Week 9 Lecture 16 Information Security
Week 9 Lecture 16 Information Security
WEEK 9 LECTURE 15
DEPARTMENT OF COMPUTER SCIENCE , SOFTWARE ENGINEERING ,
INFORMATION TECHNOLOGY
LAHORE GARRISON UNIVERSITY
Malware, Vulnerabilities and Protections
Outline
replicating or not
Sophisticated threat to computer systems
Malware Terminology
P1 is infected
Virus classification
By target
boot sector: infect a master boot record
file infector: infects executable OS files
macro virus: infects files to be used by an app
multipartite: infects multiple ways
By concealment
encrypted virus: encrypted; key stored in virus
stealth virus: hides itself (e.g., compression)
polymorphic virus: recreates with diff “signature”
metamorphic virus: recreates with diff signature and behavior
Macro and scripting viruses
Became very common in mid-1990s since
platform independent
infect documents
easily spread
Exploit macro capability of Office apps
executable program embedded in office doc
often a form of Basic
More recent releases include protection
Recognized by many anti-virus programs
E-Mail Viruses
Monitored behaviors:
-Attempts to open, view, delete, modify files
-Attempts to format drives
-Modifications to the logic of executables
-Modifications to critical system settings
-Scripting of emails to send exec contents
Worms
Replicating program that propagates over net
using email, remote exec, remote login
Has phases like a virus:
dormant, propagation, triggering, execution
propagation phase: searches for other systems, connects
to it, copies self to it and runs
May disguise itself as a system process
Concept seen in Brunner’s “Shockwave Rider”
Implemented by Xerox Palo Alto labs in 1980’s
Morris worm
4. Relaxation period
(based on threshold)
Mobile code
DDoS
Spamming
Sniffing traffic
Keylogging
Spreading malware
Installing advertisement
Manipulating games and polls
Payload: information theft
Prevention
Detection, identification, removal
Requirement
generality
Timeliness
Resiliency
Minimal DoS costs
Transparency
Global/local coverage (inside and outside attackers)
Summary
introduced types of malicous software
incl backdoor, logic bomb, trojan horse, mobile
virus types and countermeasures
worm types and countermeasures
bots
rootkits