1 / 17

What is Malcode?

Dr. Richard Ford rford@fit.edu. What is Malcode?. What are we going to talk about?. Fundamental Definitions What is Malcode? Malcode Overview Follows: Szor Ch.1 & 2. How I Got Involved. Like most researchers, I got hit by a Virus

alva
Télécharger la présentation

What is Malcode?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr. Richard Ford rford@fit.edu What is Malcode?

  2. What are we going to talk about? • Fundamental Definitions • What is Malcode? • Malcode Overview • Follows: Szor Ch.1 & 2.

  3. How I Got Involved • Like most researchers, I got hit by a Virus • I disassembled the virus, and began on this wonderful journey of discovery… • Making every possible mistake on the way!

  4. Malicious Code v. MMC • MMC = Malicious Mobile Code • Critical word: Mobile • MMC is designed to move from one machine to another

  5. Type of Malcode • Viruses • Trojan Horses • Worms • Blended threats

  6. Virus • A virus is a malicious program that modifies other host files or boot areas to replicate. In most cases, the host object is modified to contain a complete copy (possibly evolved) of the malicious program code. The newly-infected object is capable of spreading the “infection” further

  7. Trojan • A Trojan, or Trojan Horse, is a non-replicating program masquerading as one type of program with its real intent hidden from the user.

  8. Worm • A worm is a piece of replicating code that uses its own program coding to spread with minimal user intervention. Unlike viruses worms do not “infect” other programs or boot sectors

  9. Blended Threat • Replication + something else bad (like an exploit)

  10. Spyware • A technology that aids in gathering information about a user or content of a machine without that user’s knowledge

  11. Adware • Pretty much Spyware that tells you exactly what it’s going to do… • Always read the EULA…

  12. “Pest” • Colloquial but descriptive • “Any piece of software that the user doesn’t want”

  13. Other Terms… • In The Wild • Dr0pper • “Generation 0”<- this is a zero • Payloads • Rootkit

  14. Naming Viruses? • Interesting problem • Go ahead and read: http://www.virusbtn.com/magazine/archives/pdf/2003/200303.pdf: (p14) That Which We Call Rose.A • What really is in a name? • For the other side, read http://www.virusbtn.com/magazine/archives/200301/caro.xml or Szor Chapter 2, 2.5.

  15. Discussion • What is the goal of virus naming? • Assignment: Read Szor Ch.1 & 2 for Tuesday’s class

  16. “Good” viruses? • Is there any such thing as a good virus? • What do you think about this: http://www.samspublishing.com/articles/printerfriendly.asp?p=337309&rl=1

  17. Next Lesson • Viruses and their environment…

More Related