INFORMATION

SECURITY
lesson
MALICIOUS CODE

Group 4
Mariano, Luz Marie
Cordova, Mohammad
 MALICIOUS CODE

 Known as “Rogue Program” or “Malware”.

 It causes undesirable effects.
 It can do anything “normal” program can do.
 Officially defined by Cohen in 1984 but virus
behaviour has been known since (at least) 1970.
 Ability to change:
 Data
 Other Programs
 THE FIRST MALICIOUS CODE

Interestingly, in 1985, the early Internet was

brought to its knees on October 27 because of
an accidentally-propagated status-message
virus. This was not the first virus, however. As
early as 1949, self-replicating programs were
being developed, and in 1981, several viruses
were infecting the Apple world.
3 COMMON FORMS OF MALWARE
VIRUS/ES
TROJAN HORSE/S

WORM/S
3 COMMON FORMS OF MALWARE

 Virus – self-replicating section of computer software

• Transient Virus – active when host program is active.
• Resident Virus – establishes itself in the computer’s
memory and can remain active w/o it’s host.
 Worm – run independently
 - propagate a complete working version of itself
 Trojan horse – appears to have a useful function
 - has a hidden and malicious purpose that evades security
mechanisms.
 MALWARE EXAMPLES
TRAPDOOR/S

ZOMBIE PROGRAM/S LOGIC/TIME BOMB/S

RABBITS SCRIPT ATTACKS

ATTRIBUTES OF MALICIOUS CODE

 HARM
 TRANSMISSION/PROPAGATION
 ACTIVATION
 STEALTH
HOW DOES VIRUS
WORK?
 CLASSIFYING VIRUSES

 Appending viruses
 Surrounding viruses
 Integrating viruses
 Replacing viruses
 PERFECT VIRUS
Characteristic

 Hard to detect
 not easily destroyed or deactivated
 spreads infection widely
 can re-infect programs
 machine and OS independent
can infect windows, mac, linux, unix, mobile phones,
etc.
 Hiding a Virus

• Viruses can be hidden in any Places:

 In the boot sector
• Virus can gain control early
 In memory
 Attached to resident programs
 Most frequently used OS programs or common user program
 Hiding a Viruses

• Viruses can be hidden in many place:

• In application programs
• Application with macros are the best for this type of
viruses
• In library files (e.g., .dll files)
• Library files are used/shared by many programs
• In other widely shared files and programs
• Data sets
• Digital photos (c.f., steganography)
• Even inside virus detection program!
 Virus detection
• Viruses leaves signature, which defined by pattern:
• Storage patterns
• Stored somewhere
• Execution patterns
• Executes in particular way
• Distribution patterns
• Spread in particular way
Virus Removal and Post-Infection
Recovery
• Fixing a system after infection by a virus:
• Disinfect(remove) viruses by using Anti Virus software
• Viruses can removed infected program without
damaging the program it self
• if virus cannot be separated from program files, file must
be deleted!
• Recover/ replace:
• Files deleted by virus
• Files modified by virus
• Files deleted during infection (anti virus software)
• Need file backups!
Identifying Digital Objects Modified
by Malware
• Error detecting codes can used to detect when digital
object (e.g., programs or files) have been
surreptitiously altered
• Error correcting codes can used to restore program
or files to their proper state without requiring a copy
of the original object
 Reducing Harm Form Malware
Infections
• Several mechanism can be used to reduce harm form
malware infection:
• Least privilege

• Complete mediation

• Memory separation

• Most single-user system(e.g., home computers, laptops, tablets)

are not properly configured to capitalize on hierarchical code
sensitivity and capability
 Proper Malware Hygiene

 Use up-to-date anti virus software form trustworthy

vendors
 Test new software on an isolated device
 Open only safe attachments and data files
 Recognize that any website might be harmful
 Keep a recovery system image in a safe place
 Backup executable system files
 Seven Truth about Malware

1. Malware can infect any platform

2. Malware can modify hidden read-only files
3. Malware can appear anywhere in a system
4. Malware can spread anywhere where sharing occurs
5. Malware cannot remain in volatile memory after a complete
power off/power on reboot
6. Malware can infect software that runs hardware
 There are firmware viruses!
7. Malware can be malevolent, benign, or benevolent
 Would you mind having a virus-hunting virus on your system?