Scribd
Upload
7 views23 pages

Chapter 5 Virus and Malicious Code

Chapter 5 discusses malicious code, also known as malware, which can attach itself to legitimate programs and perform harmful actions. It outlines various types of malware, including viruses, Trojan horses, worms, and more, along with their characteristics and symptoms of infection. The chapter also emphasizes the importance of prevention and detection strategies against malware, including the challenges posed by zero-day attacks and hybrid malware.

Uploaded by

Menaga Segar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
7 views23 pages

Chapter 5 Virus and Malicious Code

Chapter 5 discusses malicious code, also known as malware, which can attach itself to legitimate programs and perform harmful actions. It outlines various types of malware, including viruses, Trojan horses, worms, and more, along with their characteristics and symptoms of infection. The chapter also emphasizes the importance of prevention and detection strategies against malware, including the challenges posed by zero-day attacks and hybrid malware.

Uploaded by

Menaga Segar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 23

Chapter 5

Virus and Malicious Code


Malicious Code
► Malicious code can be a program or part of a
program; a program part can even attach
itself to another (good) program so that
malicious effect occurs whenever the good
program runs.
► Malicious code can do anything other program
can such as writing a message on a computer
screen, stopping a running program,
generating a sound or erasing a stored file –
malicious code can even do nothing at all.
Malicious Code
Computer program created by malware
writers as a tool to launch active or
passive attacks to computers, data
networks or any digital devices.

The term ‘malware’ was first came into


existence in year 1990 to replace the
term virus as the umbrella term that
describes all forms of unwanted code
(Heiser, 2004)
Malicious Code
► Malicious Code = Malcode
► Malicious Software = Malware
► Malcode = Malware
Malicious Code
► Java Applets
► ActiveX Controls
► Scripting languages
► Browser plug-ins
► Pushed content
Malicious Code Symptoms
► Increased CPU usage
► Slow computer or web browser speeds
► Problems connecting to networks
► Freezing or crashing
► Modified or deleted files
► Appearance of strange files, programs, or desktop icons
► Programs running, turning off, or reconfiguring themselves
(malware will often reconfigure or turn off antivirus and
firewall programs)
► Strange computer behavior
► Emails/messages being sent automatically and without user’s
knowledge (a friend receives a strange email from you that
you did not send
© 2017 VERACODE
Malicious Code
Types of Malware

► Virus – attach itself to program and propagates


copies of itself to other programs.
► Trojan Horse – contain unexpected, additional
functionality.
► Logic bomb – triggers action when condition occur.
► Time bomb - triggers action when specific time
occur.
► Trapdoor – allows unauthorized access to
functionality.
► Worm – propagates copies of itself through network.
► Rabbit – as a virus or worm replicates itself without
limit to exhaust resources.
Malicious Code
► What are the
other types
of malware?
Virus
►A virus
 A program that pass on malicious code to other
non malicious (program) by modifying them.
 Similar to biological virus, it infects healthy
subjects
 Infects a program by attaching the program
►Destroy the program or coexist with it.
►A good program, once infected becomes a
carrier and infects other program.
►Either transient or resident (stand alone).
How Viruses Attach?
(1) Appended Virus

Virus code
Original + Virus code =
Program Original
Program
Trojan Horse

► Trojan Horse
 A malicious code, in addition to primary
effect, it has a malicious effect.
 Example 1: a login scripts that solicits a
user’s identification and password, passes
the info to the system for logging
processing and keeps a copy for malicious
purpose.
 Example 2: a cat command that displays
text and sends a copy of the text to
somewhere else.
Trapdoor

► Trapdoor/ backdoor
 A feature in a program by which someone
can access the program using special
privilege.
 e.g. ATM provides 990099 to execute
something
Worm

► Worm
 Spread copies of itself through a network.
 Worm through network and virus through
other medium.
 Spread itself as a stand-alone program.
The Differences
Malware Types Description Characteristics
Virus Self-replicating programs that attaches Self-replicating: Yes
itself to other programs and usually Growth: Yes
requires human interaction to propagate Parasitic: Yes
Worm Self-replicating program that spreads via Self-replicating: Yes
Internet or computer networks Growth: Yes
Parasitic: No
Trojan Horse Benign program contains malicious Self-replicating: No
element hidden inside Growth: No
Parasitic: Yes
Spyware/ Program which collects information from Self-replicating: No
Adware a host and transmits it to someone else Growth: No
Parasitic: No
Rootkit Program which designed to take control Self-replicating: No
of the infected host by the gaining Growth: No
administrator role in the operating Parasitic: No
system.
Zombies/Botnet Compromised host used by attackers to Self-replicating: No
usually sending spam and participating in Growth: No
coordinated, large-scale denial-of-service Parasitic: Yes
attacks
Preventing Malware

► Use only commercial software acquired from


reliable, well established vendors.
► Test all new software on an isolated
computers.
► Make a bootable diskettes and store it safely -
write protect before booting
► Make and retain backup copies of executable
system files.
► Use virus detectors regularly.
► Don’t trust any source from outside until its
been test first.
Malware Detection
Challenge in Malware
DETECTION
► Zero-day Attacks
► Avoidance Techniques
► Hybrid Malware
Zero-day attack
► Zero-day attacks are previously unseen
malware
► Launched by attackers as a first time assault
of an unknown malware or a new existing
malware (Ye et al., 2009).
► Propagate fast and cause damage to the
computers or network systems before the
new identifying fingerprints are forwarded to
end-users.
► The signature-based malware detection is
unable to detect zero-day attacks.
Avoidance technique

Avoidance Technique

Code Obfuscation Packing Anti-Debugging Anti-Virtualization

Polymorphic Metamorphic
Hybrid Malware
► Program which has characteristics
belonging to several different types of
malware
► Malware writers also apply hybrid
techniques to blend threats

You might also like