trojan horses
play

Trojan Horses Seemingly useful program that contains code that does - PowerPoint PPT Presentation

Nov 19, 2022 •343 likes •581 views

Trojan Horses Seemingly useful program that contains code that does harmful things When you run it, the Greeks creep out and slaughter your system Lecture 12 Page 1 CS 236 Online Basic Trojan Horses A program you pick up somewhere

  1. Trojan Horses • Seemingly useful program that contains code that does harmful things • When you run it, the Greeks creep out and slaughter your system Lecture 12 Page 1 CS 236 Online

  2. Basic Trojan Horses • A program you pick up somewhere that is supposed to do something useful • And perhaps it does – But it also does something less benign • Games are a common location host program • Downloaded applets are also popular • Frequently found in email attachments • Bogus security products also popular • Flash drives are a hardware vector Lecture 12 Page 2 CS 236 Online

  3. Recent Trends in Trojan Horses • Hand of Thief Trojan specifically designed to attack Linux boxes – Which are often regarded as particularly safe . . . • Trojan designed for Android being used in banking scams • North Korea using Kimsuky Trojan to spy on South Korea • Obad Trojan spreading via mobile machine botnets Lecture 12 Page 3 CS 236 Online

  4. Trapdoors • Also known as back doors • A secret entry point into an otherwise legitimate program • Typically inserted by the writer of the program • Most often found in login programs or programs that use the network • But also found in system utilities Lecture 12 Page 4 CS 236 Online

  5. Trapdoors and Other Malware • Malware that has taken over a machine often inserts a trapdoor • To allow the attacker to get back in – If the normal entry point is closed • Infected machine should be handled carefully to remove such trapdoors – Otherwise, attacker comes right back Lecture 12 Page 5 CS 236 Online

  6. Logic Bombs • Like trapdoors, typically in a legitimate program • Code that “explodes” under certain conditions • Often inserted by program authors • Previously used by primarily by disgruntled employees to get revenge – Former TSA employee got two years in prison for planting one in 2009 • Beginning to be a trick for nation state cyber attacks – South Korean banks and media companies hit with major logic bomb in March 2013 Lecture 12 Page 6 CS 236 Online

  7. Extortionware • Attacker breaks in and does something to system – Demands money to undo it • Encrypting vital data is common – Some incidents also encrypted backups • Unlike logic bombs, not timed or triggered Lecture 12 Page 7 CS 236 Online

  8. Worms • Programs that seek to move from system to system – Making use of various vulnerabilities • Other performs other malicious behavior • The Internet worm used to be the most famous example – Blaster, Slammer, Witty are other worms • Can spread very, very rapidly Lecture 12 Page 8 CS 236 Online

  9. The Internet Worm • Created by a graduate student at Cornell in 1988 • Released (perhaps accidentally) on the Internet Nov. 2, 1988 • Spread rapidly throughout the network – 6000 machines infected Lecture 12 Page 9 CS 236 Online

  10. How Did the Internet Worm Work? • The worm attacked vulnerabilities in Unix 4 BSD variants • These vulnerabilities allowed improper execution of remote processes • Which allowed the worm to get a foothold on a system – And then to spread Lecture 12 Page 10 CS 236 Online

  11. The Worm’s Actions • Find an uninfected system and infect that one • Here’s where it ran into trouble: – It re-infected already infected systems – Each infection was a new process – Caused systems to wedge • Did not take intentional malicious actions against infected nodes Lecture 12 Page 11 CS 236 Online

  12. Stopping the Worm • In essence, required rebooting all infected systems – And not bringing them back on the network until the worm was cleared out – Though some sites stayed connected • Also, the flaws it exploited had to be patched • Why didn’t firewalls stop it? – They weren’t invented yet Lecture 12 Page 12 CS 236 Online

  13. Effects of the Worm • Around 6000 machines were infected and required substantial disinfecting activities • Many, many more machines were brought down or pulled off the net – Due to uncertainty about scope and effects of the worm Lecture 12 Page 13 CS 236 Online

  14. What Did the Worm Teach Us? • The existence of some particular vulnerabilities • The costs of interconnection • The dangers of being trusting • Denial of service is easy • Security of hosts is key • Logging is important • We obviously didn’t learn enough Lecture 12 Page 14 CS 236 Online

  15. Code Red • A malicious worm that attacked Windows machines • Basically used vulnerability in Microsoft IIS servers • Became very widely spread and caused a lot of trouble Lecture 12 Page 15 CS 236 Online

  16. How Code Red Worked • Attempted to connect to TCP port 80 (a web server port) on randomly chosen host • If successful, sent HTTP GET request designed to cause a buffer overflow • If successful, defaced all web pages requested from web server Lecture 12 Page 16 CS 236 Online

  17. More Code Red Actions • Periodically, infected hosts tried to find other machines to compromise • Triggered a DDoS attack on a fixed IP address at a particular time • Actions repeated monthly • Possible for Code Red to infect a machine multiple times simultaneously Lecture 12 Page 17 CS 236 Online

  18. Code Red Stupidity • Bad method used to choose another random host – Same random number generator seed to create list of hosts to probe • DDoS attack on a particular fixed IP address – Merely changing the target’s IP address made the attack ineffective Lecture 12 Page 18 CS 236 Online

  19. Code Red II • Used smarter random selection of targets • Didn’t try to reinfect infected machines • Adds a Trojan Horse version of Internet Explorer to machine – Unless other patches in place, will reinfect machine after reboot on login • Also, left a backdoor on some machines • Doesn’t deface web pages or launch DDoS • Didn’t turn on periodically Lecture 12 Page 19 CS 236 Online

  20. Impact of Code Red and Code Red II • Code Red infected over 250,000 machines • In combination, estimated infections of over 750,000 machines • Code Red II is essentially dead – Except for periodic reintroductions of it • But Code Red is still out there Lecture 12 Page 20 CS 236 Online

  21. Stuxnet • Scary worm that popped up in 2010 • Targeted at SCADA systems – Particularly, Iranian nuclear enrichment facilities • Altered industrial processes • Very specifically targeted Lecture 12 Page 21 CS 236 Online

  22. Where Did Stuxnet Come From? • Stuxnet was very sophisticated – Speculated to be from unfriendly nation state(s) – New York Times claims White House officials confirmed it (no official confirmation, though) • Research suggests SCADA attacks do not need much sophistication, though – Non-expert NSS Labs researcher easily broke into Siemans systems • Duqu worm might be Stuxnet descendent – Appears to be stealing certificates Lecture 12 Page 22 CS 236 Online

  23. Worm, Virus, or Trojan Horse? • Terms often used interchangeably • Trojan horse formally refers to a seemingly good program that contains evil code – Only run when user executes it – Effect isn’t necessarily infection • Viruses seek to infect other programs • Worms seek to move from machine to machine • Don’t obsess about classifications Lecture 12 Page 23 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for Networks and Trap doors System Software Logic bombs May 12, 2002 Worms Examples Lecture 11 Lecture 11 Page 1 Page 2 CS 239,

234 views • 12 slides
Outline Introduction Malicious Code Viruses CS 239 Trojan horses Computer

Outline Introduction Malicious Code Viruses CS 239 Trojan horses Computer

Outline Introduction Malicious Code Viruses CS 239 Trojan horses Computer Security Trap doors March 15, 2004 Logic bombs Worms Examples Lecture 16 Lecture 16 Page 1 Page 2 CS 239, Winter 2004 CS 239,

408 views • 12 slides
Outline Introduction Malicious Code Viruses CS 236 Trojan horses Computer

Outline Introduction Malicious Code Viruses CS 236 Trojan horses Computer

Outline Introduction Malicious Code Viruses CS 236 Trojan horses Computer Security Trap doors March 14, 2007 Logic bombs Worms Examples Lecture 15 Lecture 15 Page 1 Page 2 CS 236, Winter 2007 CS 236,

341 views • 12 slides
Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1

Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1

Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1 Introduction Malicious Logic: a set of instructions that cause violation of security policy Idea taken from Troy: to breach an impenetrable

1.3k views • 109 slides
Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the

Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the

Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the Trojans for ten years. The Torjan horse So they build the Trojan horse the Greeks Gene The Trojan horse After they built it they put a

392 views • 5 slides
Tools Google, et. al. Also, Ive tended to focus on Windows-based tools (with some mention

Tools Google, et. al. Also, Ive tended to focus on Windows-based tools (with some mention

Tools Here is a list of potentially useful tools and utilities with Computer Security which to fight the onslaught of viruses, worms, Trojan horses, and other malware. Dont consider it in any way a complete list! There are lots of

1.16k views • 9 slides
Horses were used there for cultivation and transport in the Rikers ownership era & later by

Horses were used there for cultivation and transport in the Rikers ownership era & later by

Horses were used there for cultivation and transport in the Rikers ownership era & later by Correction at its inmate farm. The isle was a Civil War Union camp. Then too horses provided pull-power and transport. Above : Mounted officer at

299 views • 13 slides
Carnitol A specific formulation for horses Carnitol, a special formulation for horses A unique

Carnitol A specific formulation for horses Carnitol, a special formulation for horses A unique

Carnitol A specific formulation for horses Carnitol, a special formulation for horses A unique combination Carnitol is a unique combination of ingredients selected to stimulate energy metabolism and to optimize overall performances of

571 views • 23 slides
Is hair cortisol related to different lifestyles in horses ( Equus caballus )? MATHILDE SAUVEROCHE

Is hair cortisol related to different lifestyles in horses ( Equus caballus )? MATHILDE SAUVEROCHE

Is hair cortisol related to different lifestyles in horses ( Equus caballus )? MATHILDE SAUVEROCHE SUPERVISED BY LINA ROTH Introduction Horse Behaviour Domestication: 6000 years ago Natural behaviours in horses: Social: Group

195 views • 16 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

543 views • 37 slides
Security Overview Different aspects of security User authentication Protection mechanisms

Security Overview Different aspects of security User authentication Protection mechanisms

CS399 New Beginnings Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses, worms, mobile

825 views • 59 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Supporting your success Livestock ownership - horses The ownership and identification

Supporting your success Livestock ownership - horses The ownership and identification

Supporting your success Livestock ownership - horses The ownership and identification requirements of horse owners in Western Australia Supporting your success Livestock ownership - horses Biosecurity and Agriculture Management

429 views • 19 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses,

1.2k views • 59 slides
ECS 289M Lecture 24 May 26, 2006 Computer Virus Program that inserts itself into one or more

ECS 289M Lecture 24 May 26, 2006 Computer Virus Program that inserts itself into one or more

ECS 289M Lecture 24 May 26, 2006 Computer Virus Program that inserts itself into one or more files and performs some action Insertion phase is inserting itself into file Execution phase is performing some (possibly null) action

586 views • 22 slides
Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption Silberschatz and Galvin 1999 Operating System Concepts 20.1 The Security Problem Security must

155 views • 11 slides
So you think you want to simulate a network? Mark Handley Professor of Network Systems UCL Why

So you think you want to simulate a network? Mark Handley Professor of Network Systems UCL Why

So you think you want to simulate a network? Mark Handley Professor of Network Systems UCL Why do you want to do network simulation? Understand a problem. Demonstrate your ideas work. Demonstrate your ideas are better than the

838 views • 48 slides
What is an Internetwork? Multiple incompatible LANs can be physically connected by specialized

What is an Internetwork? Multiple incompatible LANs can be physically connected by specialized

CS 640: Introduction to Computer Networks Aditya Akella Lecture 7 - IP: Addressing and Forwarding What is an Internetwork? Multiple incompatible LANs can be physically connected by specialized computers called routers The connected

541 views • 13 slides
Code-Red: a case study on the spread and victims of an Internet worm David Moore, Colleen

Code-Red: a case study on the spread and victims of an Internet worm David Moore, Colleen

Code-Red: a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeff Brown November, 2002 IMW {dmoore, cshannon} @ caida.org www.caida.org Outline What is the Code-Red worm? Detection Host

495 views • 35 slides
CSSE132 Introduc0on to Computer Systems 18 : Alignment,

CSSE132 Introduc0on to Computer Systems 18 : Alignment,

Adapted from Carnegie Mellon 15-213 CSSE132 Introduc0on to Computer Systems 18 : Alignment, Pointers, Bounds April 9, 2013 1 Today Structures Alignment

605 views • 43 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
by Bisyron Wahyudi Muhammad Salahuddien Amount of malicious traffic circulating on the

by Bisyron Wahyudi Muhammad Salahuddien Amount of malicious traffic circulating on the

by Bisyron Wahyudi Muhammad Salahuddien Amount of malicious traffic circulating on the Internet is increasing significantly. Increasing complexity and rapid change in hosts and networks technology suggests that there will be new

1.05k views • 46 slides

More recommend