Information Security &

Privacy
AlBaha University
Faculty of Computer Science and Information Technology
Department of Computer Science

Dr. Sonia ABDELKARIM

1.1
 Malicious Software
Chapter 9

AlBaha University Faculty of Computer Science and Information Technology Dr. Sonia Abdelkarim 1.2
Viruses and Other Malicious Content
computer viruses have got a lot of publicity
one of a family of malicious software
effects usually obvious
have figured in news reports, fiction, movies
(often exaggerated)
getting more attention than deserve
are a concern though
3
Malicious Software

4
Backdoor or Trapdoor

• secret entry point into a program

• allows those who know access bypassing usual security
procedures
• have been commonly used by developers
• a threat when left in production programs allowing
exploited by attackers
• very hard to block in O/S
• requires good s/w development & update

5
Logic Bomb

• one of oldest types of malicious software

• code embedded in legitimate program
• activated when specified conditions met
• eg presence/absence of some file
• particular date/time
• particular user
• when triggered typically damage system
• modify/delete files/disks, halt machine, etc

6
Trojan Horse

• program with hidden side-effects

• which is usually superficially attractive
• eg game, s/w upgrade etc
• when run performs some additional tasks
• allows attacker to indirectly gain access they do not have directly
• often used to propagate a virus/worm or install a backdoor
• or simply to destroy data

7
Mobile Code

program/script/macro that runs unchanged

on heterogeneous collection of platforms
on large homogeneous collection (Windows)
transmitted from remote system to local system & then
executed on local system
often to inject virus, worm, or Trojan horse
or to perform own exploits
unauthorized data access, root compromise

8
 Multiple-Threat Malware
malware may operate in multiple ways
multipartite virus infects in multiple ways
eg. multiple file types
blended attack uses multiple methods of infection or
transmission
to maximize speed of contagion and severity
may include multiple types of malware
eg. Nimda has worm, virus, mobile code
can also use IM & P2P

9
 Viruses
piece of software that infects programs
modifying them to include a copy of the virus
so it executes secretly when host program is run
specific to operating system and hardware
taking advantage of their details and weaknesses
a typical virus goes through phases of:
dormant
propagation
triggering
execution

10
Virus Structure
components:
infection mechanism - enables replication
trigger - event that makes payload activate
payload - what it does, malicious or benign
prepended / postpended / embedded
when infected program invoked, executes virus code then
original program code
can block initial infection (difficult)
or propogation (with access controls)

11
Virus Structure
12
Compression Virus
13
Virus Classification
boot sector
file infector
macro virus
encrypted virus
stealth virus
polymorphic virus
metamorphic virus

14
Macro Virus
became very common in mid-1990s since
platform independent
infect documents
easily spread
exploit macro capability of office apps
executable program embedded in office doc
often a form of Basic
more recent releases include protection
recognized by many anti-virus programs

15
E-Mail Viruses

more recent development

e.g. Melissa
exploits MS Word macro in attached doc
if attachment opened, macro activates
sends email to all on users address list
and does local damage
then saw versions triggered reading email
hence much faster propagation

16
Virus Countermeasures

• prevention - ideal solution but difficult

• realistically need:
• detection
• identification
• removal
• if detect but can’t identify or remove, must
discard and replace infected program

17
Anti-Virus Evolution

virus & antivirus tech have both evolved

early viruses simple code, easily removed
as become more complex, so must the countermeasures
generations
first - signature scanners
second - heuristics
third - identify actions
fourth - combination packages

18
Thank You