Beruflich Dokumente
Kultur Dokumente
Software failure
Unexpected behavior
• A departure from the systems required behavior.
• Error in operation
• Loss of data
malicious programs
◦ Software designed to does something that user did
not intend to do
Some languages
◦ buffer sizes do not have to be predefined
Attacker can replace instructions in OS code
area or Data area
◦ Masquerade as OS - get higher priority
replace code in system space
◦ Use stack pointer- sub procedure
◦ Replace return register
◦ Code Injection
Attacker access a resource because code does
not properly validate
Data type error
Data range error
Default condition
Anticipate potential problems
Client side validation
Only valid choices
◦ Agent
Trigger on
◦ Date or time -
◦ Event –program execution, program end , file
access
◦ Condition – particular user activity
◦ Count –
Installing downloads
◦ Setup take over the control
◦ Update files
◦ Delete files
◦ change registry
Independents
◦ self contained programs that can be scheduled and
run by the OS
Needs host :
◦ Programs that cannot exist independently of some
program
Virus
◦ Replicate itself
◦ Pass malicious code to other programs
◦ Modify files
◦ ham the data and operations
◦ Two types
Transient : life depends on the life of it’s host: the
virus runs when the host does
Resident : virus locates itself in memory
Trojan Hose
◦ Software attach itself to a harmless file
◦ Software that appears to perform a desirable
function
◦ Also perform functions unexpected by user
Logic bomb
◦ wait till triggered by a specific event
Time Bomb
◦ Wait till the date or time to trigger
Backdoor/Trapdoor
◦ Feature in a program which someone can access
◦ Perhaps with special privileges
Warms
◦ Computer program that copy itself through a
network
◦ Send copies of itself to other nodes
◦ No need to attach itself to an existing program
◦ Consuming bandwidth
Rabbit
◦ Virus or trogon which self replace without bounds
◦ Consume resources