1 / 17

Malicious Software

Malicious Software. High-tech section of chapter 3. Malicious Software. Application software consists of programs designed to make users more productive and/or assist with personal tasks. Growth of internet simplified the spread of malware

gina
Télécharger la présentation

Malicious Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malicious Software High-tech section of chapter 3

  2. Malicious Software • Application software consists of programs designed to make users more productive and/or assist with personal tasks. • Growth of internet simplified the spread of malware • Most personal computer are being or have been infected by some malware • Most people think they are safe under the protection of anti-virus software • Malware, short for malicious software or malicious-logic program, consists of programs designed to disrupt computer operation, gather sensitive information, gain unauthorized access to, or even control computer systems remotely. • Virus • Disruption • Trojan • Gather information, gain unauthorized access • Rootkit • Hide other malware so that they are hard to detect even using anti-virus software.

  3. Virus • Computer virus: A program that can replicate itself, conceal itself and deliver the payload. • The payload: destructive event or prank • Some virus has the functionality of mutation.

  4. Virus • How it Spreads

  5. Virus • Execution phases • Infection • Replication • Concealment • Setting up Trigger • Delivery • Deliver the actual activity which may harm the infected computer or just display a prank

  6. Virus • Replication • Hide in one legal file • Macro(a way to create a shortcut for a task) • In macro language of document file: for example, word • Executable file • Change the instructions of an legal executable file • Master boot record • Load itself whenever the computer starts • Once the infected file is executed or opened, the virus copy itself and attach the copies to other legal files in the computer.

  7. Virus • Replication

  8. Virus • Concealment • Hide in fake code sections • Polymorphic virus: Can mutate by changing its own code.

  9. Virus • Setting up trigger • Purpose of virus • Display a prank • Disrupt your hard disk • Cause irregular screen behavior • Disable certain functionalities • And more…. • May do nothing but copying themselves and kept spreading

  10. Virus • Setting up trigger • According to the purpose, the virus will be configured to activate under certain conditions. • Logic Bomb: Activate when virus detects certain condition • Example: If user is logging on, then display a message saying that the users are infected.(prank virus) • Time Bomb: Activate when it is certain time and date. • Example: Ifit is year 2012, then display a message saying that the doom day is coming. • A time bomb is also a logic bomb

  11. Virus • Execution phases • Infection • Replication • Concealment • Setting up Trigger • Delivery • Deliver the actual activity (in the payload) which may harm the infected computer or just display a prank.

  12. Other electronic annoyances • Worm • Resides in active memory and replicates itself over the network to infect machines • Trojan horses • disguise themselves as legal application, however providing unauthorized access or sensitive information to malicious remote users • Rootkit • is a program that easily can hide and allow someone to take full control of your computer from remote location, often for nefarious purposes.

  13. Protect your computer • Symptoms of malware attacks • Computer can’t boot up properly • Screen sometimes freezes • System frequently crashes • Abnormal hard disk activities • Computer runs slower than usual

  14. Protect your computer • Solution • Run a fun disk scan using your anti-virus applications • If nothing was found • Look up the running processes • Ctrl-alt-delete open task manager • Regular process should have a regular name. (afege10x98.exe is obviously a suspicious process) • Look up the registry. (Don’t try if you are not familiar with it)

  15. Protect your computer • Smalltalk: • Why anti-virus sometimes doesn’t work • Anti-virus application provides: • Specialists who are responsible for discovering new malware • For found malware, give it a signature and identify the characteristics of the code it will inject into the infected files. • These signature- characteristics pairs will be stored in the definitions of the anti-virus application. • Users download the definitions to their local machines and go over the files to see if any of them contains the characteristics • Problem: It can only detect known malware, but most of the spreading malware kept unknown!

  16. Conclusions • Protecting your computer requires

  17. References http://www.securelist.com/en/descriptions/Email-Worm.Win32.Magistr.a http://techblog.avira.com/2008/12/19/cleaning-polymorphous-infected-files/en/

More Related