Data & Network Security

Mubashir Zainoor
Module: 3
 Malicious Software
Malicious Software:
• The most sophisticated types of threats of
computer system are presented by a program
that exploit vulnerabilities in computer
system. Divided in to two categories: Those
that need a host program Those that are
independent.

3
 Malicious Software
What is Malicious Software?
• The words “Malicious Software” coin the word
“Malware” and the meaning remains the same.
Malicious Software refers to any malicious
program that causes harm to a computer system
or network.
• Their mission is often targeted at accomplishing
unlawful tasks such as robbing protected data,
deleting confidential documents or add software
without the user consent.
4
• Malicious Malware Software attacks a
computer or network in the form of viruses,
worms, trojans, spyware, adware or rootkits.

5
 Types of Malicious Software
• Multiple – Threat malware
• Can be classified into two broad categories: A Multipartite virus
infect multiways, capable of infecting multiple types of files A
blended attack uses multiple methods of infection or transmission,
to maximize the speed of contagion and the severity of the attach
• Nimda uses four distribution blended attack methods:
• Email: A user on vulnerable host opens an infected email
attachment
• Windows shares: Nimda scans hosts for unsecured windows file
shares
• Web Server: Nimda scans Webservers, looking for known
vulnerabilities in microsoft IIS
• Web Clients: If a vulnerable web clients visits a web server that has
been infected by Nimda

6
 Computer Virus
Viruses
• A computer virus is a piece of software that
can “infect” other programs by modify them
• The modification includes injecting the
original code with a routine to make copies of
the virus code, which can then go on to infect
other content

7
 Computer Virus
VIRUS HAS THREE PARTS
• A computer virus and many contemporary types of
malware includes one or more variants of each of these
components: Infection mechanism The means by which a
virus spreads or propagates, enabling it to replicate Also
referred to as the infection vector Trigger The event or
condition that determines when the payload is activated
or delivered Sometimes known as a logic bomb Payload
What the virus does, besides spreading May involve
damage or benign but noticeable activity.

8
 Virus phases
Virus phases
• During its lifetime, a typical virus goes through the following four
phases: Dormant phase Propagation phase Triggering phase
Execution phase
• The virus is idle
• Will eventually be activated by some event
• Not all viruses have this stage
• The virus places a copy of itself onto other programs or into certain
system areas on the disk
• The virus is activated to perform the function for which it was
intended
• Can be caused by a variety of system events
• The function is performed

9
 Virus Classification by Target
Virus Classification by target
• Includes the following categories: Boot sector
infector Infects a master boot record or boot record
and spreads when a system is booted from the disk
containing the virus File infector Infects files that
the operating system or shell consider to be
executable Macro virus Infects files with macro or
scripting code that is interpreted by an application
Multipartite virus Infects files in multiple ways

10
 Virus Classification by Target
Macro VIRUS
• Macro viruses infect scripting code used to support
active content in a variety of user document types
• Threatening for a number of reasons:
• A macro virus is platform independent
• Macro viruses infect documents, not executable
portions of code
• Macro viruses are easily spread,
• Because macro viruses infect user documents rather
than system programs, traditional file system access
controls are of limited use in preventing their spread

11
 Virus Classification by Target
E-Mail viruses
• A more recent development in malicious software
• First spreading email viruses is Melissa, made use of a
Microsoft word macro embedded in an attachment.
• If the recipient opens the email attachment, the word
macro is activated then
• The email virus sends itself to everyone on the mailing
list
• The virus does local damage on the users system

12
 Virus countermeasures
Virus countermeasures
• Antivirus Approaches: The idea solution to the
threat of viruses is prevention.
• Detection : Once the infection has occurred
• Identification : Once detection has been
achieved
• Removal: Once the specific virus has been
identified
13
 Worms
Worms
• A Worm is a program that can replicate itself and send
copies from computer to computer across network
connections.
• Upon activation, the worm may replicate and
propagate again
• To replicate itself, a worm uses some means to access
remote systems:
• Electronic mail or instant messenger facility
• Remote execution capability
• Remote login capability

14
 Worm
• Worm Technology Multiplatform Multi-exploit Ultrafast spreading
• Newer worms can attack a variety of platforms
• New worms penetrate systems in a variety of ways, using exploits against Web
servers, browsers, e -mail, file sharing, and other network-based applications, or
via shared media
• Exploit various techniques to optimize the rate of spread of a worm to maximize its
likelihood of locating as many vulnerable machines as possible in a short time
period Polymorphic Metamorphic Transport vehicles
• To evade detection, skip past filters, and foil real-time analysis, each copy of the
worm has new code generated on the fly using functionally equivalent instructions
and encryption techniques
• In addition to changing their appearance, metamorphic worms have a repertoire
of behavior patterns that are unleashed at different stages of propagation
• Because worms can rapidly compromise a large number of systems, they are ideal
for spreading a wide variety of malicious payloads Zero-day exploit
• To achieve maximum surprise and distribution, a worm should exploit an unknown
vulnerability that is only discovered by the general network community when the
worm is launched

15
 Worm
Mobile phone warms
• Worms communicate through bluetooth wireless
connections or via the multimedia messaging
service(MMS).
• The target is the smartphone, which is a mobile phone
that permits users to install software applications from
sources other than the cellular network operator.
• Mobile phone malware can completely disable the
phone, delete data on the phone, or force the device to
send costly messages to premium priced numbers.
• An example of a mobile phone worm is Comm.
Warrior, which is launched in 2005

16
 Types of Malicious Software
Computer Virus
• A computer virus is a malicious software which
self-replicates and attaches itself to other
files/programs. It is capable of executing secretly
when the host program/file is activated.
• The different types of Computer virus are
Memory-Resident Virus, Program File Virus, Boot
Sector Virus, Stealth Virus, Macro Virus, and
Email Virus.
17
Different Types of Malicious Software
Worms
• A worm is a malicious software which similar
to that of a computer virus is a self-replicating
program, however, in the case of worms, it
automatically executes itself. Worms spread
over a network and are capable of launching a
cumbersome and destructive attack within a
short period.

18
Different Types of Malicious Software
Trojan Horses
• Unlike a computer virus or a worm – the
trojan horse is a non-replicating program that
appears legitimate. After gaining the trust, it
secretly performs malicious and illicit activities
when executed. Hackers make use of trojan
horses to steal a user’s password information,
destroy data or programs on the hard disk. It
is hard to detect!

19
Different Types of Malicious Software
Spyware/Adware
• Spyware secretly records information about a user and
forwards it to third parties. The information gathered
may cover files accessed on the computer, a user’s
online activities or even user’s keystrokes.
• Adware as the name interprets displays advertising
banners while a program is running. Adware can also
work like spyware, it is deployed to gather confidential
information. Basically, to spy on and gather information
from a victim’s computer.

20
Different Types of Malicious Software
Rootkit
• A rootkit is a malicious software that alters the
regular functionality of an OS on a computer
in a stealthy manner. The altering helps the
hacker to take full control of the system and
the hacker acts as the system administrator on
the victim’s system. Almost all the rootkits are
designed to hide their existence.

21