lecture: malicious code cis 3360 ratan k. guha. malicious code2 overview and reading assignments...
Post on 14-Dec-2015
220 Views
Preview:
TRANSCRIPT
Lecture: Malicious Code
CIS 3360 Ratan K. Guha
Malicious Code 2
Overview and Reading Assignments
Defining malicious logic Types Action by Viruses
Reading Assignments: Chapter 4
Malicious Code 3
Malicious Logic
Set of instructions that cause site security policy to be violated
Malicious Code 4
A broad term used to describe computer programs that are created to inflict harm to computer system. The terms also includes programs that are annoying and intrusive in general.
The term includes: viruses, worms, trojan horses, spyware, ad-ware etc.
Malware – (“malicious” + “software”)
Malware Terminology Virus Worm Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Auto-rooter Kit (virus generator) Spammer and Flooder programs Keyloggers Rootkit Zombie, bot
Types of Malicious Code Viruses
Recursively replicates a possibly evolved copy of itself by including a header or footer stub in the bodies of healthy programs.
Infect host file or system area
First described by Fred Cohen in 1984.
Whenever an infected program is launched, the stub is executed first which carries out malicious activity before allowing the program to execute.
Cannot spread to other computers on their own.
6Malicious Code
Malicious Code 7
Elk Cloner First known computer virus written around 1982 by a
15-year-old high school student named Rich Skrenta for Apple II systems. [Wikipedia]
Message displayed 50th system boots:“Elk Cloner: The program with a personality
It will get on all your disks It will infiltrate your chips
Yes it's Cloner!
It will stick to you like glue It will modify ram too Send in the Cloner!”
http://www.skrenta.com/cloner/
Types of Malicious Code
Worm Network viruses replicating on networks Copies itself from computer to computer Execute itself automatically on a remote machine without
any extra help from a user Typically standalone programs without a host program More categories
Mailers and mass mailer worms: send themselves in an E-mail
Octopus: exists as a set of programs on more than one computer on a network likely to be more prevalent in the future
Rabbits: exists as a single copy of itself at any point in time as it jumps around on networked hosts
Malicious Code 8
Malicious Code 9
Morris Worm
First known worm - November 2, 1988 Author - Robert Tappan Morris Infected BSD Unix systems Son of Robert Morris, the former chief scientist at the
National Computer Security Center, a division of the National Security Agency (NSA).
Morris received his Ph.D. in computer science from Harvard University in 1999 and is a professor at MIT.
Source : Wikipedia Robert Morris is the first person convicted under the
1986 Computer Fraud and Abuse Act
Malicious Code 10
Some Well Known Worms….
Brain Took 5 years to do $50 million damage
Melissa, March 1999 Word 97, Word 2000: $300 million in damages Approximately 4 days, 150,000 systems infected
ILOVEYOU, May 2000 Outlook: As much as $10 billion in damages Approximately 24 hours, 500,000 systems infected
Code Red I IIS flaws, with fixes published months earlier 360,000 systems in 14 hours, several billion in damages
Sapphire Worm Saturday, January 25 2003 Exploit: UDP Buffer Overflow, Microsoft SQL Server (Not malicious) Due to large numbers of scans, large sections of backbone
providers shut down Time to 90% infection of vulnerable hosts: 10 Minutes
Malicious Code 11
Model of Spreading of Worms N: total number of vulnerable hosts I(t): number of infected hosts at time t S(t): number of susceptible hosts at time t where
we say that a host is susceptible if it is vulnerable but not infected yet
β: infection rate, which is a constant associated with the speed of propagation of the worm
Model:I(0) = 1 ; at time 0 1 host was infectedS(0) = N – 1 ; number of susceptible host at
time 0I(t + 1) = I(t) + β x I(t) x S(t)S(t + 1) = N – I(t + 1)
Malicious Code 12
Spreading of Worms - Example
Types of Malicious Code
Logic bombs (4.1.2 pp 177- 179) A programmed malfunction of a legitimate
application Trojan Horse
Trick user into executing malicious code that performs malicious activities
More categories Backdoor (Trapdoors): Allows remote connections to
systems Password-stealing Trojans
13Malicious Code
Types of Malicious Code Injectors
Install virus code in memory Rootkits
Malware to help intruders gain access to systems while avoiding detection
Malicious Code 14
Facts:• 97,467: the number of known computer viruses in existence (2005)• 1,200: the number of new virus discovered every month
Malicious Code 15
Monetary Losses
top related