Trojan horses and other malicious codes
This presentation is the property of its rightful owner.
Sponsored Links
1 / 42

"Trojan Horses and Other Malicious Codes" PowerPoint PPT Presentation


  • 60 Views
  • Uploaded on
  • Presentation posted in: General

"Trojan Horses and Other Malicious Codes". by Song Chung and Adrianna Leszczynska. Examples of Malicious Codes. Trojan Horses Viruses Worms Logic Bombs - Time Bombs. What are Trojan horses ?.

Download Presentation

"Trojan Horses and Other Malicious Codes"

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Trojan horses and other malicious codes

"Trojan Horses and Other Malicious Codes"

by Song Chung and Adrianna Leszczynska


Examples of malicious codes

Examples of Malicious Codes

  • Trojan Horses

  • Viruses

  • Worms

  • Logic Bombs - Time Bombs


What are trojan horses

What are Trojan horses ?

  • Trojan Horses are a relatively new and probably the most dangerous strain of viruses that have appeared in recent times

  • They also threaten to overwhelm systems that only run anti-virus applications and firewalls as a means of combating the threat


Trojan horse history brief

Trojan Horse History Brief

  • The name "Trojan Horse" derives itself from a page in Greek history when the Greeks had lain siege to the fortified city of Troy for over ten years. Their spy, a Greek called Sinon offered the Trojans a gift in the form of a wooden horse and convinced them that by accepting it, they would become invincible.


History brief cont

History Brief (cont.)

  • The horse though was hollow and was occupied by a contingent of Greek soldiers. When they emerged in the dead of night and opened the city gates, the Greeks swarmed in, slaughtered its citizens and subsequently pillaged, burned and laid waste to the city


In it environment

In IT Environment

  • Trojan Horse acts as a means of entering the victim’s computer undetected and then allowing a remote user unrestricted access to any data stored on the user's hard disk drive whenever he or she goes online

  • In this way, the user gets burned and like the unfortunate citizens of Troy, may only discover that fact when it is too late.


Examples of trojan horses

Examples of Trojan Horses

  • “Picture.exe”

  • “RIDBO”

  • “FIX2001“

  • “AOL4FREE“


Origin of trojan horses

Origin of Trojan horses

  • These types of viruses were originally designed as a means of self expression by gifted programmers and did little more than to cause the system to lock up, behave abnormally in a specific way or perhaps cause loss of data on the user’s machine


Objectives of the horse

Objectives of the Horse

  • allow a remote user a means gaining access to a victim's machine without their knowledge

  • Allows the intruder can do anything with the machine that the user can do

  • browse the user's hard drive in order to determine if there is anything of value stored on it


Objectives cont

Objectives ( cont.)

  • things of value are such as valuable research papers, credit card details or passwords to restricted web sites

  • If anything of value is found, then the intruder can copy the data to his own hard drive in exactly the same way that the user can copy a file to a floppy disk

  • cause havoc to the system by deleting (system) files, erasing valuable data or ultimately destroying the hard drive


Can passwords provide protection

Can Passwords Provide Protection?

  • Passwords offer no protection at all because today's Trojans are capable of recording the victim’s keystrokes and then transmitting the information back to the intruder

  • Those passwords can subsequently be deciphered by the Trojan and even changed in order to prevent the user getting access to his own files!


How does a trojan affect your computer

How does a Trojan Affect Your Computer?

  • In order to gain access to a user’s computer, the victim has to be induced to install the Trojan himself

  • The usual method is to offer a seemingly useful system enhancement or perhaps a free game that has the Trojan attached to it

  • By installing it, the user also installs the Trojan


Common sources

Common Sources

  • Executing any files from suspicious or unknown sources

  • Opening an email attachment from an unknown source

  • Allowing a "friend" access to your computer while you are away

  • By executing files received from any online activity client such as ICQ


Main parts of a trojan

Main Parts of a Trojan

  • Virtually every Trojan virus is comprised of two main parts:

    • the "server"

    • the "client”

      It is the server part that infects a user’s system


What problems can trojans cause

What Problems can Trojans Cause?

  • The server part is the part of the program that infects a victim's computer

  • The client part is the one that allows a hacker to manipulate data on the infected machine

  • Let's suppose that you have already been infected. How do intruders attack and get a full control of your computer?


Problems cont

Problems (cont.)

  • Intruders scan the Internet for an infected user (technically speaking, an attacker sends request packets to all users of a specific Internet provider) using the client part of the virus

  • Once an infected computer has been found (the server part of the virus that is located on infected machine replies to client part's request)

  • the attacker connects to that user's computer and creates a "link" between the two just like the one in an ordinary telephone conversation


Problems cont1

Problems (cont.)

  • Once that has happened (this procedure may only take a few seconds), the intruder will be able to get unrestricted access to the user's computer and can do anything he likes with it

  • The intruder becomes the master and the user the slave because short of disconnecting from the Internet, the user is helpless and has no means at his disposal to ward off an attack

  • Intruders can monitor, administer and perform any action on your machine just as if they were sitting right in front of it


Analogy of a trojan horse

Analogy of a Trojan Horse

  • A Trojan Horse works a bit like the backdoor to your house. If you leave it unlocked, anybody can come in and take whatever they want while you're not looking

  • The main difference with a backdoor installed on your computer is that anybody can come in and steal your data, delete your files or format your hard drive even if you are looking

  • There are no visible outward signs that anything untoward is happening other than perhaps unusual hard disk activity for no apparent reason


How do you protect yourself from a trojan horse

How do you protect yourself from a Trojan Horse ?

  • You can try manual deletion, however, they are both time-consuming and monotonous. In addition, the user can never be absolutely certain that he has covered every option.

  • Even if he is successful in removing the Trojan from his system, he may unwittingly reinstall it with the very next command he enters


How to protect cont

How to Protect? (cont. )

  • There’s many trojan horse protection programs available for download which perform various tasks

  • An example of an program is Tauscan, it is a universal Trojan Horse scanner that detects and removes practically every type of Trojan virus that may have infected your system

  • Another example is Jammer, it is a network analyser designed primarily to warn you if your system is under attack, but it also has a secondary feature. That is to remove all known versions of Back Orifice and Netbus from your system if detected


Other forms of malicious codes

Other Forms of Malicious Codes

  • Viruses

  • Worms

  • Logic Bombs

  • Time Bombs


What is a virus

What is a virus?

  • A virus is a type of malicious code that will attach itself to a file and then replicate in order to spread to other files.

  • A virus is usually attached to an executable file so that it will spread rapidly.

  • Viruses are restricted to personal computers.


Characteristics of a virus

Characteristics of a virus

  • replication

  • requires a host program

  • activated by an external action

  • replication limited to one system


Virus history

Virus History

  • Viruses are increasing at a fast rate

  • 1986 – 1 known virus

  • 1989 – 6 known viruses

  • 1990 – 80 known viruses

  • Today – between 10-15 new viruses discovered every day.

  • Between 1998 and 1999 total virus count increased from 20,500 to 42,000.


Virus examples

Virus Examples

  • [email protected]

    - spread via email with an attachment

    WTC.EXE. Email includes Subject: Fwd:Peace

    BeTweeN AmeriCa And IsLaM !" and asks to

    vote about the war issue by opening the

    WTC.EXE attachment.

  • “W97/Prilissa”

    - 10 Fortune 500 companies on three continents

    have been hit with this virus


Worms

A worm is a program that replicates itself and causes execution of new copies of itself.

A worm enters an Internet host computer and mails itself to other hosts.

The purpose of a worm attack is to fill storage space and slow down operations

Worms


Characteristics of worms

Characteristics of Worms

  • replication

  • must be self-contained; does not require a host

  • needs a multi-tasking system


Examples of worms

Examples of worms

  • “I Love You”

    – aka LoveLetter or LoveBug, sends itself to

    everyone in the Microsoft Outlook address

  • “W32/Navidad”

    - spread using Outlook email. Usually sent from

    a familiar source, including an attachment

    NAVIDAD.EXE. The virus affects the system

    tray and will attach itself to other messages.


I love you worm

“I Love You” Worm

1. Open email attachment “LOVE-LETTER-FOR-YOU.TXT.VBS”

2. The virus scans for certain files, replaces the content of these files with virus code,

and adds extention .vbs to the end of files.

3. Virus sends itself to everyone in the Outlook address book

4. Infected files cannot be retrieved and must be restored by a backup copy.


Difference between worms and viruses

Difference Between Worms and Viruses

  • A worm is similar to a virus but does not need to attach itself to an executable file to replicate itself.

  • Also, unlike a virus, it attacks only multi-user systems.


Logic bomb

Logic bombs are malicious codes that cause some destructive activity when a specified condition is met

Unlike viruses, logic bombs do their damage right away, then stop.

Logic Bomb


What can trigger a logic bomb

What can trigger a logic bomb?

  • The trigger can be a specific date

  • Number of times the program is executed

  • A random number

  • Or a predefined event such as a deletion of a certain record.


Damage by logic bombs

Damage by Logic Bombs

  • The damage done by logic bombs can range from changing a random byte of data somewhere on the disk to making the entire disk unreadable.


Time bomb

A time bomb is a logic bomb but unlike a logic bomb it may exist in the system for weeks or even months before it is detected.

The damage is not caused, until a specified date or until the system has been booted a certain number of times.

Time Bomb


Examples of time bombs

Examples of Time Bombs

  • "Friday the 13th"

    - 1980s, it duplicated itself every Friday the 13th, caused system slowdown and corrupted all available disks

  • “Michelangelo “

    - 1990s, tried to damage hard disk directories

  • “Win32.Kriz.3862”

    - written in 1999, damage included overwriting of data on all data storage units


Virus preventions tactics

Virus Preventions Tactics

  • Install a virus scanner

    • Update it often

    • Program it to run automatically

    • Examples of virus scanners include:

      • VirusScan

      • AntiVirus

      • F-Prot


Virus preventions tactics cont

Virus Preventions Tactics Cont.

  • Do not run unknown programs from the Internet

  • Don’t open unknown mail attachments

    • If an unknown mail attachment is received delete it immediately


Virus symptoms

Virus Symptoms

  • Virus scanner detects a virus

  • Programs stop working as expected

  • Computer crashes more frequently

  • Unknown files appear

  • Disk space gets smaller for no reason


What if a virus is detected

What if a virus is detected?

  • On a network system:

    - contact the network administrator

  • On a personal computer:

    - Use the disinfect function of the virus

    detection software, so it can try to

    restore the program to it’s original state

    - Erase the infected program and reinstall from

    the original disk after virus scan confirms that

    no viruses have been found


Conclusion

Conclusion

  • 5 types of malicious codes:

    - Trojan Horses

    - Viruses

    - Worm

    - Logic–Time Bombs

Destructive codes hidden inside other programs

Both replicate and attach themselves to files, but unlike viruses, worms attack multi-user systems

Set-off when a specified condition is met


References

References

http://www.agnitum.com/products/tauscan/

http://www.cyberangels.org/hacking/trojan.html

http://ksi.cpsc.ucalgary.ca/courses/547-96/cochrane/present/#LINK1

http://www.mpip-mainz.mpg.de/~bluemler/extra/teaching/virus.pdf

http://www.google.com/url?sa=U&start=2&q=http://getvirushelp.com/iloveyou/&e=7249

http://csrc.nist.gov/publications/nistir/threats/section3_3.html


Questions

Questions?

?

?

?

?

?

?

?

?

?

?

?


  • Login