Discuss Malicious Software?

These days computer viruses have got a lot of publicity

  1. one of a family of malicious software
  2. effects usually obvious
  3. have figured in news reports, fiction, movies
  4. getting more attention than deserve

Untitled
Fig.:- Malicious Software

Trapdoors: It’s a secret entry point into a program

  1. allows those who know access bypassing usual security procedures
  2. have been commonly used by developers
  3. a threat when left in production programs allowing exploited by attackers
  4. very hard to block in O/S
  5. requires good s/w development & update

Logic Bomb: It is one of oldest types of malicious software

  1. code embedded in legal program
  2. activated when specified conditions met
    • eg presence/absence of some file
    • particular date/time
    • particular user
  3. when triggered typically damage system
    • modify/delete files/disks

Trojen Horse: It is a program with hidden side-effects

  1. which is usually attractive
    • eg game, s/w upgrade etc
  2. when run performs some additional tasks
    • allows attacker to indirectly gain access they do not have directly
  3. often used to propagate a virus/worm or install a backdoor
  4. or simply to destroy data

Zombie: It is a program which secretly takes over another networked computer

  1. then uses it to indirectly launch attacks
  2. often used to launch distributed denial of service (DDoS) attacks
  3. develops known faults in network systems

Viruses:

  1. a piece of self-replicating code attached to some other code
    • cf biological virus
  2. both propagates itself & carries a load
    • carries code to make copies of itself
    • as well as code to perform some covert task

Worms: replicating but not infecting program

  1. typically spreads over a network
    • cf Morris Internet Worm in 1988
  2. using users distributed privileges or by exploiting system vulnerabilities
  3. widely used by hackers to create zombie PC’s, subsequently used for further attacks, esp DoS
  4. major issue is lack of security of permanently connected systems, esp PC’s

Leave a Reply

Your email address will not be published. Required fields are marked *