Beruflich Dokumente
Kultur Dokumente
Malicious Code
Malicious Code
Virus
Trojan Horse
Trojan Horse
A virus
A program that pass on malicious code to other non malicious
(program) by modifying them.
Similar to biological virus, it infects healthy subjects
Infects a program by attaching the program
So..
What is a malicious code?
How can it take control of a system?
How can it lodge in a system?
How does malicious code spread?
How can it be recognized?
How can it be stopped?
Malicious Code
Trapdoor
Worm
Original
Program
Virus code
Original
Program
Worm
Trapdoor/ backdoor
10
Original
Program
Original
program
Virus code
(part b)
This kind of virus that runs the original program but has control
before and after its execution.
11
Original
Program
Virus
Code
Modified
program
Virus code
Virus code
(Part a)
12
14
Overwriting
15
V
T
B)
Changing Pointer
The virus change the pointers in the file table so that V is located16
instead of T whenever T is accessed through the file system.
After
A)
Before
13
Disk storage
17
File Directory
TIJ 6023 - Network Security
18
Boot Sector
Other sectors
System
initialize
TIJ 6023 - Network Security
Bootstrap
loader
Before Infection
Other sectors
Boot Sector
Virus code
System
initialize
Bootstrap
loader
A virus can:
19
20
After Infection
Memory-Resident Viruses
21
Virus Signature
The attached virus piece is invariant, so that the start of the virus code
becomes a detectable signature.
Small portion but JUMP to virus module
23
spread infection
avoid detection
cause harm -
Do nothing
Play music
Prevent booting
22
Virus Signature
24
Virus Signature
(4) Polymorphic Viruses
25
Virus Signature
26
Preventing Virus
27