Viruses, Worms and Trojan Horses

security

Viruses, Worms and Trojan Horses

August 19, 2010

Author unknown it was still worth publishing

• Virus

• Program that reproduces by attaching to another program

• May damage data directly or it may degrade system performance by taking over system resources, which are then not available to authorized users

• Worm

• An independent program that reproduces by copying itself from one system to another, usually over a network

• May damage data directly, or it may degrade system performance by consuming system resources and even shutting down a network

• Trojan horse

• An independent program that appears to perform a useful function but that hides another unauthorized program inside it. When an authorized user performs the apparent function, the Trojan horse performs the unauthorized function as well (often usurping the privileges of the user)

Malicious Programs

• Those that need a host program

• Fragments of programs that cannot exist independently of some application program, utility, or system program

• Independent

• Self-contained programs that can be scheduled and run by the operating system

Trapdoor

• Entry point into a program that allows someone who is aware of trapdoor to gain access

• Used by programmers to debug and test programs

• Avoids necessary setup and authentication

• Method to activate program if something wrong with authentication procedure

Logic Bomb

• Code embedded in a legitimate program that is set to “explode” when certain conditions are met

• Presence or absence of certain files

• Particular day of the week

• Particular user running application

Trojan Horse

• Useful program that contains hidden code that when invoked performs some unwanted or harmful function

• Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly

• User may set file permission so everyone has

Viruses

• Program that can “infect” other programs by modifying them

• Modification includes copy of virus program

• The infected program can infect other programs

Worms

• Use network connections to spread form system to system

• Electronic mail facility

• A worm mails a copy of itself to other systems

• Remote execution capability

• A worm executes a copy of itself on another system

• Remote log-in capability

• A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other

Zombie

• Program that secretly takes over another Internet-attached computer

• It uses that computer to launch attacks that are difficult to trace to the zombie’s creator

Virus Stages

• Dormant phase

• Virus is idle

• Propagation phase

• Virus places an identical copy of itself into other programs or into certain system areas on the disk

Virus Stages

• Triggering phase

• Virus is activated to perform the function for which it was intended

• Caused by a variety of system events

• Function is performed

Types of Viruses

• Parasitic

• Attaches itself to executable files and replicates

• When the infected program is executed, it looks for other executables to infect

• Memory-resident

• Lodges in main memory as part of a resident system program

• Once in memory, it infects every program that executes

Types of Viruses

• Boot sector

• Infects boot record

• Spreads when system is booted from the disk containing the virus

• Stealth

• Designed to hide itself form detection by antivirus software

• May use compression

Types of Viruses

• Polymorphic

• Mutates with every infection, making detection by the “signature” of the virus impossible

• Mutation engine creates a random encryption key to encrypt the remainder of the virus

• The key is stored with the virus

Macro Viruses

• Platform independent

• Most infect Microsoft Word

• Infect document, not executable portions of code

• Easily spread

Macro Viruses

• A macro is an executable program embedded in a word processing document or other type of file

Type above and press enter or press close to cancel.

Blog

Viruses, Worms and Trojan Horses

Author unknown it was still worth publishing

• Virus

• Program that reproduces by attaching to another program

• May damage data directly or it may degrade system performance by taking over system resources, which are then not available to authorized users

• Worm

• An independent program that reproduces by copying itself from one system to another, usually over a network

• May damage data directly, or it may degrade system performance by consuming system resources and even shutting down a network

• Trojan horse

• An independent program that appears to perform a useful function but that hides another unauthorized program inside it. When an authorized user performs the apparent function, the Trojan horse performs the unauthorized function as well (often usurping the privileges of the user)

Malicious Programs

• Those that need a host program

• Fragments of programs that cannot exist independently of some application program, utility, or system program

• Independent

• Self-contained programs that can be scheduled and run by the operating system

Trapdoor

• Entry point into a program that allows someone who is aware of trapdoor to gain access

• Used by programmers to debug and test programs

• Avoids necessary setup and authentication

• Method to activate program if something wrong with authentication procedure

Logic Bomb

• Code embedded in a legitimate program that is set to “explode” when certain conditions are met

• Presence or absence of certain files

• Particular day of the week

• Particular user running application

Trojan Horse

• Useful program that contains hidden code that when invoked performs some unwanted or harmful function

• Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly

• User may set file permission so everyone has

Viruses

• Program that can “infect” other programs by modifying them

• Modification includes copy of virus program

• The infected program can infect other programs

Worms

• Use network connections to spread form system to system

• Electronic mail facility

• A worm mails a copy of itself to other systems

• Remote execution capability

• A worm executes a copy of itself on another system

• Remote log-in capability

• A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other

Zombie

• Program that secretly takes over another Internet-attached computer

• It uses that computer to launch attacks that are difficult to trace to the zombie’s creator

Virus Stages

• Dormant phase

• Virus is idle

• Propagation phase

• Virus places an identical copy of itself into other programs or into certain system areas on the disk

Virus Stages

• Triggering phase

• Virus is activated to perform the function for which it was intended

• Caused by a variety of system events

• Function is performed

Types of Viruses

• Parasitic

• Attaches itself to executable files and replicates

• When the infected program is executed, it looks for other executables to infect

• Memory-resident

• Lodges in main memory as part of a resident system program

• Once in memory, it infects every program that executes

Types of Viruses

• Boot sector

• Infects boot record

• Spreads when system is booted from the disk containing the virus

• Stealth

• Designed to hide itself form detection by antivirus software

• May use compression

Types of Viruses

• Polymorphic

• Mutates with every infection, making detection by the “signature” of the virus impossible

• Mutation engine creates a random encryption key to encrypt the remainder of the virus

• The key is stored with the virus

Macro Viruses

• Platform independent

• Most infect Microsoft Word

• Infect document, not executable portions of code

• Easily spread