Program Threats
- 1. Program ThreatsVirus & logic bombPrepared and presented by :Medhat Dawoud5/10/20101
- 2. Program threatsStack and BufferoverflowTrojan horseWorms Trap doorLogic BombVirus 5/10/20102
- 3. Logic BombProgram that initiates a security incident under certain circumstances.Known by the Mentor Programmers (or any other one want to be professional in IT world).5/10/20103
- 4. VirusCode fragment embedded in legitimate program.
- 5. How do viruses work ?
- 6. Very specific to CPU architecture, operating system, applications.
- 7. Usually borne via email or as a macro.5/10/20104
- 8. Virus Con."payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.Virus dropper inserts virus onto the system.virus signature is a pattern (a series of bytes) that can be used to identify the virus .5/10/20105
- 9. Virus CategoriesMany categories of viruses, literally many thousands of viruses so that you can find a virus in two or more categories:FileBootMacroSource codePolymorphicEncryptedStealthTunnelingMultipartiteArmored5/10/20106
- 10. FileAppend itself to a file.Change the start of the program to its code.Known as parasitic viruses.usually with extensions .BIN, .COM, .EXE, .OVL, .DRV.5/10/20107
- 11. BootThe boot sector carries the Mater Boot Record (MBR) which read and load the operating system.Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.Executed every time the system is booting.Known as memory viruses.5/10/20108
- 12. 5/10/20109
- 13. Example for :Wreak havoc5/10/201010
- 14. MacroWritten in a high-level language.macros start automatically when a document is opened or closed (word – Excel).can be spread through e-mail attachments, discs, networks, modems, and the Internet.5/10/201011
- 15. Viruses for freeAntivirus withMillions $$5/10/201012
- 16. Source codeLooks for a source code and modifies it to include the virus and to help spread the virus.5/10/201013
- 17. 5/10/201014
- 18. PolymorphicChange virus’s signature each time.It’s designed to avoid detection by antivirus software.A polymorphic virus acts like a chameleon.5/10/201015
- 19. EncryptedEncrypted virus to avoid detection.It has a decryption code along with the encrypted virus.5/10/201016
- 20. StealthIt use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it. in fact, the first computer virus, was a stealth virus5/10/201017
- 21. TunnelingInstall itself in the interrupt-handler chain or in device drivers attempting to bypass detection.Try to intercept the actions before the anti-virus software can detect the malicious code.5/10/201018
- 22. MultipartiteInfect multiple parts of the system.Including boot sector, memory, and files.So it’s difficult to be detected by the antivirus scanner.5/10/201019
- 23. ArmoredThe most dangerous type. The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult.Virus droppers and other full files which are part of a virus infestation are hidden.5/10/201020