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ اﻟﻣدﻣرة‬
‫اﺧﺗراق اﻷﻧظﻣﺔ وﺗدﻣﯾر اﻟﺑﯾﺎﻧﺎت أو اﻟﻧظﺎم‬
‫إدﺧﺎل اﻟﻔﯾروﺳﺎت أو اﻟدﯾدان‬
.‫ﺗم اﺧﺗراق اﻟﺑﯾت اﻷﺑﯾض واﻟﺑﻧﺗﺎﻏون ﻋﻠﻰ أﺳﺎس ﻣﻧﺗظم ﻗﺑل ﺗﺷدﯾد اﻷﻣن‬
dos‫ﺗﺳﺑﺑت ھﺟﻣﺎت‬
‫ﻓﻲ ﺧﺳﺎﺋر ﻣﺎﻟﯾﺔ ﺿﺧﻣﺔ ﻓﻲ اﻟوﻻﯾﺎت اﻟﻣﺗﺣدة‬
CSE 451 - Computer & Network Security
11
Cyber Attack Tools
Increased sophistication = harder to discover
‫زﯾﺎدة اﻟﺗطور = ﯾﺻﻌب اﻛﺗﺷﺎﻓﮫ‬
• Level of automation is increasing.
.‫ﻣﺳﺗوى اﻷﺗﻣﺗﺔ آﺧذ ﻓﻲ اﻻزدﯾﺎد‬
• Scanning tools.
.‫أدوات اﻟﻣﺳﺢ اﻟﺿوﺋﻲ‬
• Some are self-initiating.
.‫ﺑﻌﺿﮭﺎ ﯾﺑﺎدر ذاﺗﯾﺎ‬
The level of automation in attack tools is increasing. Scanning tools are
using more advanced scanning patterns to maximise impact and speed.
Attack tools can exploit vulnerabilities as part of the scanning process
e.g. Code Red, worms, botnets.
‫ ﯾﻣﻛن‬.‫ ﺗﺳﺗﺧدم أدوات اﻟﻣﺳﺢ اﻟﺿوﺋﻲ أﻧﻣﺎط ﻣﺳﺢ أﻛﺛر ﺗﻘدﻣﺎ ﻟزﯾﺎدة اﻟﺗﺄﺛﯾر واﻟﺳرﻋﺔ‬.‫ﻣﺳﺗوى اﻷﺗﻣﺗﺔ ﻓﻲ أدوات اﻟﮭﺟوم آﺧذ ﻓﻲ اﻻزدﯾﺎد‬
‫ ﻣﺛل‬، ‫ﻷدوات اﻟﮭﺟوم اﺳﺗﻐﻼل ﻧﻘﺎط اﻟﺿﻌف ﻛﺟزء ﻣن ﻋﻣﻠﯾﺔ اﻟﻣﺳﺢ‬Code Red .‫واﻟدﯾدان وﺷﺑﻛﺎت اﻟروﺑوت‬
CSE 451 - Computer & Network Security
12
Cyber Attack Tools
• Distributed Attack Tools ‫أدوات اﻟﮭﺟوم اﻟﻣوزﻋﺔ‬
• Distributed attack tools allow hackers to deploy attack tools
distributed across many Internet systems. They are capable of
launching denial of service attacks more efficiently, scanning for
victims and compromising vulnerable systems. They often take
advantage of readily available public communications protocols such
as Internet Relay Chat (IRC) and the instant messaging (IM).
‫ﺗﺳﻣﺢ أدوات اﻟﮭﺟوم اﻟﻣوزﻋﺔ ﻟﻠﻣﺗﺳﻠﻠﯾن ﺑﻧﺷر أدوات اﻟﮭﺟوم اﻟﻣوزﻋﺔ ﻋﺑر‬
‫ ﻓﮭﻲ ﻗﺎدرة ﻋﻠﻰ ﺷن ھﺟﻣﺎت اﻟﺣرﻣﺎن ﻣن اﻟﺧدﻣﺔ‬.‫اﻟﻌدﯾد ﻣن أﻧظﻣﺔ اﻹﻧﺗرﻧت‬
.‫ واﻟﻣﺳﺢ ﺑﺣﺛﺎ ﻋن اﻟﺿﺣﺎﯾﺎ وﺗﻌرﯾض اﻷﻧظﻣﺔ اﻟﺿﻌﯾﻔﺔ ﻟﻠﺧطر‬،‫ﺑﺷﻛل أﻛﺛر ﻛﻔﺎءة‬
‫ﻏﺎﻟﺑﺎ ﻣﺎ ﯾﺳﺗﻔﯾدون ﻣن ﺑروﺗوﻛوﻻت اﻻﺗﺻﺎﻻت اﻟﻌﺎﻣﺔ اﻟﻣﺗﺎﺣﺔ ﺑﺳﮭوﻟﺔ ﻣﺛل‬
Internet Relay Chat (IRC) )IM) ‫ واﻟﻣراﺳﻠﺔ اﻟﻔورﯾﺔ‬.
CSE 451 - Computer & Network Security
13
 Characteristics of Cyber Attacks
Three important characteristics::‫ﺛﻼث ﺧﺻﺎﺋص ﻣﮭﻣﺔ‬
1. Anti-forensics: Attackers use techniques to hide the attack. This makes it
difficult for security experts to analyse new attack tools.
‫ ھذا ﯾﺟﻌل ﻣن‬.‫ ﯾﺳﺗﺧدم اﻟﻣﮭﺎﺟﻣون ﺗﻘﻧﯾﺎت ﻹﺧﻔﺎء اﻟﮭﺟوم‬:‫ﻣﻛﺎﻓﺣﺔ اﻟطب اﻟﺷرﻋﻲ‬
.‫اﻟﺻﻌب ﻋﻠﻰ ﺧﺑراء اﻷﻣن ﺗﺣﻠﯾل أدوات اﻟﮭﺟوم اﻟﺟدﯾدة‬
2. Dynamic behaviour: Early attack tools performed their attack steps in single
defined sequences. Today’s automated tools can vary the pattern and
behaviour randomly or may be under direct intruder control.
‫ ﯾﻣﻛن‬.‫ ﻧﻔذت أدوات اﻟﮭﺟوم اﻟﻣﺑﻛر ﺧطوات اﻟﮭﺟوم اﻟﺧﺎﺻﺔ ﺑﮭﺎ ﻓﻲ ﺗﺳﻠﺳﻼت ﻣﺣددة واﺣدة‬:‫اﻟﺳﻠوك اﻟدﯾﻧﺎﻣﯾﻛﻲ‬
.‫ﻟﻸدوات اﻵﻟﯾﺔ اﻟﯾوم ﺗﻐﯾﯾر اﻟﻧﻣط واﻟﺳﻠوك ﺑﺷﻛل ﻋﺷواﺋﻲ أو ﻗد ﺗﻛون ﺗﺣت اﻟﺳﯾطرة اﻟﻣﺑﺎﺷرة ﻟﻠدﺧﯾل‬
3. Modularity of attack tools: Early attack tools implemented one type of attack.
Now tools can be quickly upgraded or modules replaced. This causes rapidly
evolving attacks, which execute on multiple operating platforms.
‫ ﯾؤدي ھذا إﻟﻰ‬.‫ اﻵن ﯾﻣﻛن ﺗرﻗﯾﺔ اﻷدوات ﺑﺳرﻋﺔ أو اﺳﺗﺑدال اﻟوﺣدات‬.‫ ﻧﻔذت أدوات اﻟﮭﺟوم اﻟﻣﺑﻛر ﻧوﻋﺎ واﺣدا ﻣن اﻟﮭﺟوم‬:‫ﻧﻣطﯾﺔ أدوات اﻟﮭﺟوم‬
.‫ واﻟﺗﻲ ﯾﺗم ﺗﻧﻔﯾذھﺎ ﻋﻠﻰ ﻣﻧﺻﺎت ﺗﺷﻐﯾل ﻣﺗﻌددة‬، ‫ھﺟﻣﺎت ﺳرﯾﻌﺔ اﻟﺗطور‬ 14
Characteristics of Attacks

• Faster Discovery of Vulnerabilities

Each year the number of vulnerabilities doubles and it becomes
increasingly difficult for administrators to keep up with the latest
patches. Unfortunately the hackers also know the latest vulnerabilities
and are constantly on the lookout for unpatched systems/hosts. The
so-called “time to patch” is becoming increasingly small.
‫اﻛﺗﺷﺎف أﺳرع ﻟﻠﺛﻐرات اﻷﻣﻧﯾﺔ‬
‫ﯾﺗﺿﺎﻋف ﻋدد ﻧﻘﺎط اﻟﺿﻌف ﻛل ﻋﺎم وﯾﺻﺑﺢ ﻣن اﻟﺻﻌب ﺑﺷﻛل ﻣﺗزاﯾد ﻋﻠﻰ‬
‫ ﯾﻌرف اﻟﻣﺗﺳﻠﻠون أﯾﺿﺎ‬، ‫ ﻟﺳوء اﻟﺣظ‬.‫اﻟﻣﺳؤوﻟﯾن ﻣواﻛﺑﺔ أﺣدث اﻟﺗﺻﺣﯾﺣﺎت‬
.‫ اﻟﻣﺿﯾﻔﯾن ﻏﯾر اﻟﻣﺻﺣﺣﯾن‬/ ‫أﺣدث ﻧﻘﺎط اﻟﺿﻌف وﯾﺑﺣﺛون ﺑﺎﺳﺗﻣرار ﻋن اﻷﻧظﻣﺔ‬
.‫ﻣﺎ ﯾﺳﻣﻰ ب "وﻗت اﻟﺗﺻﺣﯾﺢ" أﺻﺑﺢ ﺻﻐﯾرا ﺑﺷﻛل ﻣﺗزاﯾد‬

CSE 451 - Computer & Network Security

15
Cybercrimes
Vulnerability: Defined as the weakness in security systems including
procedures, network design, or implementation that can be exploited
by attackers to control and harm system.
‫ ﺗﻌرف ﺑﺄﻧﮭﺎ ﻧﻘطﺔ اﻟﺿﻌف ﻓﻲ أﻧظﻣﺔ اﻷﻣﺎن ﺑﻣﺎ ﻓﻲ ذﻟك اﻹﺟراءات‬:‫اﻟﺛﻐرة اﻷﻣﻧﯾﺔ‬
‫أو ﺗﺻﻣﯾم اﻟﺷﺑﻛﺔ أو اﻟﺗﻧﻔﯾذ اﻟﺗﻲ ﯾﻣﻛن اﺳﺗﻐﻼﻟﮭﺎ ﻣن ﻗﺑل اﻟﻣﮭﺎﺟﻣﯾن ﻟﻠﺗﺣﻛم ﻓﻲ‬
• Examples: .‫اﻟﻧظﺎم وإﻟﺣﺎق اﻟﺿرر ﺑﮫ‬
• Software bugs :‫اﻣﺛﻠﮫ‬
• Configuration mistakes ‫اﻟﺑﻖ اﻟﺑرﻣﺟﯾﺎت‬
‫أﺧطﺎء اﻟﺗﻛوﯾن‬
• Network design flaw ‫ﻋﯾب ﻓﻲ ﺗﺻﻣﯾم اﻟﺷﺑﻛﺔ‬
‫ﻋدم وﺟود ﺗﺷﻔﯾر‬
• Lack of encryption ‫ﺧطﺄ ﺑﺷري‬
• Human error
CSE 451 - Computer & Network Security
16
Cybercrimes – Crime Scene
• Crime scene ‫ﻣﺳرح اﻟﺟرﯾﻣﺔ‬
• The computer, network any electronic device can be a tool of the
crime. .‫ ﺷﺑﻛﺔ أي ﺟﮭﺎز إﻟﻛﺗروﻧﻲ ﯾﻣﻛن أن ﯾﻛون أداة ﻟﻠﺟرﯾﻣﺔ‬، ‫اﻟﻛﻣﺑﯾوﺗر‬
• The computer in cybercrime might be used in the commission of a
crime by attackers (criminals), or it may be targeted (victim) by the
attackers. ‫ﻗد ﯾﺗم اﺳﺗﺧدام اﻟﻛﻣﺑﯾوﺗر ﻓﻲ اﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ ﻓﻲ ارﺗﻛﺎب ﺟرﯾﻣﺔ ﻣن ﻗﺑل‬
.‫ أو ﻗد ﯾﺗم اﺳﺗﮭداﻓﮫ )اﻟﺿﺣﯾﺔ( ﻣن ﻗﺑل اﻟﻣﮭﺎﺟﻣﯾن‬، (‫اﻟﻣﮭﺎﺟﻣﯾن )اﻟﻣﺟرﻣﯾن‬
• The computer or network can be used for incidental purposes (e.g. to
store data or keep records related to a crime); evidence of intention
to committing illegal activities.
‫ﯾﻣﻛن اﺳﺗﺧدام اﻟﻛﻣﺑﯾوﺗر أو اﻟﺷﺑﻛﺔ ﻷﻏراض ﻋرﺿﯾﺔ )ﻋﻠﻰ ﺳﺑﯾل اﻟﻣﺛﺎل ﻟﺗﺧزﯾن اﻟﺑﯾﺎﻧﺎت أو اﻻﺣﺗﻔﺎظ‬
.‫ﺑﺳﺟﻼت ﺗﺗﻌﻠﻖ ﺑﺟرﯾﻣﺔ( ؛ دﻟﯾل ﻋﻠﻰ ﻧﯾﺔ ارﺗﻛﺎب أﻧﺷطﺔ ﻏﯾر ﻗﺎﻧوﻧﯾﺔ‬
CSE 451 - Computer & Network Security
17
Cybercrimes Bounders
‫ﺣدود اﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ‬

• Spans national boundaries.

.‫ﯾﻣﺗد ﻋﺑر اﻟﺣدود اﻟوطﻧﯾﺔ‬
• Criminals are no longer within reach of a particular police force.
.‫ﻟم ﯾﻌد اﻟﻣﺟرﻣون ﻓﻲ ﻣﺗﻧﺎول ﻗوة ﺷرطﺔ ﻣﻌﯾﻧﺔ‬

CSE 451 - Computer & Network Security

18
Evidences of‫اﻟﺟراﺋم‬Cybercrimes
‫اﻹﻟﻛﺗروﻧﯾﺔ‬ ‫أدﻟﺔ‬

• Collecting evidence for prosecutions is not the same as catching

someone hacking into your network. Evidence must be presented in
court and must be clear cut and convincing if prosecutions are to be
secured. ‫إن ﺟﻣﻊ اﻷدﻟﺔ ﻟﻠﻣﻼﺣﻘﺎت اﻟﻘﺿﺎﺋﯾﺔ ﯾﺧﺗﻠف ﻋن اﻟﻘﺑض ﻋﻠﻰ ﺷﺧص ﯾﺧﺗرق‬
‫ ﯾﺟب ﺗﻘدﯾم اﻷدﻟﺔ ﻓﻲ اﻟﻣﺣﻛﻣﺔ وﯾﺟب أن ﺗﻛون واﺿﺣﺔ وﻣﻘﻧﻌﺔ إذا أرﯾد‬.‫ﺷﺑﻛﺗك‬
.‫ﺗﺄﻣﯾن اﻟﻣﻼﺣﻘﺎت اﻟﻘﺿﺎﺋﯾﺔ‬
• The Police have high tech crime units. Most of large companies have
computer forensic units.
‫ ﻣﻌظم اﻟﺷرﻛﺎت اﻟﻛﺑﯾرة ﻟدﯾﮭﺎ‬.‫اﻟﺷرطﺔ ﻟدﯾﮭﺎ وﺣدات اﻟﺟرﯾﻣﺔ اﻟﺗﻛﻧوﻟوﺟﯾﺎ اﻟﻌﺎﻟﯾﺔ‬
.‫وﺣدات اﻟطب اﻟﺷرﻋﻲ اﻟﻛﻣﺑﯾوﺗر‬

CSE 451 - Computer & Network Security

19
Cybercrimes and Laws
• Law need to be enforceable.
.‫ﯾﺟب أن ﯾﻛون اﻟﻘﺎﻧون ﻗﺎﺑﻼ ﻟﻠﺗﻧﻔﯾذ‬
• Laws need to be very specific.
.‫ﯾﺟب أن ﺗﻛون اﻟﻘواﻧﯾن ﻣﺣددة ﻟﻠﻐﺎﯾﺔ‬

CSE 451 - Computer & Network Security

20
Cyber Laws in the Kingdom of Saudi Arabia
‫ﻗواﻧﯾن اﻹﻧﺗرﻧت ﻓﻲ اﻟﻣﻣﻠﻛﺔ اﻟﻌرﺑﯾﺔ اﻟﺳﻌودﯾﺔ‬

• Examples:
• Anti-Cyber Crime Law
• E-Commerce Law
• Cloud Cybersecurity Controls
• Critical Systems Cybersecurity Controls - The National Cryptographic
Standards
‫ﻗﺎﻧون ﻣﻛﺎﻓﺣﺔ ﺟراﺋم اﻟﻣﻌﻠوﻣﺎﺗﯾﺔ‬
‫ﻗﺎﻧون اﻟﺗﺟﺎرة اﻹﻟﻛﺗروﻧﯾﺔ‬
‫ﺿواﺑط اﻷﻣن اﻟﺳﯾﺑراﻧﻲ اﻟﺳﺣﺎﺑﻲ‬
‫ ﻣﻌﺎﯾﯾر اﻟﺗﺷﻔﯾر اﻟوطﻧﯾﺔ‬- ‫ﺿواﺑط اﻷﻣن اﻟﺳﯾﺑراﻧﻲ ﻟﻸﻧظﻣﺔ اﻟﺣرﺟﺔ‬

CSE 451 - Computer & Network Security

21
Challenges prosecuting cybercrimes
‫ﺗﺣدﯾﺎت ﻣﻘﺎﺿﺎة اﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ‬

Tracking and tracing cyber attacks are technical challenges and global
policy Issues!!! !!‫ﯾﻌد ﺗﺗﺑﻊ اﻟﮭﺟﻣﺎت اﻟﺳﯾﺑراﻧﯾﺔ وﺗﻌﻘﺑﮭﺎ ﺗﺣدﯾﺎت ﺗﻘﻧﯾﺔ وﻗﺿﺎﯾﺎ ﺳﯾﺎﺳﯾﺔ ﻋﺎﻟﻣﯾﺔ‬
Main challenges in combating cybercrime:
:‫اﻟﺗﺣدﯾﺎت اﻟرﺋﯾﺳﯾﺔ ﻓﻲ ﻣﻛﺎﻓﺣﺔ اﻟﺟرﯾﻣﺔ اﻟﺳﯾﺑراﻧﯾﺔ‬
• Loss of location, unknowing location of attackers
‫ ﻋدم ﻣﻌرﻓﺔ ﻣوﻗﻊ اﻟﻣﮭﺎﺟﻣﯾن‬، ‫ﻓﻘدان اﻟﻣوﻗﻊ‬
• Legal aspect challenges include:
:‫ﺗﺷﻣل ﺗﺣدﯾﺎت اﻟﺟﺎﻧب اﻟﻘﺎﻧوﻧﻲ ﻣﺎ ﯾﻠﻲ‬
• Challenges associated with national legal frameworks;
‫اﻟﺗﺣدﯾﺎت اﻟﻣرﺗﺑطﺔ ﺑﺎﻷطر اﻟﻘﺎﻧوﻧﯾﺔ اﻟوطﻧﯾﺔ؛‬
• Obstacles to international cooperation. .‫اﻟﻌﻘﺑﺎت اﻟﺗﻲ ﺗﻌﺗرض اﻟﺗﻌﺎون اﻟدوﻟﻲ‬
• Challenges of public-private partnerships. .‫ﺗﺣدﯾﺎت اﻟﺷراﻛﺎت ﺑﯾن اﻟﻘطﺎﻋﯾن اﻟﻌﺎم واﻟﺧﺎص‬

CSE 451 - Computer & Network Security

22
Cyber Warfare ‫اﻟﺣرب اﻟﺳﯾﺑراﻧﯾﺔ‬

• Definition:
• Cyber Warfare is defined as the use of cyber attacks by a nation or an
organization with the intention to disrupt, damaging, or destroy
another nation’s resources, networks, or civilian infrastructure etc.. to
wreak havoc on government. ‫ﺗﻌرف اﻟﺣرب اﻟﺳﯾﺑراﻧﯾﺔ ﺑﺄﻧﮭﺎ اﺳﺗﺧدام اﻟﮭﺟﻣﺎت اﻟﺳﯾﺑراﻧﯾﺔ ﻣن ﻗﺑل دوﻟﺔ أو‬
‫ﻣﻧظﻣﺔ ﺑﻘﺻد ﺗﻌطﯾل أو إﺗﻼف أو ﺗدﻣﯾر ﻣوارد دوﻟﺔ أﺧرى أو ﺷﺑﻛﺎﺗﮭﺎ أو ﺑﻧﯾﺗﮭﺎ‬
.‫ ﻹﺣداث ﻓوﺿﻰ ﻓﻲ اﻟﺣﻛوﻣﺔ‬.‫اﻟﺗﺣﺗﯾﺔ اﻟﻣدﻧﯾﺔ وﻣﺎ إﻟﻰ ذﻟك‬
• Can cause damage to the state, stope vital resources, disrupt critical
systems and even loss of life.
‫ وﺗﻌطل اﻷﻧظﻣﺔ‬، ‫ وﺗوﻗف اﻟﻣوارد اﻟﺣﯾوﯾﺔ‬، ‫ﯾﻣﻛن أن ﺗﺳﺑب أﺿرارا ﻟﻠدوﻟﺔ‬
.‫اﻟﺣﯾوﯾﺔ وﺣﺗﻰ اﻟﺧﺳﺎﺋر ﻓﻲ اﻷرواح‬
CSE 451 - Computer & Network Security
23
Cyber Warfare
• Example:
• Russia-Ukraine Cyber Warfare in 2022
• A copy of Remote Manipulator System (RMS)
• “malware” being used, a utilities software tool that enables remote
control of devices.
• It has being distributed through a fake emails about “Evacuation
Plan” 2022 ‫اﻟﺣرب اﻹﻟﻛﺗروﻧﯾﺔ ﺑﯾن روﺳﯾﺎ وأوﻛراﻧﯾﺎ ﻓﻲ ﻋﺎم‬
RMS ‫ﻧﺳﺧﺔ ﻣن ﻧظﺎم اﻟﻣﻧﺎور ﻋن ﺑﻌد‬
" ‫ وھﻲ أداة ﺑرﻣﺟﯾﺔ ﻟﻸدوات اﻟﻣﺳﺎﻋدة ﺗﺗﯾﺢ‬، ‫اﻟﺑراﻣﺞ اﻟﺿﺎرة" اﻟﻣﺳﺗﺧدﻣﺔ‬
.‫اﻟﺗﺣﻛم ﻋن ﺑﻌد ﻓﻲ اﻷﺟﮭزة‬
"‫ﺗم ﺗوزﯾﻌﮭﺎ ﻣن ﺧﻼل رﺳﺎﺋل ﺑرﯾد إﻟﻛﺗروﻧﻲ ﻣزﯾﻔﺔ ﺣول "ﺧطﺔ اﻹﺧﻼء‬

CSE 451 - Computer & Network Security

24
Cybersecurity
• Definition:
• The collection of tools, policies, security concepts, security
safeguards, guidelines, risk management approaches, actions,
training, best practices, assurance and technologies that can be used
to protect the cyber environment individuals and user’s assets against
any kind of cyberthreats.
‫ﺟﻣﻊ اﻷدوات واﻟﺳﯾﺎﺳﺎت واﻟﻣﻔﺎھﯾم اﻷﻣﻧﯾﺔ واﻟﺿﻣﺎﻧﺎت اﻷﻣﻧﯾﺔ واﻟﻣﺑﺎدئ‬
‫اﻟﺗوﺟﯾﮭﯾﺔ وﻧﮭﺞ إدارة اﻟﻣﺧﺎطر واﻹﺟراءات واﻟﺗدرﯾب وأﻓﺿل اﻟﻣﻣﺎرﺳﺎت‬
‫واﻟﺿﻣﺎﻧﺎت واﻟﺗﻘﻧﯾﺎت اﻟﺗﻲ ﯾﻣﻛن اﺳﺗﺧداﻣﮭﺎ ﻟﺣﻣﺎﯾﺔ اﻟﺑﯾﺋﺔ اﻟﺳﯾﺑراﻧﯾﺔ ﻟﻸﻓراد‬
.‫وأﺻول اﻟﻣﺳﺗﺧدﻣﯾن ﺿد أي ﻧوع ﻣن اﻟﺗﮭدﯾدات اﻟﺳﯾﺑراﻧﯾﺔ‬

CSE 451 - Computer & Network Security

25
Cyber Attack Scenarios
‫ﺳﯾﻧﺎرﯾوھﺎت اﻟﮭﺟوم اﻟﺳﯾﺑراﻧﻲ‬

• Some security measures like a strong password may be enough

against some attackers (e.g. a teenager using some tools) but not
against a determined professional hackers who might use wiretapping
and cryptanalysis as weapons of their attacks.
‫ﻗد ﺗﻛون ﺑﻌض اﻹﺟراءات اﻷﻣﻧﯾﺔ ﻣﺛل ﻛﻠﻣﺔ اﻟﻣرور اﻟﻘوﯾﺔ ﻛﺎﻓﯾﺔ ﺿد ﺑﻌض‬
‫اﻟﻣﮭﺎﺟﻣﯾن )ﻣﺛل ﻣراھﻖ ﯾﺳﺗﺧدم ﺑﻌض اﻷدوات( وﻟﻛن ﻟﯾس ﺿد ﻗراﺻﻧﺔ ﻣﺣﺗرﻓﯾن‬
‫ﻣﺻﻣﻣﯾن ﻗد ﯾﺳﺗﺧدﻣون اﻟﺗﻧﺻت ﻋﻠﻰ اﻟﻣﻛﺎﻟﻣﺎت اﻟﮭﺎﺗﻔﯾﺔ وﺗﺣﻠﯾل اﻟﺷﻔرات ﻛﺄﺳﻠﺣﺔ‬
.‫ﻟﮭﺟﻣﺎﺗﮭم‬

CSE 451 - Computer & Network Security

26
Cyber Attack Scenarios
• Some hackers are more interested in outgoing connections.
• Other attackers are more interested on specific targets (e.g. specific
large companies, governmental organizations).
• Some attackers will be looking after the stored data on the systems.
.‫ﯾﮭﺗم ﺑﻌض اﻟﻣﺗﺳﻠﻠﯾن أﻛﺛر ﺑﺎﻻﺗﺻﺎﻻت اﻟﺻﺎدرة‬
‫اﻟﻣﮭﺎﺟﻣون اﻵﺧرون أﻛﺛر اھﺗﻣﺎﻣﺎ ﺑﺄھداف ﻣﺣددة )ﻣﺛل ﺷرﻛﺎت ﻛﺑﯾرة ﻣﺣددة‬
.(‫وﻣﻧظﻣﺎت ﺣﻛوﻣﯾﺔ‬
.‫ﺳﯾﮭﺗم ﺑﻌض اﻟﻣﮭﺎﺟﻣﯾن ﺑﺎﻟﺑﯾﺎﻧﺎت اﻟﻣﺧزﻧﺔ ﻋﻠﻰ اﻷﻧظﻣﺔ‬

CSE 451 - Computer & Network Security

27
Cyber Attack Scenarios
• Example:
• A hacker who compromises or impersonates a host will normally gain
access to all of the connected resources (e.g. files, storage devices,
phone lines etc..).
‫ﻋﺎدة ﻣﺎ ﯾﺗﻣﻛن اﻟﻣﺗﺳﻠل اﻟذي ﯾﻘوم ﺑﺎﺧﺗراق ﻣﺿﯾف أو اﻧﺗﺣﺎل ﺷﺧﺻﯾﺗﮫ ﻣن‬
‫اﻟوﺻول إﻟﻰ ﺟﻣﯾﻊ اﻟﻣوارد اﻟﻣﺗﺻﻠﺔ )ﻣﺛل اﻟﻣﻠﻔﺎت وأﺟﮭزة اﻟﺗﺧزﯾن وﺧطوط‬
.(‫اﻟﮭﺎﺗف وﻣﺎ إﻟﻰ ذﻟك‬

CSE 451 - Computer & Network Security

28
Cyber Attack Scenarios
• Possible Countermeasures:
• To protect such resources the obvious solution is to stop attackers at
the front door. This is a useful start of security measure, but only if
the security threats originate from outside!!!
:‫اﻟﺗداﺑﯾر اﻟﻣﺿﺎدة اﻟﻣﻣﻛﻧﺔ‬
.‫ ﻓﺈن اﻟﺣل اﻟواﺿﺢ ھو إﯾﻘﺎف اﻟﻣﮭﺎﺟﻣﯾن ﻋﻧد اﻟﺑﺎب اﻷﻣﺎﻣﻲ‬، ‫ﻟﺣﻣﺎﯾﺔ ھذه اﻟﻣوارد‬
‫ وﻟﻛن ﻓﻘط إذا ﻛﺎﻧت اﻟﺗﮭدﯾدات اﻷﻣﻧﯾﺔ ﺗﻧﺷﺄ ﻣن‬، ‫ھذه ﺑداﯾﺔ ﻣﻔﯾدة ﻟﻠﺗداﺑﯾر اﻷﻣﻧﯾﺔ‬
!!‫اﻟﺧﺎرج‬

CSE 451 - Computer & Network Security

29
Why we are worry about security?
‫ﻟﻣﺎذا ﻧﺣن ﻗﻠﻘون ﺑﺷﺄن اﻷﻣن؟‬

What are the objectives of cyberattacks?

‫ﻣﺎ ھﻲ أھداف اﻟﮭﺟﻣﺎت اﻹﻟﻛﺗروﻧﯾﺔ؟‬

CSE 451 - Computer & Network Security

30
Attacks Objectives
• Economic or political motivations • Compromise Networks and
‫اﻟدواﻓﻊ اﻻﻗﺗﺻﺎدﯾﺔ أو اﻟﺳﯾﺎﺳﯾﺔ‬
• Put critical infrastructure at risk systems ‫اﺧﺗراق اﻟﺷﺑﻛﺎت واﻷﻧظﻣﺔ‬
‫ﺗﻌرﯾض اﻟﺑﻧﯾﺔ اﻟﺗﺣﺗﯾﺔ اﻟﺣﯾوﯾﺔ ﻟﻠﺧطر‬ ‫ﺳرﻗﺔ اﻟﮭوﯾﺔ‬
• Company's reputation • Identity theft ‫اﻟﺗﺧرﯾب‬
‫ﺳﻣﻌﺔ اﻟﺷرﻛﺔ‬ ‫اﻟﺧﻼﻓﺎت اﻟﺗﺟﺎرﯾﺔ‬
• Financial loss • Sabotage ‫ ﯾﺧﺗﻠﻔون ﻣﻌﮭﺎ أﯾدﯾوﻟوﺟﯾﺎ‬- ‫اﻷﯾدﯾوﻟوﺟﯾﺔ‬
‫ﺧﺳﺎرة ﻣﺎﻟﯾﺔ‬
• Stealing Sensitive information • Business feuds ‫اﺑﺗزاز‬
‫اﻟﻣﻠل‬
‫ﺳرﻗﺔ اﻟﻣﻌﻠوﻣﺎت اﻟﺣﺳﺎﺳﺔ‬
• Steal financial • Ideology – they disagree with
‫ﺳرﻗﺔ اﻟﻣﺎﻟﯾﺔ‬ ideologically
• Stealing intellectual property
‫ﺳرﻗﺔ اﻟﻣﻠﻛﯾﺔ اﻟﻔﻛرﯾﺔ‬ • Extortion
• Information extortion
‫اﺑﺗزاز اﻟﻣﻌﻠوﻣﺎت‬ • Boredom
CSE 451 - Computer & Network Security
31
 Part 2

CSE 451 - Computer & Network Security

32
Outline
• Cyber Threats
• Internal Threats (Insider Threats)
• External Threats
• Passive attacks
• Active attacks

CSE 451 - Computer & Network Security

33
Wat is the most dangerous security threats?
‫وات ھو أﺧطر اﻟﺗﮭدﯾدات اﻷﻣﻧﯾﺔ؟‬

CSE 451 - Computer & Network Security

34
Cyber Threats ‫اﻟﺗﮭدﯾدات اﻟﺳﯾﺑراﻧﯾﺔ‬

• Definition:
• Any cyber circumstance or event with the potential to cause harm to
a computer, systems, network or any connected equipment.
‫أي ظرف أو ﺣدث ﺳﯾﺑراﻧﻲ ﻣن اﻟﻣﺣﺗﻣل أن ﯾﺗﺳﺑب ﻓﻲ ﺿرر ﻟﺟﮭﺎز ﻛﻣﺑﯾوﺗر أو‬
.‫أﻧظﻣﺔ أو ﺷﺑﻛﺔ أو أي ﻣﻌدات ﻣﺗﺻﻠﺔ‬

CSE 451 - Computer & Network Security

35
Cyber Threats
• Types and sources of cyber threats and attacks:
:‫أﻧواع وﻣﺻﺎدر اﻟﺗﮭدﯾدات واﻟﮭﺟﻣﺎت اﻟﺳﯾﺑراﻧﯾﺔ‬
• Internal Threats (Insider Threats)
(‫اﻟﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ )اﻟﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ‬
• External Threats
‫اﻟﺗﮭدﯾدات اﻟﺧﺎرﺟﯾﺔ‬
• Passive attacks intruder intercepts network traffic
‫اﻟﮭﺟﻣﺎت اﻟﺳﻠﺑﯾﺔ اﻟدﺧﯾل ﯾﻌﺗرض ﺣرﻛﺔ ﻣرور اﻟﺷﺑﻛﺔ‬
• Active attacks intruder initiates commands to disrupt the network
‫دﺧﯾل ھﺟﻣﺎت ﻧﺷط ﯾﺑدأ أواﻣر ﻟﺗﻌطﯾل اﻟﺷﺑﻛﺔ‬

CSE 451 - Computer & Network Security

36
 Internal Threats - Insider Threats
‫ اﻟﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ‬- ‫اﻟﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ‬
• Definition:
• It happens when an individual or group of individuals who are either inside the
organization or close to the organization (such as contract employees or third-
party vendors) having partial or full access to authorized information about the
company use their privileges and authorization for malicious intent or to cause
harm to the organization.
(‫ﯾﺣدث ذﻟك ﻋﻧدﻣﺎ ﯾﺳﺗﺧدم ﻓرد أو ﻣﺟﻣوﻋﺔ ﻣن اﻷﻓراد اﻟﻣوﺟودﯾن داﺧل اﻟﻣؤﺳﺳﺔ أو ﺑﺎﻟﻘرب ﻣﻧﮭﺎ )ﻣﺛل اﻟﻣوظﻔﯾن اﻟﻣﺗﻌﺎﻗدﯾن أو اﻟﺑﺎﺋﻌﯾن اﻟﺧﺎرﺟﯾﯾن‬
.‫اﻟذﯾن ﻟدﯾﮭم وﺻول ﺟزﺋﻲ أو ﻛﺎﻣل إﻟﻰ اﻟﻣﻌﻠوﻣﺎت اﻟﻣﺻرح ﺑﮭﺎ ﺣول اﻟﺷرﻛﺔ اﻣﺗﯾﺎزاﺗﮭم وﺗﻔوﯾﺿﮭم ﻟﻧﯾﺔ ﺧﺑﯾﺛﺔ أو ﻹﻟﺣﺎق اﻟﺿرر ﺑﺎﻟﻣﻧظﻣﺔ‬
• These individuals can use this sensitive information deliberately or non-
deliberately, negatively affecting the critical systems and data of the organization.
It mostly happens when the employees of a certain organization are careless and
refuse to comply with the rules, regulations, and policies of the company.
‫ ﻣﻣﺎ ﯾؤﺛر ﺳﻠﺑﺎ ﻋﻠﻰ اﻷﻧظﻣﺔ واﻟﺑﯾﺎﻧﺎت اﻟﮭﺎﻣﺔ‬، ‫ﯾﻣﻛن ﻟﮭؤﻻء اﻷﻓراد اﺳﺗﺧدام ھذه اﻟﻣﻌﻠوﻣﺎت اﻟﺣﺳﺎﺳﺔ ﻋن ﻗﺻد أو ﻋن ﻏﯾر ﻋﻣد‬
.‫ ﯾﺣدث ذﻟك ﻓﻲ اﻟﻐﺎﻟب ﻋﻧدﻣﺎ ﯾﻛون ﻣوظﻔو ﻣؤﺳﺳﺔ ﻣﻌﯾﻧﺔ ﻣﮭﻣﻠﯾن وﯾرﻓﺿون اﻻﻣﺗﺛﺎل ﻟﻘواﻋد وأﻧظﻣﺔ وﺳﯾﺎﺳﺎت اﻟﺷرﻛﺔ‬.‫ﻟﻠﻣؤﺳﺳﺔ‬
CSE 451 - Computer & Network Security
37
Insider threats
• Example:
• Threat can go to the extent of insiders contacting customers through
phishing emails and robbing them.
‫ﯾﻣﻛن أن ﯾﺻل اﻟﺗﮭدﯾد إﻟﻰ ﺣد اﺗﺻﺎل اﻟﻣطﻠﻌﯾن ﺑﺎﻟﻌﻣﻼء ﻣن ﺧﻼل رﺳﺎﺋل اﻟﺑرﯾد‬
.‫اﻹﻟﻛﺗروﻧﻲ ﻟﻠﺗﺻﯾد اﻻﺣﺗﯾﺎﻟﻲ وﺳرﻗﺗﮭم‬

CSE 451 - Computer & Network Security

38
Insider threats
• There are two major types of insider threats:
• Malicious
• Inadvertent
:‫ھﻧﺎك ﻧوﻋﺎن رﺋﯾﺳﯾﺎن ﻣن اﻟﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ‬
‫ﺧﺑﯾث‬
‫ﻏﯾر ﻣﻘﺻود‬

CSE 451 - Computer & Network Security

39
Insider threats
Malicious goals of insider threats:
• Sabotage
• Intellectual property (IP) :‫اﻷھداف اﻟﺧﺑﯾﺛﺔ ﻟﻠﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ‬
‫اﻟﺗﺧرﯾب‬
• Theft IP ‫اﻟﻣﻠﻛﯾﺔ اﻟﻔﻛرﯾﺔ‬
‫ﺳرﻗﺔ‬
• Espionage ‫ﺗﺟﺳس‬
• Fraud (financial gain) (‫اﻻﺣﺗﯾﺎل )اﻟﻛﺳب اﻟﻣﺎﻟﻲ‬

CSE 451 - Computer & Network Security

40
Insider threats
The most common situations of Inadvertent insider threats:
• Human error :‫اﻟﺣﺎﻻت اﻷﻛﺛر ﺷﯾوﻋﺎ ﻟﻠﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ ﻏﯾر اﻟﻣﻘﺻودة‬
• Bad judgment ‫• ﺧطﺄ ﺑﺷري‬
‫• ﺳوء اﻟﺗﻘدﯾر‬
• Phishing ‫• اﻟﺗﺻﯾد اﻻﺣﺗﯾﺎﻟﻲ‬
• Malware ‫• اﻟﺑرﻣﺟﯾﺎت اﻟﺧﺑﯾﺛﺔ‬
• Unintentional aiding and abetting ‫• اﻟﻣﺳﺎﻋدة واﻟﺗﺣرﯾض ﻏﯾر اﻟﻣﻘﺻودﯾن‬
• Stolen credentials ‫• أوراق اﻻﻋﺗﻣﺎد اﻟﻣﺳروﻗﺔ‬
‫•ﻣرﻓﻖ‬
• Convenience

CSE 451 - Computer & Network Security

41
 Insider Threats Countermeasures
:‫ﺗﺷﻣل اﻷﻧواع اﻟﻣﺧﺗﻠﻔﺔ ﻣن ﻋﻧﺎﺻر اﻟﺗﺣﻛم اﻟداﺧﻠﯾﺔ ﻣن اﻟﺗﻛﻧوﻟوﺟﯾﺎ ووﺟﮭﺎت اﻟﻧظر اﻷﺧرى ﻣﺎ ﯾﻠﻲ‬
• Different types of insider controls from a technology and other
perspectives include:
• Monitor system and network activity.
.‫ﻣراﻗﺑﺔ ﻧﺷﺎط اﻟﻧظﺎم واﻟﺷﺑﻛﺔ‬
• Monitor data exfiltration attempts.
.‫ﻣراﻗﺑﺔ ﻣﺣﺎوﻻت اﺳﺗﺧراج اﻟﺑﯾﺎﻧﺎت‬
• Establish normal user behavior patterns and set alerts for anomalies.
.‫إﻧﺷﺎء أﻧﻣﺎط ﺳﻠوك اﻟﻣﺳﺗﺧدم اﻟﻌﺎدﯾﺔ وﺗﻌﯾﯾن ﺗﻧﺑﯾﮭﺎت ﻟﻠﺣﺎﻻت اﻟﺷﺎذة‬
• Monitor physical access to restricted areas and the printing of documents.
.‫ﻣراﻗﺑﺔ اﻟوﺻول اﻟﻣﺎدي إﻟﻰ اﻟﻣﻧﺎطﻖ اﻟﻣﺣظورة وطﺑﺎﻋﺔ اﻟﻣﺳﺗﻧدات‬
• Access control management
‫إدارة اﻟﺗﺣﻛم ﻓﻲ اﻟوﺻول‬
• Cultivate a culture of data awareness (shared responsibility).
Conduct a classification of all systems and processes in the organization.
• Development of an insider threat program and employee security training
‫ﺗطوﯾر ﺑرﻧﺎﻣﺞ اﻟﺗﮭدﯾدات اﻟداﺧﻠﯾﺔ وﺗدرﯾب أﻣن اﻟﻣوظﻔﯾن‬
.(‫ﻏرس ﺛﻘﺎﻓﺔ اﻟوﻋﻲ ﺑﺎﻟﺑﯾﺎﻧﺎت )اﻟﻣﺳؤوﻟﯾﺔ اﻟﻣﺷﺗرﻛﺔ‬ CSE 451 - Computer & Network Security
.‫إﺟراء ﺗﺻﻧﯾف ﻟﺟﻣﯾﻊ اﻷﻧظﻣﺔ واﻟﻌﻣﻠﯾﺎت ﻓﻲ اﻟﻣﻧظﻣﺔ‬ 42
External threats
• Definition: Any malicious activities trying to breach internal
environment and come through an external network with with aim to
exploit the vulnerabilities in a system, network or any connected
electronical devices in order to lunch any type of attacks. These
deliberated actors can be individuals or organizations.
‫ أي أﻧﺷطﺔ ﺧﺑﯾﺛﺔ ﺗﺣﺎول اﺧﺗراق اﻟﺑﯾﺋﺔ اﻟداﺧﻠﯾﺔ وﺗﺄﺗﻲ ﻣن ﺧﻼل ﺷﺑﻛﺔ ﺧﺎرﺟﯾﺔ ﺑﮭدف اﺳﺗﻐﻼل ﻧﻘﺎط اﻟﺿﻌف ﻓﻲ ﻧظﺎم أو ﺷﺑﻛﺔ أو‬:‫اﻟﺗﻌرﯾف‬
.‫ ﯾﻣﻛن أن ﺗﻛون ھذه اﻟﺟﮭﺎت اﻟﻔﺎﻋﻠﺔ اﻟﻣﺗﻌﻣدة أﻓرادا أو ﻣﻧظﻣﺎت‬.‫أي أﺟﮭزة إﻟﻛﺗروﻧﯾﺔ ﻣﺗﺻﻠﺔ ﻣن أﺟل ﺷن أي ﻧوع ﻣن اﻟﮭﺟﻣﺎت‬
• Many external threat actors in the environment goes undetected!
!‫اﻟﻌدﯾد ﻣن اﻟﺟﮭﺎت اﻟﻔﺎﻋﻠﺔ ﻓﻲ اﻟﺗﮭدﯾد اﻟﺧﺎرﺟﻲ ﻓﻲ اﻟﺑﯾﺋﺔ ﻻ ﯾﺗم اﻛﺗﺷﺎﻓﮭﺎ‬

• Examples of external threats: Malware, ransomware, or a virus, DoS

DoS ‫ اﻟﺑراﻣﺞ اﻟﺿﺎرة أو ﺑراﻣﺞ اﻟﻔدﯾﺔ اﻟﺿﺎرة أو اﻟﻔﯾروﺳﺎت أو‬:‫أﻣﺛﻠﺔ ﻋﻠﻰ اﻟﺗﮭدﯾدات اﻟﺧﺎرﺟﯾﺔ‬
• Countermeasure: Various! More than one thing
‫ ﻣﺧﺗﻠف! أﻛﺛر ﻣن ﺷﻲء‬:‫اﻹﺟراء اﻟﻣﺿﺎد‬
CSE 451 - Computer & Network Security
43
Active attacks
• Definition:
• Active attacks performed when an attacker deliberately make some
sort of malicious actions, on data, computers, systems, networks
including a modification disruption, or any other malicious activities.
‫ ﻋﻠﻰ اﻟﺑﯾﺎﻧﺎت أو أﺟﮭزة‬، ‫ﯾﺗم ﺗﻧﻔﯾذ اﻟﮭﺟﻣﺎت اﻟﻧﺷطﺔ ﻋﻧدﻣﺎ ﯾﻘوم اﻟﻣﮭﺎﺟم ﻋﻣدا ﺑﻧوع ﻣن اﻹﺟراءات اﻟﺿﺎرة‬
.‫اﻟﻛﻣﺑﯾوﺗر أو اﻷﻧظﻣﺔ أو اﻟﺷﺑﻛﺎت ﺑﻣﺎ ﻓﻲ ذﻟك ﺗﻌطﯾل اﻟﺗﻌدﯾل أو أي أﻧﺷطﺔ ﺿﺎرة أﺧرى‬

• Effect on confidentiality, integrity as well as availability.

.‫اﻟﺗﺄﺛﯾر ﻋﻠﻰ اﻟﺳرﯾﺔ واﻟﻧزاھﺔ وﻛذﻟك اﻟﺗواﻓر‬
• Attack with intention to cause harm, and damage resources.
.‫اﻟﮭﺟوم ﺑﻘﺻد إﻟﺣﺎق اﻟﺿرر وإﺗﻼف اﻟﻣوارد‬

• Countermeasure: Detection systems ‫ أﻧظﻣﺔ اﻟﻛﺷف‬:‫اﻹﺟراء اﻟﻣﺿﺎد‬

CSE 451 - Computer & Network Security
44
Active attacks
• Active attacks can be subdivided into four categories:
• Masquerade
:‫ﯾﻣﻛن ﺗﻘﺳﯾم اﻟﮭﺟﻣﺎت اﻟﻧﺷطﺔ إﻟﻰ أرﺑﻊ ﻓﺋﺎت‬
• Replay ‫ﺣﻔﻠﮫ ﺗﻧﻛرﯾﮫ‬
‫اﻋﺎده‬
• Modification of messages ‫ﺗﻌدﯾل اﻟرﺳﺎﺋل‬
‫اﻟﺣرﻣﺎن ﻣن اﻟﺧدﻣﺔ‬
• Denial of service

CSE 451 - Computer & Network Security

45
Active attacks
• A Masquerade takes place when one entity pretends to be a different
entity. A masquerade attack usually includes one of the other forms
of active attack. For example, authentication sequences can be
captured and replayed after a valid authentication sequence has
taken place, thus enabling an authorized entity with few privileges to
obtain extra privileges by impersonating an entity that has those
privileges. ‫اﻷﺧرى‬ ‫ ﻋﺎدة ﻣﺎ ﯾﺗﺿﻣن اﻟﮭﺟوم اﻟﺗﻧﻛري أﺣد اﻷﺷﻛﺎل‬.‫ﺗﺣدث ﺣﻔﻠﺔ ﺗﻧﻛرﯾﺔ ﻋﻧدﻣﺎ ﯾﺗظﺎھر ﻛﯾﺎن واﺣد ﺑﺄﻧﮫ ﻛﯾﺎن ﻣﺧﺗﻠف‬
‫ ﯾﻣﻛن اﻟﺗﻘﺎط ﺗﺳﻠﺳﻼت اﻟﻣﺻﺎدﻗﺔ وإﻋﺎدة ﺗﺷﻐﯾﻠﮭﺎ ﺑﻌد ﺣدوث ﺗﺳﻠﺳل ﻣﺻﺎدﻗﺔ‬،‫ ﻓﻌﻠﻰ ﺳﺑﯾل اﻟﻣﺛﺎل‬.‫ﻟﻠﮭﺟوم اﻟﻧﺷط‬
‫ ﻣﻣﺎ ﯾﻣﻛن اﻟﻛﯾﺎن اﻟﻣﻌﺗﻣد اﻟذي ﯾﺗﻣﺗﻊ ﺑﺎﻣﺗﯾﺎزات ﻗﻠﯾﻠﺔ ﻣن اﻟﺣﺻول ﻋﻠﻰ اﻣﺗﯾﺎزات إﺿﺎﻓﯾﺔ ﻋن طرﯾﻖ اﻧﺗﺣﺎل‬،‫ﺻﺎﻟﺢ‬
.‫ﺷﺧﺻﯾﺔ ﻛﯾﺎن ﯾﺗﻣﺗﻊ ﺑﺗﻠك اﻻﻣﺗﯾﺎزات‬
• Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
.‫ﺗﺗﺿﻣن إﻋﺎدة اﻟﺗﺷﻐﯾل اﻻﻟﺗﻘﺎط اﻟﺳﻠﺑﻲ ﻟوﺣدة اﻟﺑﯾﺎﻧﺎت وإﻋﺎدة إرﺳﺎﻟﮭﺎ ﻻﺣﻘﺎ ﻹﻧﺗﺎج ﺗﺄﺛﯾر ﻏﯾر ﻣﺻرح ﺑﮫ‬
CSE 451 - Computer & Network Security
46
Active attacks
• Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce an
unauthorized effect.
‫ ﻹﻧﺗﺎج ﺗﺄﺛﯾر‬، ‫ أو ﺗﺄﺧﯾر اﻟرﺳﺎﺋل أو إﻋﺎدة ﺗرﺗﯾﺑﮭﺎ‬، ‫ﯾﻌﻧﻲ ﺗﻌدﯾل اﻟرﺳﺎﺋل ﺑﺑﺳﺎطﺔ ﺗﻐﯾﯾر ﺟزء ﻣن رﺳﺎﻟﺔ ﻣﺷروﻋﺔ‬
.‫ﻏﯾر ﻣﺻرح ﺑﮫ‬
• Denial of Service prevents or inhibits the normal use or management of
communications facilities. This attack may have a specific target; for example, an
entity may suppress all messages directed to a particular destination (e.g., the
security audit service). Another form of service denial is the disruption of an
entire network, either by disabling the network or by overloading it with
messages so as to degrade performance.
‫ ﻗد‬،‫ ﻋﻠﻰ ﺳﺑﯾل اﻟﻣﺛﺎل‬.‫ ﻗد ﯾﻛون ﻟﮭذا اﻟﮭﺟوم ھدف ﻣﺣدد‬.‫ﯾﻣﻧﻊ رﻓض اﻟﺧدﻣﺔ أو ﯾﻣﻧﻊ اﻻﺳﺗﺧدام اﻟﻌﺎدي أو إدارة ﻣراﻓﻖ اﻻﺗﺻﺎﻻت‬
‫ ﺷﻛل آﺧر ﻣن أﺷﻛﺎل رﻓض‬.(‫ ﺧدﻣﺔ ﺗدﻗﯾﻖ اﻷﻣﺎن‬،‫ﯾﻘوم ﻛﯾﺎن ﻣﺎ ﺑﻣﻧﻊ ﺟﻣﯾﻊ اﻟرﺳﺎﺋل اﻟﻣوﺟﮭﺔ إﻟﻰ وﺟﮭﺔ ﻣﻌﯾﻧﺔ )ﻋﻠﻰ ﺳﺑﯾل اﻟﻣﺛﺎل‬
.‫ إﻣﺎ ﻋن طرﯾﻖ ﺗﻌطﯾل اﻟﺷﺑﻛﺔ أو ﻋن طرﯾﻖ ﺗﺣﻣﯾﻠﮭﺎ ﺑﺎﻟرﺳﺎﺋل ﻣن أﺟل ﺗدھور اﻷداء‬، ‫اﻟﺧدﻣﺔ ھو ﺗﻌطﯾل ﺷﺑﻛﺔ ﺑﺄﻛﻣﻠﮭﺎ‬
CSE 451 - Computer & Network Security
47
Active attacks
• Examples:
• Denial of Service attacks :‫اﻣﺛﻠﮫ‬
• Spoofing ‫ھﺟﻣﺎت رﻓض اﻟﺧدﻣﺔ‬
‫اﻟﺗﺣﺎﯾل‬
• Man in the Middle ‫رﺟل ﻓﻲ اﻟوﺳط‬
‫ﺗﺟﺎوز ﺳﻌﺔ اﻟﻣﺧزن اﻟﻣؤﻗت‬
• Buffer overflow SQL ‫ﺣﻘن‬

• SQL Injection

CSE 451 - Computer & Network Security

48
Passive Attacks
• Definition:
• Passive Attack is the type of attacks in which a system is monitored and observed by an
attacker and does not involve any direct action on the attacked systems. This attack
breaches confidentiality of a system as it involves viewing, stealing, and copying data
without any alteration. In this attack there is no harm to the system.
.‫اﻟﮭﺟوم اﻟﺳﻠﺑﻲ ھو ﻧوع اﻟﮭﺟﻣﺎت اﻟﺗﻲ ﯾﺗم ﻓﯾﮭﺎ ﻣراﻗﺑﺔ اﻟﻧظﺎم وﻣراﻗﺑﺗﮫ ﻣن ﻗﺑل اﻟﻣﮭﺎﺟم وﻻ ﯾﺗﺿﻣن أي إﺟراء ﻣﺑﺎﺷر ﻋﻠﻰ اﻷﻧظﻣﺔ اﻟﻣﮭﺎﺟﻣﺔ‬
.‫ ﻓﻲ ھذا اﻟﮭﺟوم ﻻ ﯾوﺟد أي ﺿرر ﻟﻠﻧظﺎم‬.‫ﯾﻧﺗﮭك ھذا اﻟﮭﺟوم ﺳرﯾﺔ اﻟﻧظﺎم ﻷﻧﮫ ﯾﺗﺿﻣن ﻋرض اﻟﺑﯾﺎﻧﺎت وﺳرﻗﺗﮭﺎ وﻧﺳﺧﮭﺎ دون أي ﺗﻐﯾﯾر‬
• Passive attacks include active reconnaissance and passive reconnaissance.
Reconnaissance is the act of monitoring and exploring a computer, system or network in
order to collect more information before conducting a full attack.
‫ اﻻﺳﺗطﻼع ھو ﻋﻣﻠﯾﺔ ﻣراﻗﺑﺔ واﺳﺗﻛﺷﺎف ﺟﮭﺎز‬.‫ﺗﺷﻣل اﻟﮭﺟﻣﺎت اﻟﺳﻠﺑﯾﺔ اﻻﺳﺗطﻼع اﻟﻧﺷط واﻻﺳﺗطﻼع اﻟﺳﻠﺑﻲ‬
.‫ﻛﻣﺑﯾوﺗر أو ﻧظﺎم أو ﺷﺑﻛﺔ ﻣن أﺟل ﺟﻣﻊ اﻟﻣزﯾد ﻣن اﻟﻣﻌﻠوﻣﺎت ﻗﺑل ﺷن ھﺟوم ﻛﺎﻣل‬
• Victim does not get informed about the attack.
.‫ﻻ ﯾﺗم إﺑﻼغ اﻟﺿﺣﯾﺔ ﺑﺎﻟﮭﺟوم‬
• Countermeasure: Prevention system
‫ ﻧظﺎم اﻟوﻗﺎﯾﺔ‬:‫اﻹﺟراء اﻟﻣﺿﺎد‬
CSE 451 - Computer & Network Security
49
Passive Attacks
• Examples:
• Reconnaissance ‫اﻻﺳﺗطﻼع‬
‫ﺗﻧﺻت‬
• Eavesdropping ‫اﻟﻣﺳﺢ اﻟﺿوﺋﻲ ﻟﻠﻣﻧﺎﻓذ‬
• Port scanning ‫ﺗﺣﻠﯾل ﺣرﻛﺔ اﻟﻣرور‬

• Traffic analysis

CSE 451 - Computer & Network Security

50
What is the difference between passive attacks and
active attacks?
‫ﻣﺎ ھو اﻟﻔرق ﺑﯾن اﻟﮭﺟﻣﺎت اﻟﺳﻠﺑﯾﺔ واﻟﮭﺟﻣﺎت اﻟﻧﺷطﺔ؟‬

CSE 451 - Computer & Network Security

51
 Part 3

:‫ﺑﺎﻟﺗوﻓﯾﻖ ﻻﺗﻧﺳو اﻟﺳﺣور‬

CSE 451 - Computer & Network Security
52
Outline
• Malicious Software
• Computer viruses
• Virus Countermeasures
• Antivirus Techniques

CSE 451 - Computer & Network Security

53
Malicious Software
• Malicious software continues to be a big security problem for most
organizations as well as individual home users.
• Malicious software definition:
Is software that is intentionally included or inserted in a system for a
harmful purpose.
‫ﻻ ﺗزال اﻟﺑراﻣﺞ اﻟﺿﺎرة ﺗﻣﺛل ﻣﺷﻛﻠﺔ أﻣﻧﯾﺔ ﻛﺑﯾرة ﻟﻣﻌظم اﻟﻣؤﺳﺳﺎت وﻛذﻟك‬
.‫اﻟﻣﺳﺗﺧدﻣﯾن اﻟﻣﻧزﻟﯾﯾن اﻟﻔردﯾﯾن‬
:‫ﺗﻌرﯾف اﻟﺑراﻣﺞ اﻟﺿﺎرة‬
.‫ھو ﺑرﻧﺎﻣﺞ ﯾﺗم ﺗﺿﻣﯾﻧﮫ أو إدﺧﺎﻟﮫ ﻋﻣدا ﻓﻲ ﻧظﺎم ﻟﻐرض ﺿﺎر‬

CSE 451 - Computer & Network Security

54
Types of Malicious Software
• The term “malicious software” actually covers three different types of
programs:
:‫ﯾﻐطﻲ ﻣﺻطﻠﺢ "اﻟﺑراﻣﺞ اﻟﺿﺎرة" ﻓﻲ اﻟواﻗﻊ ﺛﻼﺛﺔ أﻧواع ﻣﺧﺗﻠﻔﺔ ﻣن اﻟﺑراﻣﺞ‬
• Viruses ‫ﻓﯾروﺳﺎت‬
• Worms ‫دﯾدان‬
‫أﺣﺻﻧﺔ طروادة‬
• Trojan horses

CSE 451 - Computer & Network Security

55
Computer Viruses
• Definition:
• A virus is a piece of software that can “infect” other programs by
modifying them; the modification includes a copy of the virus
program, which can then go on to infect other programs.
‫ ﯾﺗﺿﻣن اﻟﺗﻌدﯾل ﻧﺳﺧﺔ‬.‫اﻟﻔﯾروس ھو ﺟزء ﻣن اﻟﺑرﻧﺎﻣﺞ اﻟذي ﯾﻣﻛن أن "ﯾﺻﯾب" اﻟﺑراﻣﺞ اﻷﺧرى ﻋن طرﯾﻖ ﺗﻌدﯾﻠﮭﺎ‬
.‫ واﻟﺗﻲ ﯾﻣﻛن أن ﺗﺳﺗﻣر ﺑﻌد ذﻟك ﻹﺻﺎﺑﺔ اﻟﺑراﻣﺞ اﻷﺧرى‬، ‫ﻣن ﺑرﻧﺎﻣﺞ اﻟﻔﯾروﺳﺎت‬
• Viruses are pieces of code designed to piggyback on other executable programs.
In fact, viruses are not structured to exist by themselves. When a virus-infected
program is executed, the virus code executes and performs its actions. These
actions normally include attaching copies of the virus code to other programs and
sometimes to disks.
‫ اﻟﻔﯾروﺳﺎت ﻟﯾﺳت‬، ‫ ﻓﻲ اﻟواﻗﻊ‬.‫اﻟﻔﯾروﺳﺎت ھﻲ أﺟزاء ﻣن اﻟﺗﻌﻠﯾﻣﺎت اﻟﺑرﻣﺟﯾﺔ اﻟﻣﺻﻣﻣﺔ ﻟﻠﺗﺣﻣﯾل ﻋﻠﻰ اﻟﺑراﻣﺞ اﻟﻘﺎﺑﻠﺔ ﻟﻠﺗﻧﻔﯾذ اﻷﺧرى‬
‫ ﺗﺗﺿﻣن ھذه‬.‫ ﯾﺗم ﺗﻧﻔﯾذ اﻟﺗﻌﻠﯾﻣﺎت اﻟﺑرﻣﺟﯾﺔ ﻟﻠﻔﯾروس وﺗﻧﻔﯾذ إﺟراءاﺗﮭﺎ‬، ‫ ﻋﻧد ﺗﻧﻔﯾذ ﺑرﻧﺎﻣﺞ ﻣﺻﺎب ﺑﻔﯾروس‬.‫ﻣﻧظﻣﺔ ﻟوﺟود ﻣن ﺗﻠﻘﺎء ﻧﻔﺳﮭﺎ‬
.‫اﻹﺟراءات ﻋﺎدة إرﻓﺎق ﻧﺳﺦ ﻣن اﻟﺗﻌﻠﯾﻣﺎت اﻟﺑرﻣﺟﯾﺔ ﻟﻠﻔﯾروس ﺑﺑراﻣﺞ أﺧرى وأﺣﯾﺎﻧﺎ ﺑﺎﻷﻗراص‬
56
Computer Viruses
• Examples:
• Computer viruses first appeared when the majority of computers
used the Disk Operating System. Viruses spread as files were shared
through computer bulletin boards and via floppy disks. Later, viruses
were written to be attached to word processing files and executed as
part of the macro language of the word processing programs.
‫ اﻧﺗﺷرت‬.‫ظﮭرت ﻓﯾروﺳﺎت اﻟﻛﻣﺑﯾوﺗر ﻷول ﻣرة ﻋﻧدﻣﺎ اﺳﺗﺧدﻣت ﻏﺎﻟﺑﯾﺔ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر ﻧظﺎم ﺗﺷﻐﯾل اﻟﻘرص‬
‫ ﺗﻣت‬، ‫ ﻓﻲ وﻗت ﻻﺣﻖ‬.‫اﻟﻔﯾروﺳﺎت أﺛﻧﺎء ﻣﺷﺎرﻛﺔ اﻟﻣﻠﻔﺎت ﻣن ﺧﻼل ﻟوﺣﺎت إﻋﻼﻧﺎت اﻟﻛﻣﺑﯾوﺗر وﻋﺑر اﻷﻗراص اﻟﻣرﻧﺔ‬
.‫ﻛﺗﺎﺑﺔ اﻟﻔﯾروﺳﺎت ﻟﯾﺗم إرﻓﺎﻗﮭﺎ ﺑﻣﻠﻔﺎت ﻣﻌﺎﻟﺟﺔ اﻟﻧﺻوص وﺗﻧﻔﯾذھﺎ ﻛﺟزء ﻣن ﻟﻐﺔ اﻟﻣﺎﻛرو ﻟﺑراﻣﺞ ﻣﻌﺎﻟﺟﺔ اﻟﻧﺻوص‬

CSE 451 - Computer & Network Security

57
 Computer Viruses
• What viruses can do?
‫ﻣﺎ اﻟﻔﯾروﺳﺎت ﯾﻣﻛن أن ﺗﻔﻌل؟‬
• Can infect other programs by modifying them. The modification includes a copy
of the virus program. Some viruses are malicious and delete files or cause
systems to become unusable. Other viruses do not perform any malicious act
except to spread themselves to other systems.
‫ ﺑﻌض اﻟﻔﯾروﺳﺎت ﺿﺎرة وﺗﺣذف اﻟﻣﻠﻔﺎت أو‬.‫ ﯾﺗﺿﻣن اﻟﺗﻌدﯾل ﻧﺳﺧﺔ ﻣن ﺑرﻧﺎﻣﺞ اﻟﻔﯾروﺳﺎت‬.‫ﯾﻣﻛن أن ﺗﺻﯾب اﻟﺑراﻣﺞ اﻷﺧرى ﻋن طرﯾﻖ ﺗﻌدﯾﻠﮭﺎ‬
.‫ ﻻ ﺗﻘوم اﻟﻔﯾروﺳﺎت اﻷﺧرى ﺑﺄي ﻋﻣل ﺿﺎر ﺑﺎﺳﺗﺛﻧﺎء اﻻﻧﺗﺷﺎر إﻟﻰ أﻧظﻣﺔ أﺧرى‬.‫ﺗﺗﺳﺑب ﻓﻲ أن ﺗﺻﺑﺢ اﻷﻧظﻣﺔ ﻏﯾر ﻗﺎﺑﻠﺔ ﻟﻼﺳﺗﺧدام‬
• Is a self-replicating computer program
‫ھو ﺑرﻧﺎﻣﺞ ﻛﻣﺑﯾوﺗر ذاﺗﻲ اﻟﻧﺳﺦ‬
• Carries instructional code for making perfect copies of itself
‫ﯾﺣﻣل رﻣزا ﺗﻌﻠﯾﻣﯾﺎ ﻟﻌﻣل ﻧﺳﺦ ﻣﺛﺎﻟﯾﺔ ﻣن ﻧﻔﺳﮫ‬
• Needs a particular operating system and specific hardware platform to infect
other programs..‫ﯾﺣﺗﺎج إﻟﻰ ﻧظﺎم ﺗﺷﻐﯾل ﻣﻌﯾن وﻣﻧﺻﺔ أﺟﮭزة ﻣﺣددة ﻹﺻﺎﺑﺔ اﻟﺑراﻣﺞ اﻷﺧرى‬

CSE 451 - Computer & Network Security

58
 Computer Viruses
• Often delivered via a Trojan. The ILOVEYOU Trojan delivered a virus
which was activated when the recipient opened the attached file. It
emailed itself to all the people in the victim’s address book. It also
infected the Windows registry, all VB files, JPEG and MP3 files. This
ensured that the virus ran each time Window was rebooted and
made it hard to eradicate, as it was in so many different files. Thought
to have caused over $1 billion worth of damage.
ILOVEYOU ‫ ﻗﺎم ﺣﺻﺎن طروادة‬.‫ﻏﺎﻟﺑﺎ ﻣﺎ ﯾﺗم ﺗﺳﻠﯾﻣﮭﺎ ﻋﺑر ﺣﺻﺎن طروادة‬
‫ أرﺳل ﻧﻔﺳﮫ ﺑﺎﻟﺑرﯾد اﻹﻟﻛﺗروﻧﻲ إﻟﻰ ﺟﻣﯾﻊ‬.‫ﺑﺗﺳﻠﯾم ﻓﯾروس ﺗم ﺗﻧﺷﯾطﮫ ﻋﻧدﻣﺎ ﻓﺗﺢ اﻟﻣﺳﺗﻠم اﻟﻣﻠف اﻟﻣرﻓﻖ‬
Windows ‫ ﻛﻣﺎ أﺻﺎب ﺳﺟل‬.‫اﻷﺷﺧﺎص ﻓﻲ دﻓﺗر ﻋﻧﺎوﯾن اﻟﺿﺣﯾﺔ‬
Window ‫ ھذا ﯾﺿﻣن ﺗﺷﻐﯾل اﻟﻔﯾروس ﻓﻲ ﻛل ﻣرة ﯾﺗم ﻓﯾﮭﺎ إﻋﺎدة ﺗﺷﻐﯾل‬JPEG ‫و‬MP3.‫ ﻣﻠﻔﺎت‬VB ‫وﺟﻣﯾﻊ ﻣﻠﻔﺎت‬
.‫ ﻣﻠﯾﺎر دوﻻر‬1 ‫ ﯾﻌﺗﻘد أﻧﮭﺎ ﺗﺳﺑﺑت ﻓﻲ أﺿرار ﺗزﯾد ﻗﯾﻣﺗﮭﺎ ﻋن‬.‫ ﻛﻣﺎ ﻛﺎن ﻓﻲ اﻟﻌدﯾد ﻣن اﻟﻣﻠﻔﺎت اﻟﻣﺧﺗﻠﻔﺔ‬، ‫وﺟﻌل ﻣن اﻟﺻﻌب اﻟﻘﺿﺎء ﻋﻠﯾﮫ‬

CSE 451 - Computer & Network Security

59
Computer Viruses
• How the virus spread?
• A virus is program that can infect other programs by modifying them. The
modification includes a copy of the virus program. Like its biological counterpart,
a computer virus carries in its instructional code the recipe for making perfect
copies of itself. Infection spreads by users sharing infected disks or by sending
infected programs to one another. In a network environment, the ability to access
applications and system services on other computers provides a perfect culture
for the spread of the virus. ‫ ﯾﺗﺿﻣن‬.‫اﻟﻔﯾروس ھو ﺑرﻧﺎﻣﺞ ﯾﻣﻛﻧﮫ إﺻﺎﺑﺔ اﻟﺑراﻣﺞ اﻷﺧرى ﻋن طرﯾﻖ ﺗﻌدﯾﻠﮭﺎ‬
‫ ﯾﺣﻣل ﻓﯾروس‬، ‫ ﻣﺛل ﻧظﯾره اﻟﺑﯾوﻟوﺟﻲ‬.‫اﻟﺗﻌدﯾل ﻧﺳﺧﺔ ﻣن ﺑرﻧﺎﻣﺞ اﻟﻔﯾروﺳﺎت‬
‫ ﺗﻧﺗﺷر اﻟﻌدوى‬.‫اﻟﻛﻣﺑﯾوﺗر ﻓﻲ رﻣزه اﻟﺗﻌﻠﯾﻣﻲ وﺻﻔﺔ ﻟﻌﻣل ﻧﺳﺦ ﻣﺛﺎﻟﯾﺔ ﻣن ﻧﻔﺳﮫ‬
‫ﻋن طرﯾﻖ ﻣﺷﺎرﻛﺔ اﻟﻣﺳﺗﺧدﻣﯾن ﻟﻸﻗراص اﻟﻣﺻﺎﺑﺔ أو ﻋن طرﯾﻖ إرﺳﺎل اﻟﺑراﻣﺞ‬
، ‫ ﻓﻲ ﺑﯾﺋﺔ اﻟﺷﺑﻛﺔ‬.‫اﻟﻣﺻﺎﺑﺔ إﻟﻰ ﺑﻌﺿﮭم اﻟﺑﻌض‬
‫ﺗوﻓر اﻟﻘدرة ﻋﻠﻰ اﻟوﺻول إﻟﻰ اﻟﺗطﺑﯾﻘﺎت وﺧدﻣﺎت اﻟﻧظﺎم ﻋﻠﻰ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر‬
.‫اﻷﺧرى ﺛﻘﺎﻓﺔ ﻣﺛﺎﻟﯾﺔ ﻻﻧﺗﺷﺎر اﻟﻔﯾروس‬
CSE 451 - Computer & Network Security
60
Computer Viruses
Virus goes through four stages:
1. Dormant stage, not all have this stage ‫اﻟﻣرﺣﻠﺔ‬
:‫ﯾﻣر اﻟﻔﯾروس ﺑﺄرﺑﻊ ﻣراﺣل‬
‫ ﻟﯾس ﻛل ھذه‬، ‫ﻣرﺣﻠﺔ ﻧﺎﺋﻣﺔ‬
2. Propagation phase, copies itself ‫ ﺗﻧﺳﺦ ﻧﻔﺳﮭﺎ‬، ‫ﻣرﺣﻠﺔ اﻻﻧﺗﺷﺎر‬
‫ اﻟﻧﺎﺟﻣﺔ ﻋن ﺑﻌض اﻷﺣداث‬، ‫ﻣرﺣﻠﺔ اﻟﺗﺣﻔﯾز‬
3. Triggering phase, caused by some event ‫إﺟراؤھﺎ‬ ‫ﻋدد اﻟﻧﺳﺦ اﻟﺗﻲ ﺗم‬
.‫ إﻟﺦ‬، ‫ﺗﺎرﯾﺦ ﻣﻌﯾن‬
• Count of the number of copies made !‫ ﻻ ﺿرر‬، ‫ﻣرﺣﻠﺔ اﻟﺗﻧﻔﯾذ‬
• A particular date, etc.
4. Execution phase, do damage!

CSE 451 - Computer & Network Security

61
Computer Viruses
:‫ﯾﻣر اﻟﻔﯾروس ﺑﺄرﺑﻊ ﻣراﺣل‬
Virus goes through four stages:
• Dormant stage: :‫ﻣرﺣﻠﺔ ﺳﺑﺎت‬
the virus is idle, but it will eventually be activated by some event. Not all viruses have this
stage. .‫ ﻟﯾس ﻛل اﻟﻔﯾروﺳﺎت ﻟدﯾﮭﺎ ھذه اﻟﻣرﺣﻠﺔ‬.‫ وﻟﻛن ﺳﯾﺗم ﺗﻧﺷﯾطﮫ ﻓﻲ اﻟﻧﮭﺎﯾﺔ ﻣن ﺧﻼل ﺣدث ﻣﺎ‬، ‫اﻟﻔﯾروس ﺧﺎﻣل‬
• Propagation phase: :‫ﻣرﺣﻠﺔ اﻟﺗﻛﺎﺛر‬
Places an identical copy of itself into other programs or into system areas on a disk. Each
infected program will contain a clone of the virus, which will repeat the process.
‫ ﺳﯾﺣﺗوي‬.‫ﯾﺿﻊ ﻧﺳﺧﺔ ﻣﺗطﺎﺑﻘﺔ ﻣن ﻧﻔﺳﮫ ﻓﻲ ﺑراﻣﺞ أﺧرى أو ﻓﻲ ﻣﻧﺎطﻖ اﻟﻧظﺎم ﻋﻠﻰ اﻟﻘرص‬
• Triggering phase: .‫ واﻟﺗﻲ ﺳﺗﻛرر اﻟﻌﻣﻠﯾﺔ‬، ‫ﻛل ﺑرﻧﺎﻣﺞ ﻣﺻﺎب ﻋﻠﻰ ﻧﺳﺧﺔ ﻣن اﻟﻔﯾروس‬
:‫ﻣرﺣﻠﺔ اﻟﺗﺷﻐﯾل‬
Virus is activated. The triggering phase can be caused by a variety of system events,
including a count of the number of times that it has made copies of itself.
:‫ﻣرﺣﻠﺔ اﻟﺗﻧﻔﯾذ‬ ، ‫ ﯾﻣﻛن أن ﺗﺣدث ﻣرﺣﻠﺔ اﻟﺗﺷﻐﯾل ﺑﺳﺑب ﻣﺟﻣوﻋﺔ ﻣﺗﻧوﻋﺔ ﻣن أﺣداث اﻟﻧظﺎم‬.‫ﺗم ﺗﻧﺷﯾط اﻟﻔﯾروس‬
• Execution phase: .‫ﺑﻣﺎ ﻓﻲ ذﻟك ﻋدد اﻟﻣرات اﻟﺗﻲ ﻗﺎم ﻓﯾﮭﺎ ﺑﻌﻣل ﻧﺳﺦ ﻣن ﻧﻔﺳﮫ‬
The function may be harmless, such as a message on a screen, or damaging as the
destruction of programs and files.
.‫ أو ﺿﺎرة ﻣﺛل ﺗدﻣﯾر اﻟﺑراﻣﺞ واﻟﻣﻠﻔﺎت‬، ‫ ﻣﺛل رﺳﺎﻟﺔ ﻋﻠﻰ اﻟﺷﺎﺷﺔ‬، ‫ﻗد ﺗﻛون اﻟوظﯾﻔﺔ ﻏﯾر ﺿﺎرة‬

62
Computer Viruses
:‫اﻟﻘﯾود واﻟﺑﯾﺋﺔ‬
• Limitation and Environment:
• Most viruses work on particular operating systems, or specific
hardware platforms.
.‫ﺗﻌﻣل ﻣﻌظم اﻟﻔﯾروﺳﺎت ﻋﻠﻰ أﻧظﻣﺔ ﺗﺷﻐﯾل ﻣﻌﯾﻧﺔ أو ﻣﻧﺻﺎت أﺟﮭزة ﻣﺣددة‬
• They are designed to take advantage of the weaknesses of target
systems. .‫وھﻲ ﻣﺻﻣﻣﺔ ﻟﻼﺳﺗﻔﺎدة ﻣن ﻧﻘﺎط اﻟﺿﻌف ﻓﻲ اﻷﻧظﻣﺔ اﻟﻣﺳﺗﮭدﻓﺔ‬

• It can be prepended or post pended to an executable program, or it

can be embedded in some other fashion.
.‫ أو ﯾﻣﻛن ﺗﺿﻣﯾﻧﮫ ﺑطرﯾﻘﺔ أﺧرى‬، ‫ﯾﻣﻛن أن ﯾﻛون ﻣﻘدﻣﺎ أو ﻣﻧﺷورا ﻋﻠﻰ ﺑرﻧﺎﻣﺞ ﻗﺎﺑل ﻟﻠﺗﻧﻔﯾذ‬
• The key to its operation is that the infected program, when invoked,
will first execute the virus code and then the original code.
.‫ ﺳﯾﻘوم أوﻻ ﺑﺗﻧﻔﯾذ رﻣز اﻟﻔﯾروس ﺛم اﻟﻛود اﻷﺻﻠﻲ‬، ‫ ﻋﻧد اﺳﺗدﻋﺎﺋﮫ‬، ‫ﻣﻔﺗﺎح ﺗﺷﻐﯾﻠﮫ ھو أن اﻟﺑرﻧﺎﻣﺞ اﻟﻣﺻﺎب‬
CSE 451 - Computer & Network Security
63
Computer Viruses
Examples of famous viruses :
• 1981 - first computer virus
• Written by 15 yr. old student named Richard Skernta
‫ ﻋﺎﻣﺎ ﯾدﻋﻰ رﯾﺗﺷﺎرد ﺳﻛﯾرﻧﺗﺎ‬15 ‫ﻛﺗﺑﮫ طﺎﻟب ﯾﺑﻠﻎ ﻣن اﻟﻌﻣر‬
• Used floppy disk to travel between machines
‫ﯾﺳﺗﺧدم اﻟﻘرص اﻟﻣرن ﻟﻠﺗﻧﻘل ﺑﯾن اﻷﺟﮭزة‬

• 1988 - Jerusalem
• Infected both .EXE and .COM files .EXE . ‫و‬COM ‫إﺻﺎﺑﺔ ﻛل ﻣن ﻣﻠﻔﺎت‬
• Friday 13th it deleted all programs in the infected system
‫ ﻗﺎم ﺑﺣذف ﺟﻣﯾﻊ اﻟﺑراﻣﺞ ﻓﻲ اﻟﻧظﺎم اﻟﻣﺻﺎب‬13 ‫اﻟﺟﻣﻌﺔ‬

CSE 451 - Computer & Network Security

64
Computer Viruses
 Examples of famous viruses :
 1998 - Chernobyl
 Launched in Taiwan – infecting .exe files
 Remained resident in the memory
 Overwrote data on the hard drive making it inoperable
 Overwrites BIOS preventing boot-up
 Estimated damage $20 to $80 million
.exe ‫ ﯾﺻﯾب ﻣﻠﻔﺎت‬- ‫ﺗم إطﻼﻗﮫ ﻓﻲ ﺗﺎﯾوان‬
‫ﺑﻘﻲ ﻣﻘﯾﻣﺎ ﻓﻲ اﻟذاﻛرة‬
‫اﺳﺗﺑدال اﻟﺑﯾﺎﻧﺎت اﻟﻣوﺟودة ﻋﻠﻰ اﻟﻘرص اﻟﺻﻠب ﻣﻣﺎ ﯾﺟﻌﻠﮫ ﻏﯾر ﻗﺎﺑل ﻟﻠﺗﺷﻐﯾل‬
‫ﻟﻣﻧﻊ اﻟﺗﻣﮭﯾد اﻟﻛﺗﺎﺑﺔ ﻓوق اﻟﺑﺎﯾوس‬
‫ ﻣﻠﯾون دوﻻر‬80 ‫ و‬20 ‫اﻷﺿرار اﻟﻣﻘدرة ﺗﺗراوح ﺑﯾن‬
CSE 451 - Computer & Network Security
65
 Computer Viruses
• 1998 - Chernobyl
• Our list of the most dangerous computer viruses on the 20th century continues with CIH
virus that caused an estimated damage of $20 to $80 million around the globe. After its
launch, the computer virus managed to affect huge amounts of data stored on
computers. Later it was discovered that the computer virus was launched in Taiwan. It
has been recognized to be one of the most dangerous computer viruses in history. It
infected Windows 95, 98, and ME executable files. In addition, CIH remained resident in
the memory of the machine, being able to carry on infecting other executables. After
being activated, the virus overwrote data on the HDD of the infected PC, making the
latter inoperable. CIH could also overwrite the BIOS of the infected computer, thus
preventing boot-up. The second name of the virus - Chernobyl - was given because some
of the biggest damages occurred on the day when the nuclear reactor exploded.”
‫ﺗﺳﺗﻣر ﻗﺎﺋﻣﺗﻧﺎ ﻷﺧطر ﻓﯾروﺳﺎت اﻟﻛﻣﺑﯾوﺗر ﻓﻲ اﻟﻘرن اﻟﻌﺷرﯾن ﻣﻊ ﻓﯾروس‬CIH .‫ ﻣﻠﯾون دوﻻر ﻓﻲ ﺟﻣﯾﻊ أﻧﺣﺎء اﻟﻌﺎﻟم‬80 ‫ إﻟﻰ‬20 ‫اﻟذي ﺗﺳﺑب ﻓﻲ أﺿرار ﺗﻘدر ب‬
‫ ﻓﻲ وﻗت ﻻﺣﻖ ﺗم اﻛﺗﺷﺎف أن ﻓﯾروس اﻟﻛﻣﺑﯾوﺗر‬.‫ ﺗﻣﻛن ﻓﯾروس اﻟﻛﻣﺑﯾوﺗر ﻣن اﻟﺗﺄﺛﯾر ﻋﻠﻰ ﻛﻣﯾﺎت ھﺎﺋﻠﺔ ﻣن اﻟﺑﯾﺎﻧﺎت اﻟﻣﺧزﻧﺔ ﻋﻠﻰ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر‬، ‫ﺑﻌد إطﻼﻗﮫ‬
‫ و‬98 ‫ و‬95 ‫ أﺻﺎﺑت ﻣﻠﻔﺎت وﯾﻧدوز‬.‫ ﺗم اﻻﻋﺗراف ﺑﺄﻧﮫ أﺣد أﺧطر ﻓﯾروﺳﺎت اﻟﻛﻣﺑﯾوﺗر ﻓﻲ اﻟﺗﺎرﯾﺦ‬.‫ﺗم إطﻼﻗﮫ ﻓﻲ ﺗﺎﯾوان‬ME .‫اﻟﻘﺎﺑﻠﺔ ﻟﻠﺗﻧﻔﯾذ‬
‫ أﻋطﯾت ﻷن ﺑﻌض أﻛﺑر اﻷﺿرار‬- ‫ ﺗﺷﯾرﻧوﺑﯾل‬- ‫ اﻻﺳم اﻟﺛﺎﻧﻲ ﻟﻠﻔﯾروس‬.‫ وﺑﺎﻟﺗﺎﻟﻲ ﻣﻧﻊ اﻟﺗﻣﮭﯾد‬، ‫ ﻟﻠﻛﻣﺑﯾوﺗر اﻟﻣﺻﺎب‬BIOS ‫ أﯾﺿﺎ اﻟﻛﺗﺎﺑﺔ ﻓوق‬CIH ‫ﯾﻣﻛن ل‬
.‫وﻗﻌت ﻓﻲ اﻟﯾوم اﻟذي اﻧﻔﺟر ﻓﯾﮫ اﻟﻣﻔﺎﻋل اﻟﻧووي‬ 66
Computer Viruses
 Examples of famous viruses:
 1999 - Melissa - mass mailer
 Used Outlook to send email messages of itself to 50 names on the contact list
of a user.
 Message read: "Here is that document you asked for don’t show anyone else."
 Infected 15 to 20 percent of all business PCs
 Estimated damage between $300 and $600 million

.‫ اﺳﻣﺎ ﻓﻲ ﻗﺎﺋﻣﺔ ﺟﮭﺎت اﺗﺻﺎل اﻟﻣﺳﺗﺧدم‬50 ‫ ﻹرﺳﺎل رﺳﺎﺋل ﺑرﯾد إﻟﻛﺗروﻧﻲ ﺧﺎﺻﺔ ﺑﮫ إﻟﻰ‬Outlook‫اﺳﺗﺧدم‬
."‫ "ھذه ھﻲ اﻟوﺛﯾﻘﺔ اﻟﺗﻲ طﻠﺑﺗﮭﺎ ﻻ ﺗظﮭر ﻷي ﺷﺧص آﺧر‬:‫وﺟﺎء ﻓﻲ اﻟرﺳﺎﻟﺔ‬
‫ ﺑﺎﻟﻣﺎﺋﺔ ﻣن ﺟﻣﯾﻊ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر اﻟﺗﺟﺎرﯾﺔ‬20 ‫ إﻟﻰ‬15 ‫ﻣﺻﺎب ﺑﻧﺳﺑﺔ‬
‫ ﻣﻠﯾون دوﻻر‬600 ‫ و‬300 ‫اﻷﺿرار اﻟﻣﻘدرة ﺑﯾن‬
CSE 451 - Computer & Network Security
67
Computer Viruses
• 1999 - Melissa
• Melissa attacked computers in March 1999, infecting machines when users
opened a Word document attachment. Though the effect the virus had on
individuals' computers was minimal, users of Outlook Express unintentionally
sent the virus on to the first 50 people who were in their Global Address Book.
For companies, however, the virus had a larger impact. The virus was sent to
users with the subject, "Important message from [name]." More than a million
users were affected, the BBC reported. The virus also caused $80 million in
damage, and was the first virus to travel through e-mail.”
‫ وأﺻﺎﺑت اﻷﺟﮭزة ﻋﻧدﻣﺎ ﻓﺗﺢ‬، 1999 ‫ھﺎﺟﻣت ﻣﯾﻠﯾﺳﺎ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر ﻓﻲ ﻣﺎرس‬
Word. ‫اﻟﻣﺳﺗﺧدﻣون ﻣرﻓﻖ ﻣﺳﺗﻧد‬
‫ﻋﻠﻰ اﻟرﻏم ﻣن أن ﺗﺄﺛﯾر اﻟﻔﯾروس ﻋﻠﻰ أﺟﮭزة اﻟﻛﻣﺑﯾوﺗر اﻟﺧﺎﺻﺔ ﺑﺎﻷﻓراد ﻛﺎن‬
Outlook Express ‫ إﻻ أن ﻣﺳﺗﺧدﻣﻲ‬، ‫ﺿﺋﯾﻼ‬
‫ ﻛﺎن‬، ‫ ﺑﺎﻟﻧﺳﺑﺔ ﻟﻠﺷرﻛﺎت‬، ‫ وﻣﻊ ذﻟك‬.‫ ﺷﺧﺻﺎ ﻛﺎﻧوا ﻓﻲ دﻓﺗر اﻟﻌﻧﺎوﯾن اﻟﻌﻣوﻣﻲ اﻟﺧﺎص ﺑﮭم‬50 ‫أرﺳﻠوا اﻟﻔﯾروس ﻋن ﻏﯾر ﻗﺻد إﻟﻰ أول‬
[name]." ‫ "رﺳﺎﻟﺔ ﻣﮭﻣﺔ ﻣن‬، ‫ ﺗم إرﺳﺎل اﻟﻔﯾروس إﻟﻰ اﻟﻣﺳﺗﺧدﻣﯾن ﻣﻊ اﻟﻣوﺿوع‬.‫ﻟﻠﻔﯾروس ﺗﺄﺛﯾر أﻛﺑر‬
‫ ﻛﻣﺎ ﺗﺳﺑب اﻟﻔﯾروس ﻓﻲ أﺿرار‬.‫ ﺣﺳﺑﻣﺎ ذﻛرت ھﯾﺋﺔ اﻹذاﻋﺔ اﻟﺑرﯾطﺎﻧﯾﺔ‬،‫وﺗﺄﺛر أﻛﺛر ﻣن ﻣﻠﯾون ﻣﺳﺗﺧدم‬
.‫ وﻛﺎن أول ﻓﯾروس ﯾﻧﺗﻘل ﻋﺑر اﻟﺑرﯾد اﻹﻟﻛﺗروﻧﻲ‬،‫ ﻣﻠﯾون دوﻻر‬80 ‫ﺑﻘﯾﻣﺔ‬ 68
Computer Viruses
I love u girls <3
 2000 - I Love You virus – spread via Outlook
 VBS attachment that over-writes files
VBS‫ﻣرﻓﻖ‬
‫اﻟذي ﯾﻛﺗب اﻟﻣﻠﻔﺎت ﺑﺷﻛل زاﺋد‬

CSE 451 - Computer & Network Security

69
Computer Viruses
There has been a continuous arms race between virus writers and antivirus
software. .‫ﻛﺎن ھﻧﺎك ﺳﺑﺎق ﺗﺳﻠﺢ ﻣﺳﺗﻣر ﺑﯾن ﻛﺗﺎب اﻟﻔﯾروﺳﺎت وﺑراﻣﺞ ﻣﻛﺎﻓﺣﺔ اﻟﻔﯾروﺳﺎت‬
The most significant types of viruses are: :‫أھم أﻧواع اﻟﻔﯾروﺳﺎت ھﻲ‬
• File infector: traditional and still the most common form. infects files that
the operating system or shell consider to be executable. Attaches to
executable files and replicates.
‫ ﯾﺻﯾب اﻟﻣﻠﻔﺎت اﻟﺗﻲ ﯾﻌﺗﺑرھﺎ ﻧظﺎم اﻟﺗﺷﻐﯾل أو‬.‫ اﻟﺗﻘﻠﯾدﯾﺔ وﻻ ﯾزال اﻟﺷﻛل اﻷﻛﺛر ﺷﯾوﻋﺎ‬:‫ﻣﻠف اﻟﻣﺻﺎب‬shell
.‫ ﯾرﻓﻖ ﺑﺎﻟﻣﻠﻔﺎت اﻟﻘﺎﺑﻠﺔ ﻟﻠﺗﻧﻔﯾذ وﯾﻧﺳﺦ ﻧﺳﺧﺎ ﻣﺗﻣﺎﺛﻼ‬.‫ﻗﺎﺑﻠﺔ ﻟﻠﺗﻧﻔﯾذ‬
• Memory resident: Lodges in main memory as part of a resident system
program. It then infects every program that runs.
‫ ﺛم ﯾﺻﯾب ﻛل‬.‫ ﻧزل ﻓﻲ اﻟذاﻛرة اﻟرﺋﯾﺳﯾﺔ ﻛﺟزء ﻣن ﺑرﻧﺎﻣﺞ ﻧظﺎم ﻣﻘﯾم‬:‫ﻣﻘﯾم اﻟذاﻛرة‬
.‫ﺑرﻧﺎﻣﺞ ﯾﺗم ﺗﺷﻐﯾﻠﮫ‬
• Boot sector infector: Infects the master boot record and spreads when a
system is booted from an infected disk.
.‫ ﯾﺻﯾب ﺳﺟل اﻟﺗﻣﮭﯾد اﻟرﺋﯾﺳﻲ وﯾﻧﺗﺷر ﻋﻧد ﺗﻣﮭﯾد اﻟﻧظﺎم ﻣن ﻗرص ﻣﺻﺎب‬:‫إﺻﺎﺑﺔ ﻗطﺎع اﻟﺗﻣﮭﯾد‬

70
Computer Viruses
‫ ﯾﻣﻛﻧﮫ ﻧﺳﺦ ﻧﻔﺳﮫ إﻟﻰ ﻣﺳﺗﻧدات أﺧرى وﺣذف‬، ‫ ﺑﻣﺟرد ﺗﺷﻐﯾل اﻟﻣﺎﻛرو‬.‫ ﺑدء ﺗطﺑﯾﻖ‬، ‫ إﻏﻼق ﻣﻠف‬، ‫ﻓﺗﺢ ﻣﻠف‬
• Macro Viruses: ‫ ﻏﺎﻟﺑﺎ ﻋن طرﯾﻖ اﻟﺑرﯾد اﻹﻟﻛﺗروﻧﻲ‬، ‫ ﺗﻧﺗﺷر ﺑﺳﮭوﻟﺔ‬.‫اﻟﻣﻠﻔﺎت وﻣﺎ إﻟﻰ ذﻟك‬

• Infects files with macro code that is interpreted by an application.

• The number of viruses found at corporate sites has risen dramatically. This is due
to the proliferation of the macros virus, which now make up two thirds of all
computer viruses. The reason they are so threatening is because virtually all
infect MS Word documents. A macro is an executable program embedded in a
word processing document or a spreadsheet. The macro virus uses an auto
executing macro, e.g. opening a file, closing a file, starting an application. Once
the macro is running it can copy itself to other documents, delete files, etc. They
spread easily, often by email :‫ﻓﯾروﺳﺎت اﻟﻣﺎﻛرو‬
.‫ﯾﺻﯾب اﻟﻣﻠﻔﺎت ﺑﺗﻌﻠﯾﻣﺎت ﺑرﻣﺟﯾﺔ ﻣﺎﻛرو ﯾﺗم ﺗﻔﺳﯾرھﺎ ﺑواﺳطﺔ أﺣد اﻟﺗطﺑﯾﻘﺎت‬
‫ وﯾرﺟﻊ ذﻟك إﻟﻰ اﻧﺗﺷﺎر ﻓﯾروس وﺣدات‬.‫ارﺗﻔﻊ ﻋدد اﻟﻔﯾروﺳﺎت اﻟﻣوﺟودة ﻓﻲ ﻣواﻗﻊ اﻟﺷرﻛﺎت ﺑﺷﻛل ﻛﺑﯾر‬
‫ اﻟﺳﺑب ﻓﻲ أﻧﮭﺎ ﺗﺷﻛل ﺗﮭدﯾدا ﻛﺑﯾرا ھو أن ﺟﻣﯾﻌﮭﺎ‬.‫ واﻟﺗﻲ ﺗﺷﻛل اﻵن ﺛﻠﺛﻲ ﺟﻣﯾﻊ ﻓﯾروﺳﺎت اﻟﻛﻣﺑﯾوﺗر‬، ‫اﻟﻣﺎﻛرو‬
MS Word. ‫ﺗﻘرﯾﺑﺎ ﺗﺻﯾب ﻣﺳﺗﻧدات‬
.‫اﻟﻣﺎﻛرو ھو ﺑرﻧﺎﻣﺞ ﻗﺎﺑل ﻟﻠﺗﻧﻔﯾذ ﻣﺿﻣن ﻓﻲ ﻣﺳﺗﻧد ﻣﻌﺎﻟﺟﺔ ﻛﻠﻣﺎت أو ﺟدول ﺑﯾﺎﻧﺎت‬
، ‫ﯾﺳﺗﺧدم ﻓﯾروس اﻟﻣﺎﻛرو ﻣﺎﻛرو ﺗﻧﻔﯾذ ﺗﻠﻘﺎﺋﻲ‬ 71
Computer Viruses
The most significant types of viruses are:
• Encrypted virus:
• A typical approach is as follows. A portion of the virus creates a random
encryption key and encrypts the remainder of the virus. The key is stored with
the virus. When an infected program is invoked, the virus uses the stored random
key to decrypt the virus. When the virus replicates, a different random key is
selected. Because the bulk of the virus is encrypted with a different key for each
instance, there is no constant bit pattern to observe.
:‫أھم أﻧواع اﻟﻔﯾروﺳﺎت ھﻲ‬
:‫ﻓﯾروس ﻣﺷﻔر‬
‫ ﯾﺗم ﺗﺧزﯾن‬.‫ ﯾﻘوم ﺟزء ﻣن اﻟﻔﯾروس ﺑﺈﻧﺷﺎء ﻣﻔﺗﺎح ﺗﺷﻔﯾر ﻋﺷواﺋﻲ وﺗﺷﻔﯾر ﻣﺎ ﺗﺑﻘﻰ ﻣن اﻟﻔﯾروس‬.‫ﻧﮭﺞ ﻧﻣوذﺟﻲ ھو ﻋﻠﻰ اﻟﻧﺣو اﻟﺗﺎﻟﻲ‬
‫ ﻋﻧدﻣﺎ ﯾﺗﻛﺎﺛر‬.‫ ﯾﺳﺗﺧدم اﻟﻔﯾروس اﻟﻣﻔﺗﺎح اﻟﻌﺷواﺋﻲ اﻟﻣﺧزن ﻟﻔك ﺗﺷﻔﯾر اﻟﻔﯾروس‬، ‫ ﻋﻧد اﺳﺗدﻋﺎء ﺑرﻧﺎﻣﺞ ﻣﺻﺎب‬.‫اﻟﻣﻔﺗﺎح ﻣﻊ اﻟﻔﯾروس‬
.‫ ﯾﺗم ﺗﺣدﯾد ﻣﻔﺗﺎح ﻋﺷواﺋﻲ ﻣﺧﺗﻠف‬، ‫اﻟﻔﯾروس‬
‫ ﻓﻼ ﯾوﺟد‬، ‫ﻧظرا ﻷن اﻟﺟزء اﻷﻛﺑر ﻣن اﻟﻔﯾروس ﻣﺷﻔر ﺑﻣﻔﺗﺎح ﻣﺧﺗﻠف ﻟﻛل ﻣﺛﯾل‬
.‫ﻧﻣط ﺑت ﺛﺎﺑت ﯾﺟب ﻣراﻗﺑﺗﮫ‬ 72
Computer Viruses
The most significant types of viruses are:
• Stealth virus: A form of virus explicitly designed to hide itself from
detection by antivirus software. Thus, the entire virus, not just a payload is
hidden. ‫ ﺷﻛل ﻣن أﺷﻛﺎل اﻟﻔﯾروﺳﺎت ﻣﺻﻣم ﺻراﺣﺔ ﻹﺧﻔﺎء ﻧﻔﺳﮫ ﻣن اﻟﻛﺷف ﻋن طرﯾﻖ ﺑراﻣﺞ ﻣﻛﺎﻓﺣﺔ‬:‫ﻓﯾروس اﻟﺗﺧﻔﻲ‬
.‫ وﻟﯾس ﻣﺟرد ﺣﻣوﻟﺔ‬، ‫ ﯾﺗم إﺧﻔﺎء اﻟﻔﯾروس ﺑﺄﻛﻣﻠﮫ‬، ‫ وﺑﺎﻟﺗﺎﻟﻲ‬.‫اﻟﻔﯾروﺳﺎت‬
• Polymorphic virus: A virus that mutates with every infection, making
detection by the “signature” of the virus impossible.
"‫ ﻣﻣﺎ ﯾﺟﻌل اﻟﻛﺷف ﻋن طرﯾﻖ "ﺗوﻗﯾﻊ‬، ‫ ﻓﯾروس ﯾﺗﺣور ﻣﻊ ﻛل إﺻﺎﺑﺔ‬:‫ﻓﯾروس ﻣﺗﻌدد اﻷﺷﻛﺎل‬
.‫اﻟﻔﯾروس ﻣﺳﺗﺣﯾﻼ‬
• Metamorphic virus: As with a polymorphic virus, a metamorphic virus
mutates with every infection. The difference is that a metamorphic virus
rewrites itself completely at each iteration, increasing the difficulty of
detection. Metamorphic viruses may change their behavior as well as their
appearance.
‫ اﻟﻔرق‬.‫ ﯾﺗﺣور اﻟﻔﯾروس اﻟﻣﺗﺣول ﻣﻊ ﻛل ﻋدوى‬، ‫ ﻛﻣﺎ ھو اﻟﺣﺎل ﻣﻊ اﻟﻔﯾروس ﻣﺗﻌدد اﻷﺷﻛﺎل‬:‫اﻟﻔﯾروس اﻟﻣﺗﺣول‬
‫ ﻗد ﺗﻐﯾر‬.‫ ﻣﻣﺎ ﯾزﯾد ﻣن ﺻﻌوﺑﺔ اﻛﺗﺷﺎﻓﮫ‬، ‫ھو أن اﻟﻔﯾروس اﻟﻣﺗﺣول ﯾﻌﯾد ﻛﺗﺎﺑﺔ ﻧﻔﺳﮫ ﺑﺎﻟﻛﺎﻣل ﻓﻲ ﻛل ﺗﻛرار‬
.‫اﻟﻔﯾروﺳﺎت اﻟﻣﺗﺣوﻟﺔ ﺳﻠوﻛﮭﺎ وﻛذﻟك ﻣظﮭرھﺎ‬
CSE 451 - Computer & Network Security
73
Virus Countermeasures
‫اﻟﺗداﺑﯾر اﻟﻣﺿﺎدة ﻟﻠﻔﯾروس‬

• The ideal solution to the threat of viruses is prevention

‫اﻟﺣل اﻷﻣﺛل ﻟﺗﮭدﯾد اﻟﻔﯾروﺳﺎت ھو اﻟوﻗﺎﯾﺔ‬

• Detection: Once the infection has occurred, determine that it has occurred and
locate the virus. .‫ ﺣدد أﻧﮭﺎ ﺣدﺛت وﺣدد ﻣوﻗﻊ اﻟﻔﯾروس‬، ‫ ﺑﻣﺟرد ﺣدوث اﻟﻌدوى‬:‫اﻟﻛﺷف‬
• Identification: Once detection has been achieved, identify the specific virus that
has infected a program.
.‫ ﺣدد اﻟﻔﯾروس اﻟﻣﺣدد اﻟذي أﺻﺎب اﻟﺑرﻧﺎﻣﺞ‬، ‫ ﺑﻣﺟرد ﺗﺣﻘﯾﻖ اﻻﻛﺗﺷﺎف‬:‫ﺗﺣدﯾد اﻟﮭوﯾﺔ‬
• Removal: Once the specific virus has been identified, remove all traces of the
virus from the infected program and restore it to its original state. Remove the
virus from all infected systems so that the virus cannot spread further.
‫ ﻗم ﺑﺈزاﻟﺔ ﺟﻣﯾﻊ آﺛﺎر اﻟﻔﯾروس ﻣن اﻟﺑرﻧﺎﻣﺞ اﻟﻣﺻﺎب واﺳﺗﻌﺎدﺗﮫ‬، ‫ ﺑﻣﺟرد ﺗﺣدﯾد اﻟﻔﯾروس اﻟﻣﺣدد‬:‫اﻹزاﻟﺔ‬
.‫ ﻗم ﺑﺈزاﻟﺔ اﻟﻔﯾروس ﻣن ﺟﻣﯾﻊ اﻷﻧظﻣﺔ اﻟﻣﺻﺎﺑﺔ ﺣﺗﻰ ﻻ ﯾﻧﺗﺷر اﻟﻔﯾروس أﻛﺛر‬.‫إﻟﻰ ﺣﺎﻟﺗﮫ اﻷﺻﻠﯾﺔ‬

CSE 451 - Computer & Network Security

74
Antivirus‫اﻟﻔﯾروﺳﺎت‬
Techniques
‫ﺗﻘﻧﯾﺎت ﻣﻛﺎﻓﺣﺔ‬

• Four generations of antivirus software:

• First generation: Simple scanners
• Second generation: Heuristic scanners
• Third generation: Activity traps
• Fourth generation: Full-featured protection
:‫أرﺑﻌﺔ أﺟﯾﺎل ﻣن ﺑراﻣﺞ ﻣﻛﺎﻓﺣﺔ اﻟﻔﯾروﺳﺎت‬
‫ ﻣﺎﺳﺣﺎت ﺿوﺋﯾﺔ ﺑﺳﯾطﺔ‬:‫• اﻟﺟﯾل اﻷول‬
‫ اﻟﻣﺎﺳﺣﺎت اﻟﺿوﺋﯾﺔ اﻹرﺷﺎدﯾﺔ‬:‫• اﻟﺟﯾل اﻟﺛﺎﻧﻲ‬
‫ ﻣﺻﺎﺋد اﻟﻧﺷﺎط‬:‫• اﻟﺟﯾل اﻟﺛﺎﻟث‬
‫ ﺣﻣﺎﯾﺔ ﻛﺎﻣﻠﺔ اﻟﻣواﺻﻔﺎت‬:‫• اﻟﺟﯾل اﻟراﺑﻊ‬

CSE 451 - Computer & Network Security

75
Antivirus Techniques
‫ﺗﻘﻧﯾﺎت ﻣﻛﺎﻓﺣﺔ اﻟﻔﯾروﺳﺎت‬

• A first-generation scanner requires a virus signature to identify a

virus. The virus may contain “wildcards” but has essentially the same
structure and bit pattern in all copies. Such signature-specific
scanners are limited to the detection of known viruses. Another type
of first-generation scanner maintains a record of the length of
programs and looks for changes in length.
‫ ﻗد ﯾﺣﺗوي اﻟﻔﯾروس ﻋﻠﻰ "أﺣرف ﺑدل" وﻟﻛن ﻟﮫ ﻧﻔس اﻟﺑﻧﯾﺔ وﻧﻣط‬.‫ﯾﺗطﻠب اﻟﺟﯾل اﻷول ﻣن اﻟﻣﺎﺳﺢ اﻟﺿوﺋﻲ ﺗوﻗﯾﻊ ﻓﯾروس ﻟﺗﺣدﯾد اﻟﻔﯾروس‬
‫ ﯾﺣﺗﻔظ ﻧوع آﺧر ﻣن اﻟﻣﺎﺳﺣﺎت‬.‫ ﺗﻘﺗﺻر ھذه اﻟﻣﺎﺳﺣﺎت اﻟﺿوﺋﯾﺔ اﻟﺧﺎﺻﺔ ﺑﺎﻟﺗوﻗﯾﻊ ﻋﻠﻰ اﻛﺗﺷﺎف اﻟﻔﯾروﺳﺎت اﻟﻣﻌروﻓﺔ‬.‫اﻟﺑت ﻓﻲ ﺟﻣﯾﻊ اﻟﻧﺳﺦ‬
.‫اﻟﺿوﺋﯾﺔ ﻣن اﻟﺟﯾل اﻷول ﺑﺳﺟل ﻟطول اﻟﺑراﻣﺞ وﯾﺑﺣث ﻋن اﻟﺗﻐﯾﯾرات ﻓﻲ اﻟطول‬

CSE 451 - Computer & Network Security

76
Antivirus Techniques
• A second-generation scanner does not rely on a specific signature. Rather, the
scanner uses heuristic rules to search for probable virus infection. One class of
such scanners looks for fragments of code that are often associated with viruses.
For example, a scanner may look for the beginning of an encryption loop used in
a polymorphic virus and discover the encryption key. Once the key is discovered,
the scanner can decrypt the virus to identify it, then remove the infection and
return the program to service.
‫ ﯾﺳﺗﺧدم اﻟﻣﺎﺳﺢ اﻟﺿوﺋﻲ ﻗواﻋد إرﺷﺎدﯾﺔ ﻟﻠﺑﺣث ﻋن‬، ‫ ﺑدﻻ ﻣن ذﻟك‬.‫ﻻ ﯾﻌﺗﻣد اﻟﺟﯾل اﻟﺛﺎﻧﻲ ﻣن اﻟﻣﺎﺳﺢ اﻟﺿوﺋﻲ ﻋﻠﻰ ﺗوﻗﯾﻊ ﻣﻌﯾن‬
‫ ﺗﺑﺣث ﻓﺋﺔ واﺣدة ﻣن ھذه اﻟﻣﺎﺳﺣﺎت اﻟﺿوﺋﯾﺔ ﻋن أﺟزاء ﻣن اﻟﺗﻌﻠﯾﻣﺎت اﻟﺑرﻣﺟﯾﺔ اﻟﺗﻲ ﻏﺎﻟﺑﺎ ﻣﺎ ﺗرﺗﺑط‬.‫إﺻﺎﺑﺔ ﻣﺣﺗﻣﻠﺔ ﺑﺎﻟﻔﯾروس‬
‫ ﻗد ﯾﺑﺣث اﻟﻣﺎﺳﺢ اﻟﺿوﺋﻲ ﻋن ﺑداﯾﺔ ﺣﻠﻘﺔ ﺗﺷﻔﯾر ﻣﺳﺗﺧدﻣﺔ ﻓﻲ ﻓﯾروس ﻣﺗﻌدد اﻷﺷﻛﺎل وﯾﻛﺗﺷف‬، ‫ ﻋﻠﻰ ﺳﺑﯾل اﻟﻣﺛﺎل‬.‫ﺑﺎﻟﻔﯾروﺳﺎت‬
، ‫ ﯾﻣﻛن ﻟﻠﻣﺎﺳﺢ اﻟﺿوﺋﻲ ﻓك ﺗﺷﻔﯾر اﻟﻔﯾروس ﻟﻠﺗﻌرف ﻋﻠﯾﮫ‬، ‫ ﺑﻣﺟرد اﻛﺗﺷﺎف اﻟﻣﻔﺗﺎح‬.‫ﻣﻔﺗﺎح اﻟﺗﺷﻔﯾر‬
.‫ﺛم ﻗم ﺑﺈزاﻟﺔ اﻟﻌدوى وإﻋﺎدة اﻟﺑرﻧﺎﻣﺞ إﻟﻰ اﻟﺧدﻣﺔ‬

CSE 451 - Computer & Network Security

77
Antivirus Techniques
• Another second-generation approach is integrity checking. A checksum can be
appended to each program. If a virus infects the program without changing the
checksum, then an integrity check will catch the change. To counter a virus that is
sophisticated enough to change the checksum when it infects a program, an
encrypted hash function can be used. The encryption key is stored separately
from the program so that the virus cannot generate a new hash code and encrypt
that. By using a hash function rather than a simpler checksum, the virus is
prevented from adjusting the program to produce the same hash code as before.
‫ إذا أﺻﺎب ﻓﯾروس اﻟﺑرﻧﺎﻣﺞ دون ﺗﻐﯾﯾر‬.‫ ﯾﻣﻛن إﻟﺣﺎق اﻟﻣﺟﻣوع اﻻﺧﺗﺑﺎري ﺑﻛل ﺑرﻧﺎﻣﺞ‬.‫ﻧﮭﺞ آﺧر ﻣن اﻟﺟﯾل اﻟﺛﺎﻧﻲ ھو اﻟﺗﺣﻘﻖ ﻣن اﻟﻧزاھﺔ‬
‫ ﻟﻣواﺟﮭﺔ ﻓﯾروس ﻣﺗطور ﺑﻣﺎ ﯾﻛﻔﻲ ﻟﺗﻐﯾﯾر اﻟﻣﺟﻣوع اﻻﺧﺗﺑﺎري ﻋﻧدﻣﺎ ﯾﺻﯾب‬.‫ ﻓﺳﯾﻘوم ﻓﺣص اﻟﻧزاھﺔ ﺑﺎﻟﺗﻘﺎط اﻟﺗﻐﯾﯾر‬، ‫اﻟﻣﺟﻣوع اﻻﺧﺗﺑﺎري‬
.‫ ﯾﻣﻛن اﺳﺗﺧدام وظﯾﻔﺔ ﺗﺟزﺋﺔ ﻣﺷﻔرة‬، ‫ﺑرﻧﺎﻣﺟﺎ‬
.‫ﯾﺗم ﺗﺧزﯾن ﻣﻔﺗﺎح اﻟﺗﺷﻔﯾر ﺑﺷﻛل ﻣﻧﻔﺻل ﻋن اﻟﺑرﻧﺎﻣﺞ ﺑﺣﯾث ﻻ ﯾﻣﻛن ﻟﻠﻔﯾروس إﻧﺷﺎء رﻣز ﺗﺟزﺋﺔ ﺟدﯾد وﺗﺷﻔﯾره‬
‫ ﯾﺗم ﻣﻧﻊ اﻟﻔﯾروس ﻣن ﺿﺑط اﻟﺑرﻧﺎﻣﺞ ﻹﻧﺗﺎج ﻧﻔس رﻣز‬، ‫ﺑﺎﺳﺗﺧدام داﻟﺔ ﺗﺟزﺋﺔ ﺑدﻻ ﻣن ﻣﺟﻣوع اﺧﺗﺑﺎري أﺑﺳط‬
.‫اﻟﺗﺟزﺋﺔ ﻛﻣﺎ ﻛﺎن ﻣن ﻗﺑل‬
CSE 451 - Computer & Network Security
78
Antivirus Techniques
• Third-generation programs are memory-resident programs that
identify a virus by its actions rather than its structure in an infected
program. Such programs have the advantage that it is not necessary
to develop signatures and heuristics for a wide array of viruses.
Rather, it is necessary only to identify the small set of actions that
indicate an infection is being attempted and then to intervene.
‫ ﺗﺗﻣﺗﻊ ھذه اﻟﺑراﻣﺞ‬.‫ﺑراﻣﺞ اﻟﺟﯾل اﻟﺛﺎﻟث ھﻲ ﺑراﻣﺞ ﻣﻘﯾﻣﺔ ﻓﻲ اﻟذاﻛرة ﺗﺣدد اﻟﻔﯾروس ﻣن ﺧﻼل أﻓﻌﺎﻟﮫ ﺑدﻻ ﻣن ھﯾﻛﻠﮫ ﻓﻲ ﺑرﻧﺎﻣﺞ ﻣﺻﺎب‬
‫ ﻣن اﻟﺿروري ﻓﻘط ﺗﺣدﯾد‬، ‫ ﺑدﻻ ﻣن ذﻟك‬.‫ﺑﻣﯾزة أﻧﮫ ﻟﯾس ﻣن اﻟﺿروري ﺗطوﯾر اﻟﺗوﻗﯾﻌﺎت واﻻﺳﺗدﻻل ﻟﻣﺟﻣوﻋﺔ واﺳﻌﺔ ﻣن اﻟﻔﯾروﺳﺎت‬
.‫ﻣﺟﻣوﻋﺔ ﺻﻐﯾرة ﻣن اﻹﺟراءات اﻟﺗﻲ ﺗﺷﯾر إﻟﻰ ﻣﺣﺎوﻟﺔ اﻹﺻﺎﺑﺔ ﺛم اﻟﺗدﺧل‬

CSE 451 - Computer & Network Security

79
Antivirus Techniques
• Fourth-generation products are packages consisting of a variety of
antivirus techniques used in conjunction. These include scanning and
activity trap components. In addition, such a package includes access
control capability, which limits the ability of viruses to penetrate a
system and then limits the ability of a virus to update files in order to
pass on the infection.
‫ وﺗﺷﻣل ھذه‬.‫ﻣﻧﺗﺟﺎت اﻟﺟﯾل اﻟراﺑﻊ ﻋﺑﺎرة ﻋن ﺣزم ﺗﺗﻛون ﻣن ﻣﺟﻣوﻋﺔ ﻣﺗﻧوﻋﺔ ﻣن ﺗﻘﻧﯾﺎت ﻣﻛﺎﻓﺣﺔ اﻟﻔﯾروﺳﺎت اﻟﻣﺳﺗﺧدﻣﺔ ﺑﺎﻟﺗزاﻣن‬
‫ ﻣﻣﺎ ﯾﺣد ﻣن ﻗدرة اﻟﻔﯾروﺳﺎت‬، ‫ ﺗﺗﺿﻣن ھذه اﻟﺣزﻣﺔ إﻣﻛﺎﻧﯾﺔ اﻟﺗﺣﻛم ﻓﻲ اﻟوﺻول‬، ‫ ﺑﺎﻹﺿﺎﻓﺔ إﻟﻰ ذﻟك‬.‫ﻣﻛوﻧﺎت اﻟﻣﺳﺢ اﻟﺿوﺋﻲ وﻓﺦ اﻟﻧﺷﺎط‬
.‫ﻋﻠﻰ اﺧﺗراق اﻟﻧظﺎم ﺛم ﯾﺣد ﻣن ﻗدرة اﻟﻔﯾروس ﻋﻠﻰ ﺗﺣدﯾث اﻟﻣﻠﻔﺎت ﻣن أﺟل ﻧﻘل اﻟﻌدوى‬

CSE 451 - Computer & Network Security

80
 Conclusion
In conclusion ‫اﻧﺎ ﺗﻌﺑت‬

• Cybercrimes never end as cyber threats keep arise more sophisticated!

!‫اﻟﺟراﺋم اﻹﻟﻛﺗروﻧﯾﺔ ﻻ ﺗﻧﺗﮭﻲ أﺑدا ﺣﯾث ﺗﺳﺗﻣر اﻟﺗﮭدﯾدات اﻟﺳﯾﺑراﻧﯾﺔ ﻓﻲ اﻟظﮭور ﺑﺷﻛل أﻛﺛر ﺗﻌﻘﯾدا‬

CSE 451 - Computer & Network Security

81