SlideShare a Scribd company logo

Security & threats Presentation => (Presenter: Komal Mehfooz)

Download as PPTX, PDF
Komal Mehfooz, profile picture
Komal Mehfooz

The document discusses various types of security threats and malicious software (malware) that can compromise computer systems. It describes common malware types like viruses, worms, Trojan horses, spyware, ransomware, and backdoors/remote access tools. It also explains different security violations like breaches of confidentiality, integrity, availability, and denial of service attacks. Attack methods like buffer overflows are outlined as well. The document provides details on various malware behaviors, payloads, and infection mechanisms.

Engineering
1 of 25
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
GROUP MEMBERS Names: Komal Mehfooz Rafia Khalid Hazeema Mateen Iqra Sohail
Security & threats Presentation => (Presenter: Komal Mehfooz)
 The state of being free from danger or threat.  The system is designed to provide maximum security against toxic spills. Or another definition is: In the context of computer science, security is the prevention of, or protection against, access to information by unauthorized recipients, and. intentional but unauthorized destruction or alteration of that information.
 Security violations (or misuse) of the system can be categorized as intentional (malicious) or accidental.  It is easier to protect against accidental misuse than against malicious misuse. For the most part, protection mechanisms are the core of protection from accidents. Note: In discussion of security , we use the terms intruder and cracker for those attempting to breach security.  A threat is the potential for a security violation, such as the discovery of a vulnerability, whereas an attack is the attempt to break security.
Breach of confidentiality: This type of violation involves unauthorized reading of data (or theft of information). Typically, a breach of confidentiality is the goal of an intruder. Capturing secret data from a system or a data stream, such as credit-card information or identity information for identity theft, can result directly in money for the intruder.
Breach of integrity: This violation involves unauthorized modification of data. Such attacks can, for example, result in passing of liability to an innocent party or modification of the source code of an important commercial application. Breach of availability: This violation involves unauthorized destruction of data. Some crackers would rather wreak havoc and gain status or bragging rights than gain financially. Web-site defacement is a common example of this type of security breach. Theft of service: This violation involves unauthorized use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.
Denial of service: (DOS) This violation involves preventing legitimate use of the system. Denial-of-service, or DOS , attacks are sometimes accidental. The original Internet worm turned into a DOS attack when a bug failed to delay its rapid spread.  Attackers use several standard methods in their attempts to breach security. The most common is masquerading, in which one participant in a communication pretends to be someone else (another host or another person).  By masquerading, attackers breach authentication, the correctness of identification; they can then gain access that they would not normally be allowed or escalate their privileges—obtain privileges to which they would not normally be entitled. Another common attack is to replay a captured exchange of data.  A replay attack consists of the malicious or fraudulent repeat of a valid data transmission. Sometimes the replay comprises the entire attack—for example, in a repeat of a request to transfer money. But frequently it is done along with message modification, again to escalate privileges.
Security & threats Presentation => (Presenter: Komal Mehfooz)
To protect a system, we must take security measures at  Physical: four levels: The site or sites containing the computer systems must be physically secured against armed or surreptitious entry by intruders. Both the machine rooms and the terminals or workstations that have access to the machines must be secured.  Human: Authorization must be done carefully to assure that only appropriate users have access to the system. Even authorized users, however, may be “encouraged” to let others use their access (in exchange for a bribe, for example). They may also be tricked into allowing access via social engineering. One type of social- engineering attack is phishing.
 Operating system: The system must protect itself from accidental or purposeful security breaches. A runaway process could constitute an accidental denial-of-service attack. A query to a service could reveal passwords. A stack overflow could allow the launching of an unauthorized process. The list of possible breaches is almost endless.  Network: Much computer data in modern systems travels over private Leased lines, shared lines like the Internet , wireless connections , or dial-up lines. Intercepting these data could be just as harmful as breaking into a Computer ; and interruption of communications could constitute a remote denial-of service attack, diminishing users use of and trust in the system.
 In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
What is Malware ? Malware is a malicious software. This software include the program that exploit the vulnerabilities in computing system. The purpose of malicious software is harm you or steal the information from you.
Types of Threats:  In computing, a Trojan horse is a program which purports to do some benign task, but secretly performs some additional malicious task. A classic example is a password-grabbing login program which prints authentic-looking "username“ and "password" prompts, and waits for a user to type in the information.  When this happens, the password grabber stashes the information away for its creator, then prints out an "invalid password" message before running the real login program. The unsuspecting user thinks they made a typing mistake and reenters the information, none the wiser. TROJAN HORSE
Spyware is software which collects information from a computer and transmits it to someone else. The exact information spyware gathers may vary, but can include anything which potentially has value: Different Ways: 1. Usernames and passwords. These might be harvested from files on the machine, or by recording what the user types using a key logger. A key logger differs from a Trojan horse in that a key logger passively captures key strokes only; no active deception is involved. 2. Email addresses, which would have value to a spammer. 3. Bank account and credit card numbers. 4. Software license keys, to facilitate software pirating.
The oldest type of malicious software. This program is embedded with some other program. When certain condition meets, the logic bomb will destroy your pc.  It also crash at particular date which is fixed by attacker. It will be included in legitimate or authorized person like this: legitimate code if date is Friday the 13th: crash_computer legitimate code E.g.: if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.
Security & threats Presentation => (Presenter: Komal Mehfooz)
One special kind of back door is a RAT, which stands for Remote Administration Tool or Remote Access Trojan, depending on who's asked. These programs allow a computer to be monitored and controlled remotely; username = read_username() password = read_password() if tisername i s "133t h4ck0r": return ALLOW^LOGIN if username and password are valid: return ALLOW_LOGIN e l s e: return DENY^LOGIN
A virus is malware that, when executed, tries to replicate itself into other executable code; when it succeeds, the code is said to be infected. The infected code, when run, can infect new code in turn. This self-replication into existing executable code is the key defining characteristic of a virus. Types of Viruses: 1. Parasitic virus: Traditional and common virus. This will be attached with EXE files and search for other EXE file to infect them. 2. Memory Resident Virus: Present in your system memory as a system program. From here onwards it will infects all program that executes. 3. Boot Sector Virus: Infects the boot record and spread when the system is booted from the disk containing the virus. 4. Stealth Virus: This virus hides itself from detection of antivirus scanning.
A worm shares several characteristics with a Virus.  The most important characteristic is that worms are self-replicating too, but self-replication of a worm is distinct in two ways. First, worms are standalone, and do not rely on other executable code. Second, worms spread from machine to machine across networks.
 The stack- or buffer-overflow attack is the most common way for an attacker outside the system, on a network or dial-up connection, to gain unauthorized access to the target system. An authorized user of the system may also use this exploit for privilege escalation.  Essentially, the attack exploits a bug in a program. The bug can be a simple case of poor programming , in which the programmer neglected to code bounds checking on an input field. In this case, the attacker sends more data than the program was expecting. By using trial and error, or by examining the source code of the attacked program if it is available, the attacker determines the vulnerability and writes a program to do the following:
Three Steps:  1. Overflow an input field, command-line argument, or input buffer—for example, on a network daemon—until it writes into the stack.  2. Overwrite the current return address on the stack with the address of the exploit code loaded in step 3.  3. Write a simple set of code for the next space in the stack that includes the commands that the attacker wishes to execute—for instance, spawn a shell.
Note: that a careful programmer could have performed bounds checking on the sizeof argv[1] by using the strncpy() function rather than strcpy(), replacing the line “ strcpy(buffer, argv[1]); ” with “ strncpy(buffer, argv[1], sizeof(buffer)-1); ”. Unfortunately, good bounds checking is the exception rather than the norm. #include < stdio.h > #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; } } Example: C program with buffer-overflow condition.
Security & threats Presentation => (Presenter: Komal Mehfooz)
Code Segment:  A cracker could execute a buffer-overflow attack. Her goal is to replace the return address in the stack frame so that it now points to the code segment containing the attacking program.  The programmer first writes a short code segment such as the following: #include <stdio.h> int main(int argc, char *argv[]) { execvp(‘‘ bin sh’’,‘‘ bin sh’’, NULL); return 0; } Using the execvp() system call, this code segment creates a shell process.
THANK YOU

More Related Content

PPTX
Computer security
sruthiKrishnaG
 
PPTX
Different types of attacks in internet
Rohan Bharadwaj
 
PPTX
Cyber security
ankit yadav
 
PPT
Presentation1
aisyah2007
 
PPTX
Access Controls Attacks
Hafiza Abas
 
DOCX
Ns unit 6,7,8
Shruthi Reddy
 
PPTX
Program and System Threats
Reddhi Basu
 
PPTX
Security threats
Integral university, India
 
Computer security
sruthiKrishnaG
 
Different types of attacks in internet
Rohan Bharadwaj
 
Cyber security
ankit yadav
 
Presentation1
aisyah2007
 
Access Controls Attacks
Hafiza Abas
 
Ns unit 6,7,8
Shruthi Reddy
 
Program and System Threats
Reddhi Basu
 
Security threats
Integral university, India
 

What's hot (20)

PDF
Sam sam
malvvv
 
PPTX
Access control attacks by Yaakub bin Idris
Hafiza Abas
 
PPT
Ch03 Network and Computer Attacks
phanleson
 
PPTX
Program Threats
guestab0ee0
 
PPTX
Security and ethics
Argie242424
 
PPT
Virus-trojan and salami attacks
ariifuddin
 
PPTX
Cyber Attacks
Insiya Tarwala
 
PPTX
Network security and viruses
Aamlan Saswat Mishra
 
PPT
Computer Virus
bebo
 
PPTX
Cyber Security-Ethical Hacking
Viral Parmar
 
PPT
Hacking Presentation
Animesh Behera
 
PPTX
Learn Hacking With Gflixacademy
Gaurav Mishra
 
PPTX
Types of malware threats
EC-Council
 
PPTX
The trojan horse virus
HTS Hosting
 
PPT
Ch02 System Threats and Risks
Information Technology
 
PPTX
Attack lecture #2 ppt
vasanthimuniasamy
 
PPTX
Intruders detection
Ehtisham Ali
 
PPTX
Protection and security of operating system
Abdullah Khosa
 
PPT
Security R U Totally Secure !
trendy updates
 
PPTX
Types of Attack in Information and Network Security
padmeshagrekar
 
Sam sam
malvvv
 
Access control attacks by Yaakub bin Idris
Hafiza Abas
 
Ch03 Network and Computer Attacks
phanleson
 
Program Threats
guestab0ee0
 
Security and ethics
Argie242424
 
Virus-trojan and salami attacks
ariifuddin
 
Cyber Attacks
Insiya Tarwala
 
Network security and viruses
Aamlan Saswat Mishra
 
Computer Virus
bebo
 
Cyber Security-Ethical Hacking
Viral Parmar
 
Hacking Presentation
Animesh Behera
 
Learn Hacking With Gflixacademy
Gaurav Mishra
 
Types of malware threats
EC-Council
 
The trojan horse virus
HTS Hosting
 
Ch02 System Threats and Risks
Information Technology
 
Attack lecture #2 ppt
vasanthimuniasamy
 
Intruders detection
Ehtisham Ali
 
Protection and security of operating system
Abdullah Khosa
 
Security R U Totally Secure !
trendy updates
 
Types of Attack in Information and Network Security
padmeshagrekar
 
Ad

Similar to Security & threats Presentation => (Presenter: Komal Mehfooz) (20)

DOCX
Unit 7
Vinod Kumar Gorrepati
 
PPTX
System Security
Reddhi Basu
 
PPTX
Ethical hacking ppt
Nitesh Dubey
 
PPT
Computer Securityyyyyyyy - Chapter 2.ppt
SolomonSB
 
PDF
2.Security (1).pdfccccccccccccccccccccccccccccccccccccccccccccc
jacobdiriba
 
PPTX
System tThreats
Sunipa Bera
 
PPT
Ethical Hacking
aashish2cool4u
 
PPT
Tutorial 09 - Security on the Internet and the Web
dpd
 
PPTX
Basics of hacking
Ali Asghar Jafari Lari
 
PDF
What is a Hacker (part 2): How data is stolen
Klaus Drosch
 
PPTX
CHAPTER 7 - Operating system Security.pptx
AnithaSakthivel3
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PPTX
Health information security 3 vulnerability threat and risk
Dr. Lasantha Ranwala
 
PPT
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
PPTX
23 network security threats pkg
Umang Gupta
 
PPTX
Basics of Network Security
Dushyant Singh
 
PPTX
Final malacious softwares
Mirza Adnan Baig
 
PPT
Cyber security and detailed informat.ppt
raga04269
 
PPT
Hacking
blues_mfi
 
Unit 7
Vinod Kumar Gorrepati
 
System Security
Reddhi Basu
 
Ethical hacking ppt
Nitesh Dubey
 
Computer Securityyyyyyyy - Chapter 2.ppt
SolomonSB
 
2.Security (1).pdfccccccccccccccccccccccccccccccccccccccccccccc
jacobdiriba
 
System tThreats
Sunipa Bera
 
Ethical Hacking
aashish2cool4u
 
Tutorial 09 - Security on the Internet and the Web
dpd
 
Basics of hacking
Ali Asghar Jafari Lari
 
What is a Hacker (part 2): How data is stolen
Klaus Drosch
 
CHAPTER 7 - Operating system Security.pptx
AnithaSakthivel3
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Health information security 3 vulnerability threat and risk
Dr. Lasantha Ranwala
 
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
23 network security threats pkg
Umang Gupta
 
Basics of Network Security
Dushyant Singh
 
Final malacious softwares
Mirza Adnan Baig
 
Cyber security and detailed informat.ppt
raga04269
 
Hacking
blues_mfi
 
Ad

Recently uploaded (20)

PDF
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
Strings in CPP - Strings in C++ are sequences of characters used to store and...
sangeethamtech26
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPT on Performance Review to get promotions
prashant593122
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Strings in CPP - Strings in C++ are sequences of characters used to store and...
sangeethamtech26
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 

Security & threats Presentation => (Presenter: Komal Mehfooz)

  • 1. GROUP MEMBERS Names: Komal Mehfooz Rafia Khalid Hazeema Mateen Iqra Sohail
  • 3.  The state of being free from danger or threat.  The system is designed to provide maximum security against toxic spills. Or another definition is: In the context of computer science, security is the prevention of, or protection against, access to information by unauthorized recipients, and. intentional but unauthorized destruction or alteration of that information.
  • 4.  Security violations (or misuse) of the system can be categorized as intentional (malicious) or accidental.  It is easier to protect against accidental misuse than against malicious misuse. For the most part, protection mechanisms are the core of protection from accidents. Note: In discussion of security , we use the terms intruder and cracker for those attempting to breach security.  A threat is the potential for a security violation, such as the discovery of a vulnerability, whereas an attack is the attempt to break security.
  • 5. Breach of confidentiality: This type of violation involves unauthorized reading of data (or theft of information). Typically, a breach of confidentiality is the goal of an intruder. Capturing secret data from a system or a data stream, such as credit-card information or identity information for identity theft, can result directly in money for the intruder.
  • 6. Breach of integrity: This violation involves unauthorized modification of data. Such attacks can, for example, result in passing of liability to an innocent party or modification of the source code of an important commercial application. Breach of availability: This violation involves unauthorized destruction of data. Some crackers would rather wreak havoc and gain status or bragging rights than gain financially. Web-site defacement is a common example of this type of security breach. Theft of service: This violation involves unauthorized use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.
  • 7. Denial of service: (DOS) This violation involves preventing legitimate use of the system. Denial-of-service, or DOS , attacks are sometimes accidental. The original Internet worm turned into a DOS attack when a bug failed to delay its rapid spread.  Attackers use several standard methods in their attempts to breach security. The most common is masquerading, in which one participant in a communication pretends to be someone else (another host or another person).  By masquerading, attackers breach authentication, the correctness of identification; they can then gain access that they would not normally be allowed or escalate their privileges—obtain privileges to which they would not normally be entitled. Another common attack is to replay a captured exchange of data.  A replay attack consists of the malicious or fraudulent repeat of a valid data transmission. Sometimes the replay comprises the entire attack—for example, in a repeat of a request to transfer money. But frequently it is done along with message modification, again to escalate privileges.
  • 9. To protect a system, we must take security measures at  Physical: four levels: The site or sites containing the computer systems must be physically secured against armed or surreptitious entry by intruders. Both the machine rooms and the terminals or workstations that have access to the machines must be secured.  Human: Authorization must be done carefully to assure that only appropriate users have access to the system. Even authorized users, however, may be “encouraged” to let others use their access (in exchange for a bribe, for example). They may also be tricked into allowing access via social engineering. One type of social- engineering attack is phishing.
  • 10.  Operating system: The system must protect itself from accidental or purposeful security breaches. A runaway process could constitute an accidental denial-of-service attack. A query to a service could reveal passwords. A stack overflow could allow the launching of an unauthorized process. The list of possible breaches is almost endless.  Network: Much computer data in modern systems travels over private Leased lines, shared lines like the Internet , wireless connections , or dial-up lines. Intercepting these data could be just as harmful as breaking into a Computer ; and interruption of communications could constitute a remote denial-of service attack, diminishing users use of and trust in the system.
  • 11.  In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
  • 12. What is Malware ? Malware is a malicious software. This software include the program that exploit the vulnerabilities in computing system. The purpose of malicious software is harm you or steal the information from you.
  • 13. Types of Threats:  In computing, a Trojan horse is a program which purports to do some benign task, but secretly performs some additional malicious task. A classic example is a password-grabbing login program which prints authentic-looking "username“ and "password" prompts, and waits for a user to type in the information.  When this happens, the password grabber stashes the information away for its creator, then prints out an "invalid password" message before running the real login program. The unsuspecting user thinks they made a typing mistake and reenters the information, none the wiser. TROJAN HORSE
  • 14. Spyware is software which collects information from a computer and transmits it to someone else. The exact information spyware gathers may vary, but can include anything which potentially has value: Different Ways: 1. Usernames and passwords. These might be harvested from files on the machine, or by recording what the user types using a key logger. A key logger differs from a Trojan horse in that a key logger passively captures key strokes only; no active deception is involved. 2. Email addresses, which would have value to a spammer. 3. Bank account and credit card numbers. 4. Software license keys, to facilitate software pirating.
  • 15. The oldest type of malicious software. This program is embedded with some other program. When certain condition meets, the logic bomb will destroy your pc.  It also crash at particular date which is fixed by attacker. It will be included in legitimate or authorized person like this: legitimate code if date is Friday the 13th: crash_computer legitimate code E.g.: if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.
  • 17. One special kind of back door is a RAT, which stands for Remote Administration Tool or Remote Access Trojan, depending on who's asked. These programs allow a computer to be monitored and controlled remotely; username = read_username() password = read_password() if tisername i s "133t h4ck0r": return ALLOW^LOGIN if username and password are valid: return ALLOW_LOGIN e l s e: return DENY^LOGIN
  • 18. A virus is malware that, when executed, tries to replicate itself into other executable code; when it succeeds, the code is said to be infected. The infected code, when run, can infect new code in turn. This self-replication into existing executable code is the key defining characteristic of a virus. Types of Viruses: 1. Parasitic virus: Traditional and common virus. This will be attached with EXE files and search for other EXE file to infect them. 2. Memory Resident Virus: Present in your system memory as a system program. From here onwards it will infects all program that executes. 3. Boot Sector Virus: Infects the boot record and spread when the system is booted from the disk containing the virus. 4. Stealth Virus: This virus hides itself from detection of antivirus scanning.
  • 19. A worm shares several characteristics with a Virus.  The most important characteristic is that worms are self-replicating too, but self-replication of a worm is distinct in two ways. First, worms are standalone, and do not rely on other executable code. Second, worms spread from machine to machine across networks.
  • 20.  The stack- or buffer-overflow attack is the most common way for an attacker outside the system, on a network or dial-up connection, to gain unauthorized access to the target system. An authorized user of the system may also use this exploit for privilege escalation.  Essentially, the attack exploits a bug in a program. The bug can be a simple case of poor programming , in which the programmer neglected to code bounds checking on an input field. In this case, the attacker sends more data than the program was expecting. By using trial and error, or by examining the source code of the attacked program if it is available, the attacker determines the vulnerability and writes a program to do the following:
  • 21. Three Steps:  1. Overflow an input field, command-line argument, or input buffer—for example, on a network daemon—until it writes into the stack.  2. Overwrite the current return address on the stack with the address of the exploit code loaded in step 3.  3. Write a simple set of code for the next space in the stack that includes the commands that the attacker wishes to execute—for instance, spawn a shell.
  • 22. Note: that a careful programmer could have performed bounds checking on the sizeof argv[1] by using the strncpy() function rather than strcpy(), replacing the line “ strcpy(buffer, argv[1]); ” with “ strncpy(buffer, argv[1], sizeof(buffer)-1); ”. Unfortunately, good bounds checking is the exception rather than the norm. #include < stdio.h > #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; } } Example: C program with buffer-overflow condition.
  • 24. Code Segment:  A cracker could execute a buffer-overflow attack. Her goal is to replace the return address in the stack frame so that it now points to the code segment containing the attacking program.  The programmer first writes a short code segment such as the following: #include <stdio.h> int main(int argc, char *argv[]) { execvp(‘‘ bin sh’’,‘‘ bin sh’’, NULL); return 0; } Using the execvp() system call, this code segment creates a shell process.