Malicious Code

Presented by:

Niki Patel

Hiralkumar Bhimani

Khyati Rajput

UVPCE, Ahmedabad

Guide: Prof. Ketan Savarkar

Contents

• Malicious Program

• Viruses

• Worms

• Trojan

• Logic Bombs

• Spywares

• Adwares

Malicious Program

• Malicious programs refers to a broad category of programs that can cause damage or undesirable effects to computer networks.

• The other words for this is Malware (Malicious Software), Badware, Rouge Program (a form of internet fraud using internet)

• Besides malicious programs there are non-malicious programs as well.

Malicious program cont…

• Malicious program is not a new concept, it was officially defined by Cohen in 1984, but the behaviour of the viruses was first observed in 1970.

• The damages caused because of malicious code are:

Potential damage can include modifying.

Destroying or stealing data.

Gaining or allowing unauthorised access to a system

Executing functions that a user never intended.

Malicious Programs

Viruses:

• Viruses: A hidden self-replicating section of computer software, usually malicious code that propagates by infecting (i.e. inserting a copy into becoming a part of) another program or system memory.

The viruses can damage your hardware, software or files and replicate themselves.

Categories of Viruses

1. Boot sector virus : • infect boot sector of systems.• become resident.• activate while booting machine

2. File virus :• infects program files.• activates when program is run.

Types of Viruses

• Can classify on basis of how they attack

• Parasitic virus

• Memory-resident virus

• Boot sector virus

• Stealth

• Polymorphic virus

• Macro virus

Transient Virus is active only when its host program is active.

Resident virus establishes itself in the computer’s memory & can remain active without its host.

Macro Virus attached to some data file

Email Virus spread using email with attachment containing a macro virus

Properties of Viruses

Virus program should be hard to detect by

anti-virus software. Viruses should be hard to destroy or deactivate. Spread infection widely. Should be easy to create. Be able to re-infect. Should be machine / platform independent, so

that it can spread on different hosts.

Example: Melissa virus

Worms:

• Worms: Reproducing programs that run independently and travel across network connections.

• “Famous” worms are:

- Morris Internet Worm(1988)

- Code Red : had triggered time for Denial of Service attacks.

- Code Red 2 : had backdoor installed to allow remote control.

- Nimba : use multiple infection i.e.email,share, web clients, etc.

Pikachu Worm: A K-12 Nightmare

This dialog box appears after the

PIKACHUPOKEMON.EXE file has been activated. Worm:

• Accesses Outlook Address Book

• Embeds code to delete Windows and Windows Subfolders upon Restart.• +: Does ask for permission to delete files with a “Y” command.

Virus v/s. Worms:

• Viruses require interaction whereas worms act on there own.

• Viruses has to relay on users transferring to infect files / programs while worms can use a network to replicate itself .

• Speed of worms is more

than viruses.

Trojan Horse:

• Trojan Horse: – A Trojan horse is a program in

which malicious or harmful code is present in such a way that it can get a control over the system & use to do its chosen form of damage.

─ Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive.

Continued…

• Trojan Horses appear to be useful or interesting to an unsuspecting user, but are actually harmful.

• A Trojan horse can be attached to any useful software by a cracker & can be spread by tricking users into believing that it is a useful program.

Damages caused by Trojans

• Erasing or overwriting data on a computer.• Corrupting files.• Installing a backdoor on a computer.• Spreading other malware, such as viruses,

hence they are also known as “dropper”.• Logging keystrokes to steal information

such as passwords & credit card numbers (known as key loggers).

Attack of Trojan Horse

• Trojan horse attacks any system in the following manner.

Situation of user after attack

Logic Bomb:

• Logic Bomb: A logic bomb is a type of Trojan Horse that executes when specific conditions occur. – Triggers for logic bombs can include

change in a file, by a particular series of keystrokes, or at a specific time or date.

– Suppose a programmer may hide a piece of code that starts deleting files.

Spyware

• A spyware is a computer

software which is installed

automatically when you surf

internet or when you install

free software.• Spyware is known to

change computer settings.

• Spyware collects various types of information like:

Internet surfing habits.Visited sites. Interfere in installing additional software.Redirect web browser activity.

Spyware is a legal program…..

• Here it is in the form of virus alerts.

Adware

• Adware is any software package which automatically plays, displays or downloads advertisements to a computer after the software is installed on it or while the application is being used.

• It’s a legal program.• Well known adware program is

“123 Messenger”

123 Messenger….

• Is in the form of popups & unexplained advertising programs in your computer.

• Advertising companies

hope to generate

money from customers

who receive the popups

or unexplained programs

on their computers

How to detect that your computer has a spyware or adware??

Continuous popups.Persistent change

in your homepage.Slower computer

processing, takes

the computer longer

to process or startup.

Software Security

• Only install necessary and trusted

software.

• Beware of *free* games, screen savers,

and graphics.

• Keep a hard copy of the copyright

release for all “free” products!

• Run and UPDATE anti-virus software!!

Thank you….