KELOMPOK 5

MALICIOUS SOFTWARE
WHAT IS MALICIOUS SOFTWARE?

• Maybe one day your computer never runs unusually. Starting from the length
of loading up to the Registry crash ..
• Malicious Software is an application program that functions to damage /
harming the victim's computer.
• Bacteria:
Programs that consume system resources by replicating itself. the bacteria does not explicitly
damage the file. The purpose of this program is only one that replicates itself. a simple bacteria
program can only execute two copies of itself simultaneously on a multiprogramming system or
create two new files, each copying the program files of the bacteria. Both copies are then copied
twice, and so on.
• Logic bomb:
Logic attached to a computer program to check for a set of conditions in the system. When the
conditions are met, logic executes a function that produces unauthorized actions.
logic bomb attached to an official program set to explode when certain conditions are met.
Examples of conditions for triggering a logic bomb are the presence or absence of certain files, certain
days of weeks or dates, or users running certain applications. once triggered, the bomb changes or
deletes the data or the entire file, causing the engine to stop, or to do other damage.
• Trapdoor:
The secret, undocumented entry points in one program to grant access without normal
authentication methods.
Trapdoor has been used correctly for many years by programmers to search for program errors.
debugging and testing is usually done pemogram when developing applications.for programs that
have authentication procedures or old setup or require the user to enter different values to run the
application then debugging will be long if it has to go through those procedures. to debug this type of
program, the developer creates special authority or eliminates the need for setup and authentication.
Trapdoor is a code that accepts a special input line or is triggered by running a specific user ID or a
certain row of crimes. the trapdoor becomes a threat when malicious programmers use it to obtain
unauthorized pengkesan.
in the real case, the auditor (software checker) can find the trapdoor on the software product where
the name of the software creator exists as a password that bypasses the software protection it
creates. it is difficult to implement software controls for the trapdoor.
• Trojan horse:
An undocumented secret routine is embedded in a useful program. Useful programs contain hidden
code that when executed performs an undesirable function. Program execution causes this secret
routine execution.
Trojan horse programs are used to perform functions indirectly where unauthorized users can not do
it directly. For example, in order to access other users' files on a shared system, the user can create a
trojan horse program.
this Trojan horse when the program is executed will change the file permissions so that the files can
be read by any user. the program's creator can deploy to users by placing the program in a shared
directory and naming the program in such a way as to be a useful utility program.
a hard-to-detect Trojan horse program is a modified compiler that inserts extra code into certain
programs once it is compiled, such as a login program. The code creates a trapdoor on a login
program that allows the creator logs into the system using a special password. this type of trojan
horse can never be found if only read the source program. Another motivation of Trojan horses
is data destruction. Programs appear as performing useful functions (such as a calculator), but
also secretly deleting user files.
Trojan horses usually attached to programs or routines taken from BBS, internet, and so forth.
• Virus:
Code embedded in a program that causes copying itself to be inserted into one or more other
programs, by modifying those programs.
Modification is done by inserting a copy of a virus program that can infect other programs.
other than just progasi, the virus usually performs undesirable functions.
Inside a computer virus, there is an instruction code that can make a perfect copy of itself.
when the infected computer is in contact with the uninfected software, the virus copy enters a
new program. Infection can spread from computer to computer through users who exchange
disks or send programs over the network. in the network environment, the ability to access
applications and other computer services is a perfect facility of the spread of the virus.
Problems caused by viruses are viruses often damage computer systems such as deleting files,
disk partitions, or disrupt programs.
• Worm:
a program that can replicate itself and send copies from computer to computer over a network
connection. Upon arrival, the worm is enabled to replicate and re-program. In addition to
propagation only, the worm usually performs undesirable functions.
network worms use network connections to spread from system to system. Once active in a system, a
network worm can act like a virus or bacteria, or paste a trojan horse program or perform a number
of annoying or destructive actions.
to replicate itself, the network worm uses a network service, such as: The electronic mail facility, the
worm sends itself copies to other systems.
remote execution capability, ie the worm executes copies of itself on other systems.
Remote login capability (remote login capability), a worm log on a remote system as a user and then
using commands to copy itself from one system to another. copies of new worm programs and then
runs on remote systems and performs other functions performed on the system, the worm continues
to spread in the same way.
network worm has the same characteristics as computer virus, which has the same phases, namely:
Dormant phase, propagation phase, Trigerring phase, Execution phase.
the network worm also tries to determine whether the previous system has been infected before
sending copies of itself to the system.
Thank you