Module 6 :

Buffer overflow worms and virus

1
Buffer Overflow Attack
 It still exists today partly because of programmers
carelessness while writing a code.
What is Buffer ?
 A buffer, in terms of a program in execution, can be
thought of as a region of computer’s main memory
that has certain boundaries in context with the
program variable that references this memory.
 For example :
 char buff[10] In the above example, ‘buff’
represents an array of 10 bytes where buff[0] is the
left boundary and buff[9] is the right boundary of
the buffer.
2
Buffer Overflow Attack
What is Buffer Overflow?
 A buffer is said to overflow when the data (meant to be
written into memory buffer) gets written past the left or the
right boundary of the buffer. This way the data gets written
to a portion of memory which does not belong to the
program variable that references the buffer.
Example :
char buff[10];
buff[10] = 'a';
An array of size 10 bytes is declared. Index 0 to index 9 can
used to refer these 10 bytes of buffer. But, in the next line,
index 10 was used to store the value ‘a’. This is the point
where buffer overrun happens because data gets written
beyond the right boundary of the buffer.
3
Buffer Overflow Attack
Why are buffer overflows harmful?
Buffer overflows, if undetected, can cause your program to
crash or produce unexpected results.
An attacker can come to know about a buffer overflow in a
program and he/she can exploit it.
Eg : A program that simulates a scenario where a program
expects a password from user and if the password is
correct then it grants root privileges to the user.

4
#include <stdio.h>
#include <string.h>
int main(void)
{ char buff[15];
int pass = 0;
printf("\n Enter the password : \n");
gets(buff);
if(strcmp(buff, "thegeekstuff"))
{
printf ("\n Wrong Password \n");
} else
{ printf ("\n Correct Password \n");
pass = 1;
}

if(pass)
{ /* Now Give root or admin rights to user*/
printf ("\n Root privileges given to the user \n");
}
return 0;
} 5
Buffer Overflow Attack
 Let the program run with correct password ie
‘thegeekstuff’
Correct Password
Root privileges given to the user.
 This works as expected.
 The passwords match and root privileges are
given.
When is there a possibility of buffer overflow?
The gets() function does not check the array bounds
and can even write string of length greater than the
size of the buffer to which the string is written.
6
Buffer Overflow Attack
The program can be run with:
Enter the password :
hhhhhhhhhhhhhhhhhhhh
Wrong Password
Root privileges given to the user
 In the above example, even after entering a wrong password,
the program worked as if you gave the correct password.
 What attacker did was, he/she supplied an input of length
greater than what buffer can hold and at a particular length of
input the buffer overflow took place and it overwrote the
memory of integer ‘pass’. So despite of a wrong password,
the value of ‘pass’ became non zero and hence root privileges
were granted to an attacker.

7
Worms and Virus

 Two types of malicious elements that can tamper with your computer data,
disrupt, damage, or gain unauthorized access to computer systems.
1. Worms
2. Virus
Worms are similar to a virus but it does not modify the program. It replicates itself
more and more to slow down the computer system. The main objective of
worms is to eat the system’s resources.
A Virus is a malicious executable code attached to another executable file that can
be harmless or can modify or delete data. When the computer program runs
attached with a virus it performs some action such as deleting a file from the
computer system.
OR
A computer virus is a kind of malicious computer program, which when executed,
replicates itself and inserts its own code. A virus spreads from one software or
device to another
8
 Difference
Worms
It replicates itself and can spread to malicious executable code attached
different computers via a Network.
Eats system’s resources
A worm only requires a medium to
enter the device. This may be
through the internet, email, online
messaging applications, etc.
Doesn’t need Human action
Speed of spreading is fast
It doesn’t need a host to replicate
Less harmful
Eg: Storm Worm , Morris Worm
Virus
to another executable file that can
be harmless or can modify or delete
data.
Modifies the information
A virus may spread when a file is
open and then the same malicious
code is copied and spread around
whenever other files are opened in
the host computer
Created by Human action
Spreads slower compared to Worm
Needs a host to replicate
More Harmful
9
Eg: Creeper , Blaster