Date post: | 12-Jul-2015 |
Category: |
Engineering |
Upload: | khyati-rajput |
View: | 200 times |
Download: | 2 times |
Malicious Code
Presented by:
Niki Patel
Hiralkumar Bhimani
Khyati Rajput
UVPCE, Ahmedabad
Guide: Prof. Ketan Savarkar
Contents
• Malicious Program
• Viruses
• Worms
• Trojan
• Logic Bombs
• Spywares
• Adwares
Malicious Program
• Malicious programs refers to a broad category of programs that can cause damage or undesirable effects to computer networks.
• The other words for this is Malware (Malicious Software), Badware, Rouge Program (a form of internet fraud using internet)
• Besides malicious programs there are non-malicious programs as well.
Malicious program cont…
• Malicious program is not a new concept, it was officially defined by Cohen in 1984, but the behaviour of the viruses was first observed in 1970.
• The damages caused because of malicious code are:
Potential damage can include modifying.
Destroying or stealing data.
Gaining or allowing unauthorised access to a system
Executing functions that a user never intended.
Malicious Programs
Viruses:
• Viruses: A hidden self-replicating section of computer software, usually malicious code that propagates by infecting (i.e. inserting a copy into becoming a part of) another program or system memory.
The viruses can damage your hardware, software or files and replicate themselves.
Categories of Viruses
1. Boot sector virus : • infect boot sector of systems.• become resident.• activate while booting machine
2. File virus :• infects program files.• activates when program is run.
Types of Viruses
• Can classify on basis of how they attack
• Parasitic virus
• Memory-resident virus
• Boot sector virus
• Stealth
• Polymorphic virus
• Macro virus
Transient Virus is active only when its host program is active.
Resident virus establishes itself in the computer’s memory & can remain active without its host.
Macro Virus attached to some data file
Email Virus spread using email with attachment containing a macro virus
Properties of Viruses
Virus program should be hard to detect by
anti-virus software. Viruses should be hard to destroy or deactivate. Spread infection widely. Should be easy to create. Be able to re-infect. Should be machine / platform independent, so
that it can spread on different hosts.
Example: Melissa virus
Worms:
• Worms: Reproducing programs that run independently and travel across network connections.
• “Famous” worms are:
- Morris Internet Worm(1988)
- Code Red : had triggered time for Denial of Service attacks.
- Code Red 2 : had backdoor installed to allow remote control.
- Nimba : use multiple infection i.e.email,share, web clients, etc.
Pikachu Worm: A K-12 Nightmare
This dialog box appears after the
PIKACHUPOKEMON.EXE file has been activated. Worm:
• Accesses Outlook Address Book
• Embeds code to delete Windows and Windows Subfolders upon Restart.• +: Does ask for permission to delete files with a “Y” command.
Virus v/s. Worms:
• Viruses require interaction whereas worms act on there own.
• Viruses has to relay on users transferring to infect files / programs while worms can use a network to replicate itself .
• Speed of worms is more
than viruses.
Trojan Horse:
• Trojan Horse: – A Trojan horse is a program in
which malicious or harmful code is present in such a way that it can get a control over the system & use to do its chosen form of damage.
─ Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive.
Continued…
• Trojan Horses appear to be useful or interesting to an unsuspecting user, but are actually harmful.
• A Trojan horse can be attached to any useful software by a cracker & can be spread by tricking users into believing that it is a useful program.
Damages caused by Trojans
• Erasing or overwriting data on a computer.• Corrupting files.• Installing a backdoor on a computer.• Spreading other malware, such as viruses,
hence they are also known as “dropper”.• Logging keystrokes to steal information
such as passwords & credit card numbers (known as key loggers).
Attack of Trojan Horse
• Trojan horse attacks any system in the following manner.
Situation of user after attack
Logic Bomb:
• Logic Bomb: A logic bomb is a type of Trojan Horse that executes when specific conditions occur. – Triggers for logic bombs can include
change in a file, by a particular series of keystrokes, or at a specific time or date.
– Suppose a programmer may hide a piece of code that starts deleting files.
Spyware
• A spyware is a computer
software which is installed
automatically when you surf
internet or when you install
free software.• Spyware is known to
change computer settings.
• Spyware collects various types of information like:
Internet surfing habits.Visited sites. Interfere in installing additional software.Redirect web browser activity.
Spyware is a legal program…..
• Here it is in the form of virus alerts.
Adware
• Adware is any software package which automatically plays, displays or downloads advertisements to a computer after the software is installed on it or while the application is being used.
• It’s a legal program.• Well known adware program is
“123 Messenger”
123 Messenger….
• Is in the form of popups & unexplained advertising programs in your computer.
• Advertising companies
hope to generate
money from customers
who receive the popups
or unexplained programs
on their computers
How to detect that your computer has a spyware or adware??
Continuous popups.Persistent change
in your homepage.Slower computer
processing, takes
the computer longer
to process or startup.
Software Security
• Only install necessary and trusted
software.
• Beware of *free* games, screen savers,
and graphics.
• Keep a hard copy of the copyright
release for all “free” products!
• Run and UPDATE anti-virus software!!
Thank you….