malicious code n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Malicious Code PowerPoint Presentation
Download Presentation
Malicious Code

Loading in 2 Seconds...

play fullscreen
1 / 24

Malicious Code - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

Malicious Code. By Diana Peng. What is Malicious Code?. Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions Uses our everyday programs as a vessel to access and change data stored Viruses Worms Trojan Horses. Unpredictable Behavior.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Malicious Code' - kato


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
malicious code

Malicious Code

By Diana Peng

what is malicious code
What is Malicious Code?
  • Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions
  • Uses our everyday programs as a vessel to access and change data stored
  • Viruses
  • Worms
  • Trojan Horses
unpredictable behavior
Unpredictable Behavior
  • Behaves in the same manner as any other program
  • Has the ability to stop running programs, generating a sound, erasing stored data, etc.
  • Has the ability to remain dormant until some event triggers the code to act
history of malicious code
History of Malicious Code
  • 1981 Elk Cloner – spread on Apple II floppy disks (containing the OS) originating from Texas A&M:

It will get on all your disks It will infiltrate your chips Yes it's Cloner!

It will stick to you like glue It will modify ram too Send in the Cloner!

  • 1983 – Fred Cohen Computer Viruses – Theory and Experiments
  • 1986 Brain –2 Pakistani brothers analyzing the boot sector of a floppy disk, develop a method to infect it. Spread quickly and widely on MS-DOS PC system.
history cont
History (cont.)
  • 1987 IBM Christmas Worm – fast spreading 500,000 replication per hour
  • 1988 MacMag – Hypercard stack virus

Scores – 1st major Mac outbreak

  • 1991 Tequila – polymorphic, originated in Switzerland and changed itself to avoid detection
  • More recently – Love Letter(2000), Blaster and SoBig(2003)
definitions
Definitions
  • Virus – a program that can pass on malicious code to other nonmalicious programs by modifying the them

1. Transient – life is dependent on host

2. Resident – stores itself in memory and acts as a stand-alone program

  • Trojan Horse – contains obvious malicious intent and a 2nd unseen effect
definitions cont
Definitions (cont.)
  • Logic Bomb – “detonates” when a specified condition occurs

* Time Bomb – triggered by a time/date

  • Trapdoor/Backdoor – allows one to access a protected program through an indirect method
  • Worm – program that replicates itself and spread those replications through a network

* Rabbit – spreads w/out limits and tries to exhaust the computer’s resources

virus qualities
Virus Qualities
  • Easily created
  • Difficult to detect
  • Difficult to destroy or deactivate
  • Spreads intended infection widely
  • Ability to re-infect original program or other programs
  • Machine and OS independent
attaching viruses
Attaching Viruses
  • Must be executed in order to be activated
  • Human intervention is key for initial activation
  • Email attachments
  • Once attached, the virus installs itself on a permanent storage medium and on any/all executing programs in memory
appended viruses
Appended Viruses
  • Most common attachment – easy to program and effective
  • Attaches to an existing program and is activated whenever whenever the program is running
  • Virus instructions execute 1st, after the last virus instruction control is given back to the 1st program instruction
  • User is unaware of virus – original program still runs the way it’s intended
appended virus cont
Appended Virus (cont.)

Program

Virus

Program

Virus

+

=

surrounding viruses
Surrounding Viruses
  • To avoid detection on the disk, the virus will attach itself to the program constructing the listing of files on the disk
  • The virus has control after the listing program is generated and before it is displayed to delete itself from the listing
surrounding virus cont
Surrounding Virus (cont.)

Virus

Program

Program

Virus

Virus

integrated viruses
Integrated Viruses
  • Virus will replace the program and integrate itself into the original code
  • Requires the creator of the virus to know the original program in order to insert pieces of the virus into it
  • Replacement – the virus replaces the entire program with itself; user will only see the performance of the virus
integrated viruses cont
Integrated Viruses (cont.)

Program

Program

Virus

+

=

document virus
Document Virus
  • Implemented inside a formatted document (ex. Word document, database, spreadsheet, etc.)
  • Highly structured files containing both data and commands
  • Command codes are a part of rich programming language
gaining control
Gaining Control
  • The virus program must be activated in place of the original program
  • Presents itself as the original program
  • Substitutes the original program by pushing the original one out of the way
  • Overwriting - the virus replaces the original code in a file structure
  • Pointer Changing - directs the file system to itself and skips the original code
one time execution
One-Time Execution
  • Majority of viruses today
  • Activated and executed only once
  • Email attachments
boot sector viruses
Boot Sector Viruses
  • Gains control early in the boot process before detection tools are active
  • Boot area is crucial to the OS and is usually kept hidden from the user to avoid modification/deletion
  • Virus code is difficult to notice
memory resident viruses
Memory Resident Viruses
  • Resident code – code that is frequently used by the OS that has a permanent space in memory
  • Resident code is activated many times and simultaneously activates the virus each time
  • Ability to look for and infect uninfected carriers
virus signatures
Virus Signatures
  • Cannot be completely invisible
  • Code is stored on computer and must be in memory to execute
  • Signature – the pattern the virus executes and the method it uses to spread
  • Virus Scanner

– detects virus signatures by searching memory

& long-term storage, and monitors execution

– must be kept up-to-date to be effective

storage patterns
Storage Patterns
  • Most viruses attach to programs stored on disks – file size grows
  • Attachment is usually invariant and the start of the virus code is detectable (Appended Attachment)
  • JUMP instruction (Surrounding Attachment)
execution patterns
Execution Patterns
  • Spread infection
  • Avoid detection – Boot Sector
  • Cause harm – erasing files/disks, preventing booting/writing to disk, shutting down, etc.
transmission patterns
Transmission Patterns
  • Virus is only effective if it has the ability to transmit itself from location to location
  • Virus execution behaves just like any other program execution and it’s form of transmission is not confined to one medium.