Download Slide 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
Document related concepts

Virus wikipedia , lookup

Negative-sense single-stranded RNA virus wikipedia , lookup

Social history of viruses wikipedia , lookup

Virus quantification wikipedia , lookup

Oncolytic virus wikipedia , lookup

DNA virus wikipedia , lookup

Introduction to viruses wikipedia , lookup

Plant virus wikipedia , lookup

History of virology wikipedia , lookup

Virology wikipedia , lookup

Transcript 
Outcomes
• Why are computer networks vulnerable?
• Methods used by hacker to gain unauthorised
access
• Viruses
–
–
–
–
–
Different type of viruses
How do viruses infect computers
Methods used by anti-virus software
Symptoms of virus infection
Steps to take to protect your computer from viruses
Brief History of Computer
Security
With the explosive growth of the
Internet, there has been a rise in
importance of computer security
Why are networked systems
vulnerable.
• Internet is 37 years old
• Was designed without security provisions
• Communication protocols (TCP/IP) were designed when the
security was not an issue.
• Security features had to be layered at the top of the design
• Old operating systems were design for a single user
• No security was need
• Explosive growth of desktops started in ’80s
• Also no emphasis on security
• Explosive growth started in mid-’90s
• Security not a priority until much later
Computer security was ignored
• Interest in computer security very old
• But largely confined to the military
• Other communities did not care
• Internet - it’s only a research network, who would
attack it?
• Desktops - who needs military security, I just want
to run my spreadsheet!
Important event
• Morris worm - 1988
• Brought down a large fraction of the Internet
• Academic interest in network security
• E-commerce - mid ‘90s
• Industrial interest in network security protocols
• Resurgence of worms - early ‘00s
• Made computer security a household term
Modern operating systems
• Improved security in modern operating
systems
– Challenge for hackers
– Hackers did not give up
– more sophisticated virus were born.
– Security is still a major issue in networked
systems
Unauthorised logins and password
stealing
•
Intruders use various ways to access someone’s account
– Brute force:
• Program making successive login attempts
– Domain knowledge:
• Users tend to use passwords easy to remember
– Partner’s name, …
– Mock login:
• If a hacker has physical access, they might install a program simulate the screen image
of the login prompt and store userid/password.
– Human factors:
• Call the computer help desk claiming you forgot your password.
• Reformed hackers, the best way to get information is to ask for it.
– Spyware:
• malicious code that gains access to a computer via a Trojan Horse
• can monitor the user’s keystrokes and report passwords, credit card numbers
• etc to the hacker via a TCP/IP connection
Viruses
Virus Growth
60000
50000
40000
30000
20000
10000
0
1988
•
•
•
•
1988:
1990:
1993:
1999:
1990
Less than 10 known viruses
New virus found every day
10-30 new viruses per week
45,000 viruses and variants
1993
1999
A Couple of Definitions:
• A computer virus is a computer program
that can copy itself and infect a computer
without permission or knowledge of the
user.
• “a program that replicates by “infecting”
other programs, so that they contain a
copy of the virus”
How
• Viral code is attached or “inserted” into the order
of execution so that when the legitimate code is
run the viral code is also run or run instead of
the legitimate code.
• May be “tacked” on to the end of an executable
file or inserted into unused program space.
• Cavity viruses:
– Overwrite part of a legitimate program
– Hard to detect as file size is not modified
• Overwrite boot records:
– Viruses starts executing when the computer starts up
The Normal Virus works like this:
• User call for a legitimate program
• The virus code, having inserted itself in the
order of execution, executes instead or in
addition to the legitimate program.
• The virus code terminates and returns
control to the legitimate program
How they work:
Basic structure:
{
look for one or more infectable objects
if (none found)
exit
else
infect object
}
Doesn’t remain in memory, but executes all of the viral code at once
then returns control to the infected program
Worms
A computer WORM:
• is a self-contained program (or set of programs),
that is able to spread functional copies of itself or its
segments to other computer systems via network
connections.
• worms do not need to attach themselves to a host
program.
• 2 types of worms
•host computer worms
•network worms.
NETWORK- Computer Worms
• Network worms consist of multiple parts, called
segments.
•The segments run on different machines on the network
•and may even perform different actions
• Moving
a segment from one machine to another is only one of
their purposes.
HOST- Computer Worms
Host computer worms:
• are entirely contained in the computer
they run on.
• use network connections only to copy
themselves to other computers.
•the original terminates after it launches a
copy on to another host.
• Only one copy of the worm running
somewhere on the network at a time
How Viruses are born
• Unlike biological viruses, computer viruses
do not simply evolve by themselves
– deliberately created by programmers, or by
people who use virus creation software
How Viruses are born
• Viruses are written as
– research projects
– to attack the products of specific companies,
– to distribute political messages,
– and financial gain from identity theft,
• Some virus writers
– consider their creations to be works of art
– See virus writing as a creative hobby
Releasing computer viruses is a crime in most jurisdictions
Viruses can avoid detection
• To avoid detection by users, viruses employ different deception
methods
– They do not make themselves to
• change the date of last modified
• increase file sizes
• damage the files
– They kill the tasks associated with antivirus software before it
can detect them
Logic Bomb:
• Logic Bomb: A logic bomb executes when
specific conditions occur.
• Triggers for logic bombs can include
change in a file, by a particular series of
keystrokes, or at a specific time or date.
Trapdoor
• Trapdoors allow access to a system by
skipping the usual login routine.
• Overall goal of rootkits: install trapdoors
Macro Viruses
• Macro virus:
– Encoded as macro and embedded in a document.
– Many applications allows you to embed a macro in a
document.
– Microsoft Word, Excel, Access
– The macro executes each time the document is open.
– Infect programming environments rather than files
– Once a macro virus gets onto your machine, it
embedded itself in all future documents you create
with the application
– 75% of all viruses today are macro viruses
Why are they so dangerous?
• Can infect multiple types of operating
systems
• People don’t normally think of viruses in
documents
• Easy to learn how to write a macro virus
• Because office programs are usually
integrated, email programs can be used to
further spread the virus
Famous Macro Viruses
• Concept: - Distributed by Microsoft
– Considered to be the first macro virus
– Simply showed the potential for macro viruses
History of some well known
Viruses
• 1999 The Melissa virus:
– is a macro virus,
– It uses Microsoft Word to infect computers
and is passed on to others through Microsoft
Outlook and Outlook Express e-mail
programs
– Overwrites first macro in open documents and
in the normal.dot template
– Turns off macro detection
Viruses (Con’t)
• 2000 The "I Love You Virus"
– wreaks havoc around the world.
– It is transmitted by e-mail and when opened,
is automatically sent to everyone in the user's
address book
– July 2001: The Code Red worm
• infects tens of thousands of systems running Microsoft
Windows NT and Windows 2000 server software.
• causing an estimated $2 billion in damages.
• The worm is programmed to use the power of all infected
machines against the White House Web site at a
predetermined date.
• the White House deciphers the virus's code and blocks
traffic as the worm begins its attack.
–.
Viruses (con’t)
• 2002: Melissa virus author David L. Smith, 33, is
sentenced to 20 months in federal prison
• Jan. 2003: The "Slammer" worm
• infects hundreds of thousands of computers in less
than three hours.
• The fastest-spreading worm ever wreaks havoc on
businesses worldwide, knocking cash machines
offline and delaying airline flights.
Viruses (Con’t)
• 26 January 2004, MyDoom:
– The Mydoom virus is first identified around 8am.
– Computer security companies report that Mydoom is responsible
for approximately one in ten e-mail messages at this time.
– Slows overall internet performance by approximately ten percent
and average web page load times by approximately fifty percent
– 1 February: An estimated one million computers around the
world infected with Mydoom begin the virus's massive distributed
denial of service attack—the largest such attack to date
Virurses (Con’t)
• 2007: A new virus called "Storm Worm." is released.
• This fast-spreading email spammer disguises itself as a
news email and asks you to download film.
• The "Storm Worm" gathers infected computers into a
botnet, which it uses to infect other machines.
• It was first identified on Jan. 17 and within 13 days had
infected 1.7 million computers
• 2009 "Conficker" worm:
• 9 million computers running on Windowsoperating system were
hit.
• The malware spread via the Internet and the main tools that
helped the worm spread were unpatched corporate networks
and USB memory sticks.
• t loads itself on to a computer by exploiting a weakness in
Windows servers.
• Once it has infected a machine, the software also tries to
connect to up to 250 different domains with random names every
day.
Other type of viruses
•
•
•
•
•
Trojan horse
Denial of service (Dos)
Distributed DoS attacks
Remote Administration Trojans (RATs)
Buffer Overflow attack
The Original Trojan Horse
• Trojan horses are
named after Homer’s
Iliad story of Greeks
gifting a huge wooden
horse to Troy that
housed soldiers who
emerged in the night
and attacked the city.
Trojan Horses
• Trojan horses are programs that appear to
have one function but actually perform
another function.
• Modern-day Trojan horses resemble a
program that the user wishes to run - a game,
a spreadsheet, or an editor. While the
program appears to be doing what the user
wants, it is also doing something else
unrelated to its advertised purpose, and
without the user's knowledge.
Denial-of-Service (DoS) Attacks
• DoS attack
– Prevent a system from servicing legitimate requests
– In many DoS attacks, unauthorized traffic saturates a network’s
resources, restricting access for legitimate users
– Typically, attack is performed by flooding servers with data packets
– Usually require a network of computers to work simultaneously,
although some skillful attacks can be achieved with a single machine
– Can cause networked computers to crash or disconnect, disrupting
service on a Web site or even disabling critical systems such as
telecommunications or flight-control centers
Distributed DoS attacks
• Programs of this type
– Spread to as many hosts as possible
– Wait for predefined commands or fixed date
and time to lunch denials of Service
Remote Administration Trojans
(RATs)
• Once installed on PC.
– Give hackers complete control
• They can record keystrokes, web access,
copy/delete files
• RATs consists of client and server:
– The server somehow installed on the victim’s computer
– Attempt to contact the hacker’s system (client)
Software Exploitation
• Buffer overflow attacks
– Occurs when an application sends more data to a buffer than it
can hold
– Can push the additional data into adjacent buffers, corrupting or
overwriting existing data
– A well-designed buffer overflow attack can replace executable
code in an application’s stack to alter its behavior
– May contain malicious code that will then be able to execute with
the same access rights as the application it attacked
– Depending on the user and application, the attacker may gain
access to the entire system
Buffer Overflow Injection
• buffer overflow, or buffer overrun,
• is an anomaly where a program, while writing data to a buffer,
overruns the buffer's boundary and overwrites adjacent memory.
• can be triggered by inputs that are designed to execute code, or
alter the way the program operates
• Steps
– Inject attack code into buffer
– Redirect control flow to attack code
– Execute attack code
Types of Propagation
• Parasitic
– Propagates by being a parasite on other files.
– Attaching itself in some manner that still leaves the
original file usable.
– .com and .exe files of MS-DOS
– Macro virus
• Boot sector infectors
– Copy themselves to the bootable portion of the hard
(or floppy) disk.
– The virus gains control when the system is booted.
How Antivirus software works?
• Detect using a list of virus signature definitions
– comparing the files stored on fixed or removable
drives (hard drives, floppy drives), against a database
of known virus "signatures".
How Antivirus software works?
• Heuristic detection:
– Use a heuristic algorithm to find viruses based on
common behaviors
– Looks for code which is similar to known viruses
– Or monitor suspicious activities
• Attemting to write to system files or boot records.
How Antivirus software works?
• File size changes:
– Are monitored
– Difficult to detect cavity viruses as the file size
will not necessarily change.
How Antivirus software works?
• Some anti-virus programs gives you a
real time protection
– Examin files as they are being opened,
downloaded,
transmitted etc
copied,
accessed,
and
How Antivirus software works?
• They need regular updates
– in order to gain knowledge about the
latest threats
Damage prevention & data recovering
How to prevent damages caused by viruses?
• Take regular backups (including OS) on different
media, unconnected to the system (most of the
time)
Keep your computer Virus free
• Install reliable anti-virus software
– the most important step you can take towards keeping
your computer clean of viruses
• Update your anti-virus software regularly
– variations of viruses and new ones can be slipped if your
software is not current
Keep your computer Virus free
• Get immediate protection
– Configure your anti-virus software to boot automatically on
start-up and run at all times
Keep your computer Virus free
• Don't automatically open attachments
– ensure that you examine and scan email and other
attachments before they run as they might contain viruses
– Activate macro virus protection in your word processor
– Check security setting in your web browser.
• Scan all incoming email attachments
– Do not open any email attached files if the subject line is
questionable, unexpected or the source (address) is
Keep your computer Virus free
• Delete chain emails and junk email
– Do not forward or reply to any of them, they clogs up the
network
– Some viruses can replicate themselves and spread
through email as a chain
Symptoms of virus infections
•
•
•
•
•
•
•
•
Delay in start up, loading files and programs
Increase in program size files
Shortage of disk space or memory
New file names or file dates/times
Files deleted unexpectedly
Computer crashes
Message or images appearing on the screen
Ms-word macro protection warns that a file
contains macros.
• Anti-virus software reports a virus
Summary
• Computer network are vulnerable
• Methods used by hacker to gain unauthorised
access
• Viruses
–
–
–
–
–
Different type of viruses
How do viruses infect computers
Methods used by anti-virus software
Symptoms of virus infection
Steps to take to protect your computer from viruses
Resources
• Symantec Anti-virus centre
– http://www.symantec.com/avcentre
• Centre for computing and social Responsibility (CCSR)
– http://www.ccsr.cse.dmu.ac.uk
• CERT: Centre at Carnegie-Mellon University USA
– http://www.cert.org
• Risks forum: online discussion about security issues
– http://catless.ncl.ac.uk/Risks
• CIAC: site hosted by US Dept of Energy
– Dealing with hoax virus alerts
– http://hoaxbusters.ciac.org
• Microsoft:
– http://www.microsoft.com/technet
Thank you
And
Good luck
Related documents
Viruses - StantonAPBiology
Viruses - StantonAPBiology
Deardorff COBRE seminar 082913 (PDF)
Deardorff COBRE seminar 082913 (PDF)
Chapter 24- Viruses, section review answers
Chapter 24- Viruses, section review answers
Computer Virus Could Become Biological
Computer Virus Could Become Biological
Understanding viruses classwork
Understanding viruses classwork
Sample Test Questions: LIfe Ch6 Bacteria
Sample Test Questions: LIfe Ch6 Bacteria
1.3 Viruses are not alive but affect living things. Vocabulary Host cell
1.3 Viruses are not alive but affect living things. Vocabulary Host cell
Communications Course Test 1
Communications Course Test 1
20.1 viruses - OG
20.1 viruses - OG
Virus Notes - Lake Stevens School District
Virus Notes - Lake Stevens School District
Viruses - Mr. Enns
Viruses - Mr. Enns
Viruses can enter a computer system in a number of ways, including
Viruses can enter a computer system in a number of ways, including
Plate 31 - Introduction to Viruses
Plate 31 - Introduction to Viruses
投影片 1
投影片 1
Bacteria & viruses
Bacteria & viruses
Viruses - Mr. Lesiuk
Viruses - Mr. Lesiuk
Can you Identify the picture below?
Can you Identify the picture below?