Viruses And Related

Threats

Intrusion Techniques
The objective of an intruder is to gain
access to a system or to increase the range
of privileges accessible on a system
This requires the intruder to acquire the
infor that should have been protected
In most cases this infor is in the form of a
user password
With the knowledge of some others
password , an intruder can log on to the
system and use all the privileges accorded
to the legitimate user

 Commonly used intrusion techniques are

Viruses , Worms and Trojan horse
1.Virus
Virus is a pgm that can infect other pgms by
modifying them
Modification includes a copy of the virus
pgm,which can then go on to infect other pgms
A computer virus carries in its instructional code
the recipe for making perfect copies of itself
Virus takes the temporary cntrl of the
computers OS
Then,when the infected computer comes into
contact with an uninfected piece of s/w,a fresh
copy of the virus passes into the new pgm

 Thus the infected pgm can be spread from

computer to computer by unsuspecting users
Nature of Viruses
Virus can do anything that other pgms do
The diff is that it attaches itself to another pgm
and executes secretly when the host pgm is run
Once a virus is executing it can then perform
any function such as erasing files and pgms
A virus has 4 stages during its lifetime:
1.Dormant Phase
Here the virus is idle.The virus in this stage will
be activated by some event or the presence of
another pgm etc
Not all virus have this stage

2.Propagation Phase
Here the virus places an identical copy of itself into
other pgms or system areas on disk
Each infected pgm will now contain the clone of
the virus, which itself enter into the propagation
phase
3.Triggering Phase
Here the virus is activates to perform the fun for
which it was intended
This phase can be caused by a variety of system
events including the no: of items that the virus has
made copies of itself
4.Execution Phase

The virus performs the function in this

phase, the function may be harmless such
as a msg on the screen or damaging such as
the destruction of pgms or files

Types Of Virus
1.Parasitic Virus
Traditional and most common form of virus
It attaches itself to executable files and
replicates
2.Memory resident Virus
Lodges in main memory as part of a
resident s/m pgm
From that point , the virus infects every
pgm that execute
3.Boot-sector Virus
Infects a master boot record and spreads
when a system is booted from the disk
containing the virus

4.Stealth Virus
It is explicitly designed to hide itself from
detection by antivirus s/w
5.Polymorphic Virus
A virus that mutates with every infection
making detection by the signature of the virus
impossible
It creates copies during replication that are
functionally equivalent but have diff bit patterns
Macro Virus
Macro virus is platform independent any h/w
platform and OS that supports word can be
infected by it
It infect documents, not executable portions of
code. Most of the info is the form of a doument
rather than a pgm

 Macro viruses are easily spread, a

very common method is by electonic
mail
2.Worms
N/w
worm
pgms
uses
n/w
connections to spread from system
to system
When it is active once in a
system,then it behave as a virus or a
bacteria
To replicate itself a n/w worm uses
some n/w vehicles
Eg:E-mail facility:A worm mails a copy

Remote execution capability: A worm

executes a copy of itself on another system
Remote login capability: A worm logs onto a
system as a user and then uses commands
to copy itself from one system to the other
The new copy is then run on the remote
system
A
n/w
worm
exhibits
the
same
characteristics of a computer virus
It also has a
1.Dormant phase
2.Propagation phase
3.Triggering phase
4.Execution phase

 The propagation phase performs the

following fun
1.Search for other system to infect
2.Establish a connection with a remote
system
3.Copy itself to the remote system and
causes the copy to run
A n/w worm also determines whether
the s/m has previously been infected
or not

Trojan Horse
A Trojan horse is a pgm or command
procedure containing hidden code that
when invoked performs some unwanted or
harmful fun
Trojan horse pgms can be used to
accomplish funs indirectly that an
unauthorized user could not accomplish
directly
To gain access to the files of another user
on a shared s/m, a user could create a
Trojan horse pgm that when executed
changed the users file permissions so that
the files are readable by any user

 After another user has run the pgm the

author can then access the information in
the users file
Eg of a trojan horse pgm that woulg be
difficult to detect is a compiler that has
been modified to insert additional code
into certain pgms as they are compiled
The code creates a trap door in the login
pgm that permits the author to log on to
the s/m using a special psswd
The trojan horse can never be discovered
by reading the source code of the login
pgm
Another motivation of trojan horse is data
destruction.