Download as pdf or txt
Download as pdf or txt
You are on page 1of 25


(Malicious Ware)

04/13/15 1
Malicious Programs
• Two categories:

Those that need a host program –
fragments of programs - parasitic

Those that are independent – self
• Some replicate – used as a differentiator

04/13/15 2
Taxonomy of Malicious Programs

04/13/15 3
Malicious Programs
• Logic Bombs: logic embedded in a program that checks
for a set of conditions to arise and executes some
function resulting in unauthorized actions
• Trapdoors: secret undocumented entry point into a
program, used to grant access without normal methods
of access authentication (e.g.,War Games)

04/13/15 4
Trojan Horse

04/13/15 5
Malicious Programs

• Trojan Horse: secret undocumented routine embedded

within a useful program, execution of the program results
in execution of the routine
• Common motivation is data destruction

04/13/15 6
Malicious Programs
• Zombie: a program that secretly takes over an Internet
attached computer and then uses it to launch an
untraceable attack
• Very common in Distributed Denial-Of-Service attacks

04/13/15 7

04/13/15 8
• Viruses: code embedded within a program that
causes a copy of itself to be inserted in other
programs and performs some unwanted function
• Infects other programs
• Code is the DNA of the virus

04/13/15 9

04/13/15 10

• Worms: program that can replicate itself and send copies

to computers across the network and performs some
unwanted function
• Uses network connections to spread from system to

04/13/15 11
• Bacteria: consume resources by replicating
• Do not explicitly damage any files
• Sole purpose is to replicate themselves
• Reproduce exponentially
• Eventually taking up all processors, memory or disk

04/13/15 12

• A trapdoor is a deliberate hole built in to a computer

program, which can be used to gain unauthorised access
to a computer or network.

• Standard service on non-standard port, or on standard

port associated with different service. Examples
o Rlogin
o Telnet
o Root shell
• A rootkit is a malicious program/computer virus designed
to take total control over a computer or IT system. The
rootkit stands above system administrators, which
means that not even the operating system is aware of its
Nature of Viruses
Four stages of virus lifetime
• Dormant phase: virus idle
• Propagation phase: cloning of virus
• Triggering phase: virus activation
• Execution phase: unwanted function performed

04/13/15 16
Avoiding Detection
• Infected version of program is longer than the
corresponding uninfected one
• Solution: compress the executable file so infected
and uninfected versions are identical in length

04/13/15 17
Avoiding Detection

04/13/15 18
Compression Program

infected uninfected

04/13/15 19
Types of Viruses
• Parasitic Virus: attached to executables, replicates
when program is executed
• Memory-resident virus: part of a resident system
program, affects every program executed
• Boot sector virus: infects a master boot record and
spreads when system is booted from infected disk

04/13/15 20
Types of Viruses
• Stealth virus: virus designed to hide itself from
detection by antivirus software (compression,
interception of I/O logic)
• Polymorphic virus: mutates with every infection
making detection by “signature” impossible (mutation
• Macro virus: infects Microsoft Word docs; 2/3’s of all

04/13/15 21
Macro Viruses

• 2/3s of all viruses

• Mainly Microsoft products – platform independent
• Affect documents not executables
• Easily spread by e-mail
• Autoexecuting macro is the culprit

04/13/15 22
• Uses network connections to spread from system to
• Similar to a virus – has same phases: dormant,
propagation, trigger and execution
• Morris Worm – most famous
• Recent: OSX.Leap.A, Kama Sutra,Code Red

04/13/15 23
Important URLs
Originally DARPA’s computer emergency response
team. An essential security site
IBM’s site on virus information. Very good papers – a
little outdated
An Emerging Threat to Diplomacy, another Denning
term along with Information Warfare Security Resources
Center – Virus information and alerts

04/13/15 24
Deadline: 12th April, 2010

• Group1: Write a ten pages essay answering the question:

Why is microsoft operating system vulnerable to different
types of malware(e.g. viruses, spyware, worms etc)
• Group2: Write a ten pages essay answering the question:
Why is linux operating system not vulnerable to different
types of malware (e.g. viruses, spyware, worms etc)
• Group3: Write a ten pages essay on application of
information security in e-voting.
• Group4: Write a ten pages essay on the distinction
between e-health and e-banking information security.

You might also like