malicious code
play

Malicious Code Karlstads universitet mCrowds: Anonymity for the - PDF document

Dec 13, 2023 •364 likes •442 views

2005-10-12 Malicious Code an Increasing Problem Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads universitet DAV C19 Applied Security 2 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Media

  1. 2005-10-12 Malicious Code an Increasing Problem Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads universitet DAV C19 – Applied Security 2 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Media Publicity Different Malicious Code Malicious code (“Virus”) Virus Worms Malicious Trojans Logical Trap Scripts Bombs doors Replicate Karlstads universitet 3 DAV C19 – Applied Security Karlstads universitet 4 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Virus Boot Virus • A malicious piece of code that • Hard drive virus spreads itself from file to file – Infects the Master Boot Record (MBR) of the hard drive before OS is loaded • Need a host file Infected File – Spreads via bootable device, e.g. floppy disc • Different types of viruses – Boot virus – Program viruses – Macro virus Virus as payload Karlstads universitet 5 DAV C19 – Applied Security Karlstads universitet 6 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Datavetenskap, Karlstads universitet 1

  2. 2005-10-12 Program Virus Example: Chernobyl/CIH (1998) • Infects executable programs on the computer by • Destroys flash BIOS appending itself to the code • Makes data on hard drive unreadable • Was triggered on every 26 th of April – “Logical bomb” functionality Karlstads universitet DAV C19 – Applied Security Karlstads universitet DAV C19 – Applied Security 7 8 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Macro Virus Auto Executing Macros in Word 1. Command macro • Set of macro commands for a specific application • If a macro stored in a global macro file, or attached to a document, which automatically executes and spreads to that has the same name as an existing Word command (e.g. “Save applications documents file”), the macro is executed whenever a user performs that command • Normally spread via Office applications (Visual 2. Autoexecute Basic macros in Word, Excel, etc) • A macro named “AutoExec” in template “normal.dot” or in global • Macros are spread via e-mail attachments template in Words startup directory is always executed when Word is started 3. Automacro 1011011 • An “automacro” is executed when a specific event occurs, e.g. 010 opening a document or quitting Word Karlstads universitet 9 DAV C19 – Applied Security Karlstads universitet 10 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Example: Concept Virus Malicious Scripts • Malicious scripts written in JavaScript, VBScript, • When infected document is opened – If not already existing, creates the macro “FileSaveAs” in the Active X controls, etc. “NORMAL.DOT” template in Word • Hidden in e-mails or web sites. Can also be part – Also creates macro that contains message: of viruses or worms Sub MAIN REM That's enough to prove my point • Cross-site scripting End Sub vulnerabilities let scripts • When user chooses “Save As” in execute in user’s browser the menu, the macro FileSaveAs or even locally always executes – User cannot specify which drive to save to and cannot specify file type Karlstads universitet 11 DAV C19 – Applied Security Karlstads universitet 12 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Datavetenskap, Karlstads universitet 2

  3. 2005-10-12 Trojans Logical Bombs • “Trojan Horse” • Malicious code programmed to be activated on • Programs with hidden a specific date/time malicious functionalities • Action could be everything from format hard drive to display a silly message • Appears to be screen savers, games, or other • Often combined with “useful” programs virus/worm (e.g. Chernobyl virus) Karlstads universitet DAV C19 – Applied Security Karlstads universitet DAV C19 – Applied Security 13 14 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Trapdoors Worm • A secret entry point into a • A malicious piece of code that spreads itself program that allows someone from computer to computer aware of the trap door to gain • A worm needs no host file access without going through • Can spread via normal security procedures – E-mail attachments • Usually left by programmers for – LAN or Internet debugging and testing purposes, intentionally or unintentionally Karlstads universitet 15 DAV C19 – Applied Security Karlstads universitet 16 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Example: ILOVEYOU Example: Code Red • Starts to spread when uses clicks on an e-mail • A worm that spread via attachment (ILOVEYOU.TXT .vbs ) Extension sometimes hidden HTTP exploiting a buffer- automatically by Windows overflow vulnerability – The attachment is a malicious Visual Basic Script masked as a text file • Spreads automatically – The script executes locally in Windows Scripting Host, when visiting web site where it first changes registry settings about the – I.e. does not require privileges of scripts, and then starts to spread itself via for “human hand” to spread example the contact list • Requires “human hand” to spread, therefore sometimes called virus (e.g. in Stallings book) Karlstads universitet 17 DAV C19 – Applied Security Karlstads universitet 18 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Datavetenskap, Karlstads universitet 3

  4. 2005-10-12 Vulnerabilities Vulnerabilities • A vulnerability is a security weakness in a • Buffer Overflow program/OS that could be exploited by malicious – Occurs when a program writes more information into software, e.g. viruses/worms the buffer than the space it has allocated in the memory. This allows an attacker to (1) overwrite data • Microsoft rolls out update patches that tries to that controls the program execution path and (2) hijack patch novel vulnerabilities the control of the program to (3) execute the attacker’s code instead the process code Example: http://nsfsecurity.pr.erau.edu/bom/Smasher.html Example: http://nsfsecurity.pr.erau.edu/bom/Smasher.html Karlstads universitet DAV C19 – Applied Security Karlstads universitet DAV C19 – Applied Security 19 20 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Vulnerabilities Blended Threats • Unvalidated input • Advanced malicious code that – Information from web requests is not validated before combines the characteristics of being used by a web application. Attackers can use viruses, worms, Trojans and these flaws to attack (by injecting malicious code) malicious scripts are sometimes backside components through a web application called “blended Threats” • Cross site scripting, script injection, … • Exploit vulnerabilities in programs – The web application can be used as a mechanism to or operating systems transport an attack to an end user’s browser – Nowadays often Microsoft OS/apps – Clicking links in web pages or emails, etc, lets remote – Why is that? (malicious) scripts execute in the user’s browser Karlstads universitet 21 DAV C19 – Applied Security Karlstads universitet 22 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Blended Threats Example: Appix (Sep, 2002) • Worms are spread by exploiting vulnerabilities and • A combined worm, virus and Trojan horse often does not require human intervention • Exploits vulnerabilities in Outlook Express and • 2 nd generation of worms automatically searches Internet Explorer for vulnerable computers and infects them • Can infect directly from a web page • Whole Internet can be infected in less than 20 • Uses an own SMTP server minutes • Spreads via e-mail, KaZaA or eDonkey2000 • Kills anti virus software and personal firewalls Karlstads universitet 23 DAV C19 – Applied Security Karlstads universitet 24 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Datavetenskap, Karlstads universitet 4

  5. 2005-10-12 Example: Sasser (May, 2004) Viruses in Mobile Phones • Mobile phones starting to behave like small • Starts up an FTP server and automatically scans computers with Internet access randomly chosen IP addresses for vulnerabilities – Not to mention PDAs… • 128 threads that scans IP addresses are started � The virus problem will probably spread to – System will be very slow • Stops user from shutting down computer mobile phones in the near future Karlstads universitet DAV C19 – Applied Security Karlstads universitet DAV C19 – Applied Security 25 26 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Viruses in Mobile Phones Viruses in Mobile Phones Fall 2005… Spring 2005… Karlstads universitet 27 DAV C19 – Applied Security Karlstads universitet 28 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Hacker Tools Example: Back Orifice Back Orifice Remotely control other computers. Similar programs: NetBus Karlstads universitet 29 DAV C19 – Applied Security Karlstads universitet 30 DAV C19 – Applied Security Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Datavetenskap, Karlstads universitet 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 29 March 2007 SYN Cookies (contd) SYN Cookies (contd) SYN cookies are particular choices of initial TCP sequence numbers

868 views • 62 slides
Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke Chair for System Security 1 Introduction 2 Malicious Code in SDN 3 Access Control in SDN 4 Conclusions Software-Defined Networks|Horst Grtz

418 views • 19 slides
Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer Vienna University of Technology Alessandro Di Federico Politecnico di Milano Federico Maggi Politecnico di Milano Paolo Milani Comparetti Vienna

566 views • 27 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
Untangling the code An overview of techniques to reverse engineer malicious software Prashant

Untangling the code An overview of techniques to reverse engineer malicious software Prashant

Untangling the code An overview of techniques to reverse engineer malicious software Prashant Gupta Security Architect, McAfee Inc. June 3, 2013 McAfee Confidential Internal Use Only Abstract Reverse engineering and analysis of binary code

381 views • 20 slides
Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often masquerades as good software or attaches itself to good software Some malicious programs need host programs Trojan horses, logic bombs, viruses

624 views • 40 slides
Vulnerabilities: Malicious Code Class 10 P&P: Ch 3.3, 3.4 1 CIS-5372: 9.Nov.2011

Vulnerabilities: Malicious Code Class 10 P&P: Ch 3.3, 3.4 1 CIS-5372: 9.Nov.2011

Vulnerabilities: Malicious Code Class 10 P&P: Ch 3.3, 3.4 1 CIS-5372: 9.Nov.2011 Announcement Presence sheet Solution to Homework 2 is out Grades will follow 2 CIS-5372: 9.Nov.2011 What Did We Cover Before ?

1.02k views • 71 slides
CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive, insider/outsider

347 views • 33 slides
CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive, insider/outsider

638 views • 16 slides
Engineering Challenges in Immunizing Systems Against Malicious Code Craig Chamberlain Principal

Engineering Challenges in Immunizing Systems Against Malicious Code Craig Chamberlain Principal

Engineering Challenges in Immunizing Systems Against Malicious Code Craig Chamberlain Principal Technical Consultant Verdasys, Inc. Background Organizations are confronted with troubling developments the malware problem phenomenon

581 views • 27 slides
Pinkslipbot: A deep look at how malicious code adapts and evolves Guilherme Venere Malware

Pinkslipbot: A deep look at how malicious code adapts and evolves Guilherme Venere Malware

Pinkslipbot: A deep look at how malicious code adapts and evolves Guilherme Venere Malware Researcher Anti Malware Operation Team Know Your Enemy Server-side polymorphic worm. EXE and DLL modules First seen around 2007 Features

662 views • 19 slides
Tomer Teller Why are we here? (one of many reasons) A malicious program: Allocates memory

Tomer Teller Why are we here? (one of many reasons) A malicious program: Allocates memory

Adi Hayon Tomer Teller Why are we here? (one of many reasons) A malicious program: Allocates memory in a remote process (and write to it) Executes the code in that memory region Frees the code Memory dump taken at the end of

373 views • 22 slides
Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for Networks and Trap doors System Software Logic bombs May 12, 2002 Worms Examples Lecture 11 Lecture 11 Page 1 Page 2 CS 239,

234 views • 12 slides
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on mechanisms/bypasses

638 views • 52 slides
Technology Department Bob Pattison IT Director Joe Thomas PC Technician Julius Ramirez

Technology Department Bob Pattison IT Director Joe Thomas PC Technician Julius Ramirez

Technology Department Bob Pattison IT Director Joe Thomas PC Technician Julius Ramirez PC Technician Budget $184,013 1200 computers VPN with town Interface between

503 views • 6 slides
Digital Privacy: Hands-on Tactics & Tools for Libraries Workshop 2 1 About Us This is a

Digital Privacy: Hands-on Tactics & Tools for Libraries Workshop 2 1 About Us This is a

Digital Privacy: Hands-on Tactics & Tools for Libraries Workshop 2 1 About Us This is a collaboration with: Brooklyn Public Library Metropolitan New York Library Council (METRO) New America and London School of Economics

660 views • 55 slides
OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers Cryptography Network security System security Web security (recap) Protection File systems implement a protection system Who

800 views • 30 slides
Why Phishing is Different on Mobile Aaron Cockerill Gartner Security & Risk Management Summit

Why Phishing is Different on Mobile Aaron Cockerill Gartner Security & Risk Management Summit

Why Phishing is Different on Mobile Aaron Cockerill Gartner Security & Risk Management Summit 2018 1 The world has changed The corporate data center is in the cloud Starbucks is the new corporate Wi-Fi Employees have all gone mobile

733 views • 37 slides
Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May

Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May

Density-based vs. Proximity-based Anycast Routing for Mobile Networks Vincent Lenders, Martin May and Bernhard Plattner Department of Information Technology and Electrical Engineering Swiss Federal Institute of Technology (ETH) Z urich,

464 views • 13 slides
Internet Anycast: Performance, Problems and Potential Zhihao Li , Dave Levin, Neil Spring, Bobby

Internet Anycast: Performance, Problems and Potential Zhihao Li , Dave Levin, Neil Spring, Bobby

Internet Anycast: Performance, Problems and Potential Zhihao Li , Dave Levin, Neil Spring, Bobby Bhattacharjee University of Maryland 1 Anycast is increasingly used DNS root servers: All 13 DNS root servers Open DNS resolvers:

672 views • 33 slides
Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA

Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA

Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA 10/14/08 Anycast definitions Anycast addressing assigning a common IP address to multiple instance of the same service.. 1 Anycast

794 views • 19 slides
RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address Auto Configuration Prof. Anja Feldmann, Philipp S. Tiesel, Thorben Krger, Apoorv Shukla IPv6 Scoped Address Architecture IPv6 addresses have

679 views • 19 slides

More recommend