Computer Security: Principles and Practice

Similar documents
Computer Security DD2395

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

Malicious Software. Ola Flygt Växjö University, Sweden Viruses and Related Threats

CS549: Cryptography and Network Security

CS 356 Lecture 9 Malicious Code. Spring 2013

Introduction To Security and Privacy Einführung in die IT-Sicherheit I

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

ACS-3921/ Computer Security And Privacy. Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Computer Security Threats

Ch. 7 Malicious Software Malware. Malware Terminology

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

MALICIOUS SOFTWARE CHAPTER Types Of Malicious Software. Backdoor Logic Bomb Trojan Horses Mobile Code Multiple-Threat Malware. 21.

Malware: Malicious Code

Malware: Malicious Software

Intruders and viruses. 8: Network Security 8-1

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

Rogue Programs. Rogue Programs - Topics. Security in Compu4ng - Chapter 3. l Rogue programs can be classified by the way they propagate

ANTIVIRUS BEST PRACTICES

Network Incident Report

Top Ten Cyber Threats

Topics. Virus Protection and Intrusion Detection. What is a Virus? Three related ideas

Virii, Worms, and Other Malware. Thanks to Marc Liberatore for putting together these slides

Worms, Trojan Horses and Root Kits

Operating Systems Principles

Chapter 14 Computer Threats

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Viruses, Trojan Horses, and Worms

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Integrated Protection for Systems. João Batista Territory Manager

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

(Self-Study) Identify How to Protect Your Network Against Viruses

Outline. CSc 466/566. Computer Security. 12 : Malware Version: 2012/03/28 16:06:27. Outline. Introduction

Network Security Essentials:

Cryptography and Network Security

CIT 480: Securing Computer Systems. Malware

Sapphire/Slammer Worm. Code Red v2. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Why Was Slammer So Fast?

Self Protection Techniques in Malware

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Hackers: Detection and Prevention

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

CS574 Computer Security. San Diego State University Spring 2008 Lecture #7

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Malware Trend Report, Q April May June

Section 12 MUST BE COMPLETED BY: 4/22

OutbreakShield Effective and Immediate Protection against Virus Outbreaks

Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security

Computer Networks & Computer Security

5 Steps to Advanced Threat Protection

Security A to Z the most important terms

Common Cyber Threats. Common cyber threats include:

CRYPTUS DIPLOMA IN IT SECURITY

FORBIDDEN - Ethical Hacking Workshop Duration

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Computer Viruses: How to Avoid Infection

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006

Symantec Advanced Threat Protection: Network

Viruses and Trojan Horses. Steven M. Bellovin November 5,

WHITE PAPER. Understanding How File Size Affects Malware Detection

Active Threat Control

Loophole+ with Ethical Hacking and Penetration Testing

Cloud Services Prevent Zero-day and Targeted Attacks

Defending Against Cyber Attacks with SessionLevel Network Security

Fighting Advanced Threats

Certified Ethical Hacker (CEH)

Spyware Doctor Enterprise Technical Data Sheet

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Announcements. Lab 2 now on web site

Randy Lee FireEye Labs. Understanding Modern Malware.

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

WORMS HALMSTAD UNIVERSITY. Network Security. Network Design and Computer Management. Project Title:

Network- vs. Host-based Intrusion Detection

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 21

E-BUSINESS THREATS AND SOLUTIONS

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

1949 Self-reproducing cellular automata Core Wars

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Running code securely An overview of threats and countermeasures

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Protecting the Infrastructure: Symantec Web Gateway

CRYPTOGRAPHY AND NETWORK SECURITY

RMAR Technologies Pvt. Ltd.

The Hillstone and Trend Micro Joint Solution

Description: Objective: Attending students will learn:

FOR MAC. Quick Start Guide. Click here to download the most recent version of this document

Introducing IBM s Advanced Threat Protection Platform

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

PROACTIVE PROTECTION MADE EASY

Network Monitoring Tool to Identify Malware Infected Computers

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Shellshock. Oz Elisyan & Maxim Zavodchik

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Transcription:

Computer Security: Principles and Practice Chapter 7 Malicious Software First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses, logic bombs, and backdoors independent self-contained programs e.g. worms, bots replicating or not sophisticated threat to computer systems 2

Malware Terminology Virus Worm Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Auto-rooter Kit (virus generator) Spammer and Flooder programs Keyloggers Rootkit Zombie, bot 3

Viruses piece of software that infects programs modifying them to include a copy of the virus so it executes secretly when host program is run specific to operating system and hardware taking advantage of their details and weaknesses a typical virus goes through phases of: dormant propagation triggering execution 4

Virus Structure components: infection mechanism - enables replication trigger - event that makes payload activate payload - what it does, malicious or benign prepended / postpended / embedded when infected program invoked, executes virus code then original program code can block initial infection (difficult) or propogation (with access controls) 5

Virus Structure 6

Compression Virus 7

Virus Classification boot sector file infector macro virus encrypted virus stealth virus polymorphic virus metamorphic virus 8

Macro Virus became very common in mid-1990s since platform independent infect documents easily spread exploit macro capability of office apps executable program embedded in office doc often a form of Basic more recent releases include protection recognized by many anti-virus programs 9

E-Mail Viruses more recent development e.g. Melissa exploits MS Word macro in attached doc if attachment opened, macro activates sends email to all on users address list and does local damage then saw versions triggered reading email hence much faster propagation 10

Virus Countermeasures prevention - ideal solution but difficult realistically need: detection identification removal if detect but can t identify or remove, must discard and replace infected program 11

Anti-Virus Evolution virus & antivirus tech have both evolved early viruses simple code, easily removed as become more complex, so must the countermeasures generations first - signature scanners second - heuristics third - identify actions fourth - combination packages 12

Generic Decryption runs executable files through GD scanner: CPU emulator to interpret instructions virus scanner to check known virus signatures emulation control module to manage process lets virus decrypt itself in interpreter periodically scan for virus signatures issue is long to interpret and scan tradeoff chance of detection vs time delay 13

Digital Immune System 14

Behavior-Blocking Software 15

Worms replicating program that propagates over net using email, remote exec, remote login has phases like a virus: dormant, propagation, triggering, execution propagation phase: searches for other systems, connects to it, copies self to it and runs may disguise itself as a system process concept seen in Brunner s Shockwave Rider implemented by Xerox Palo Alto labs in 1980 s 16

Morris Worm one of best know worms released by Robert Morris in 1988 various attacks on UNIX systems cracking password file to use login/password to logon to other systems exploiting a bug in the finger protocol exploiting a bug in sendmail if succeed have remote shell access sent bootstrap program to copy worm over 17

Worm Propagation Model 18

Recent Worm Attacks Code Red July 2001 exploiting MS IIS bug probes random IP address, does DDoS attack consumes significant net capacity when active Code Red II variant includes backdoor SQL Slammer early 2003, attacks MS SQL Server compact and very rapid spread Mydoom mass-mailing e-mail worm that appeared in 2004 installed remote access backdoor in infected systems 19

Worm Technology multiplatform multi-exploit ultrafast spreading polymorphic metamorphic transport vehicles zero-day exploit 20

Worm Countermeasures overlaps with anti-virus techniques once worm on system A/V can detect worms also cause significant net activity worm defense approaches include: signature-based worm scan filtering filter-based worm containment payload-classification-based worm containment threshold random walk scan detection rate limiting and rate halting 21

Proactive Worm Containment 22

Network Based Worm Defense 23

Bots program taking over other computers to launch hard to trace attacks if coordinated form a botnet characteristics: remote control facility via IRC/HTTP etc spreading mechanism attack software, vulnerability, scanning strategy various counter-measures applicable 24

Rootkits set of programs installed for admin access malicious and stealthy changes to host O/S may hide its existence subverting report mechanisms on processes, files, registry entries etc may be: persisitent or memory-based user or kernel mode installed by user via trojan or intruder on system range of countermeasures needed 25

Rootkit System Table Mods 26

Summary introduced types of malicous software incl backdoor, logic bomb, trojan horse, mobile virus types and countermeasures worm types and countermeasures bots rootkits 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information