Beruflich Dokumente
Kultur Dokumente
Chapter 2
1
Topics
1. Viruses
2. Worms
3. Trojan Horses
4. Logic bombs
5. Spy-wares
6. Other threats
• Password Crack
• Attempting to reverse-calculate a password is
often called cracking.
• A cracking attack is a component of many
dictionary attacks
• It is used when a copy of password, obtained,
and compared If they are the same, the
password has been cracked
• It can be brute force and dictionary attack
Software Attacks …
• Power Faults
– Sudden power failure, voltage spikes and brownout and
frequency shifts causes damages to system
• System Life
– System gets worn-out over a period of time
• Equipment Incompatibilities
– These occur due to improperly installed devices
• Problems with Magnets
Magnetic fields due to floppy disk, monitors and telephone
can damage stored data
Counter measures
• There are many programs that can help you keep
viruses and other wildlife away from your system
and can wipe out the critters if they gain access
(virus protection programs)
• These products, and the system administration
procedures that go along with them, have two
overlapping goals:
• they don't let you run a program that's infected,
and they keep infected programs from damaging
your system.
Firewalls
• A firewall protects your computer by
examining each information packet that
travels over the network.
• Clues to a packet's purpose can be read from
its destination address.
• Firewalls contain a list of allowed and
disallowed destinations and functions.
• Also keep track of outgoing packets, and open
up only if a packet is expected and returning.
Antivirus
• Virus protection software uses two main
techniques:
• The first uses signatures, which are snapshots
of the code patterns of the virus.
• The antivirus program lurks in the background
watching files come and go until it detects a
pattern that aligns with one of its stored
signatures,
• then it sounds the alarm and maybe isolates
or quarantines the code.
Antivirus…
• Alternatively, the virus protection program can
go looking for trouble.
• It can periodically scan the various disks and
memories of the computer, detecting and
reporting suspicious code segments, and
placing them in quarantine.
Antivirus…
• One problem with signature-based virus
protection programs is that they require a
constant flow of new signatures in response
to evolving attacks.
• Their publishers stay alert for new viruses,
determine the signatures, and then make
them available as updated virus definition
tables to their users.
Antivirus…
• Another problem is called the Zero Day problem.
Basically, this occurs when a user trips over a new virus
before the publisher discovers it and can issue an
updated signature.
• A third problem is that, just as with biological
pathogens, viruses can mutate. Sometimes this happens
accidentally; other times, it happens because a clever
programmer uses file compression software to change
the signature of the virus to elude signature detection.
• This means it can change its own form by introducing
extra statements or adding random numbers, to elude
signature detection.
Antivirus…
• To counter these, virus protection publishers are
adding what is called heuristic detection features to
their wares.
• A heuristic is a rule or behavior. If a virus exhibits that
behavior, the antivirus software tries to stop it in the
act.
– For instance, a code s that suddenly accesses a critical
operating system area or file, or unexplained changes in
file size, particularly in system files, sudden decreases in
available hard disk space, or changes in file time or date
stamps.
A MALWARE TAXONOMY
• Denial of service attack (DoS) - Attack that produces so
many requests of system resources in the computer under
attack—such as calls to the operating system, or opening
dialogs with other machines and then hanging onto the line
to tie it up—that normal functions on the targeted
computer are overwhelmed and cease.
• Distributed DoS attack (DDoS) - DoS attack launched from
many different computers, usually zombies hijacked for this
purpose.
• Rootkit - Malware, usually a small suite of programs, that
install a new account or steal an existing one, and then
elevate the security level of that account to the highest
degree (root for Unix, Administrator for Windows) so that
attackers can do their will without
Prepared by: Dr. Oliver obstruction. 53
• Sniffer - An attack, usually a Trojan horse, that
monitors computer transactions or keystrokes. A
keystroke logger, for instance, detects sensitive
information by monitoring the user’s keystrokes.
• Trojan horse - Malware named for its method of
getting past computer defenses by pretending to
be something useful.
• Zombie - A corrupted computer that is waiting
for instructions and commands from its master,
the attacker.