Security in Computing (3rd Edition)

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Worms and Viruses CS 161/194-1 Anthony D. Joseph October 26, 2005 October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 2 Outline What is a Worm/Virus? Why are they created? Infection Vectors and Payloads – How they propagate and what they do Worm propagation rates Virus/Worm detection/prevention – File scanners, host scanners, network scanners – Host monitors Targeted Worms and Viruses October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 3 Internet Worms and Viruses Self-replicating code and data – Worms are self-propagating (search network) Typically exploit vulnerabilities in an application running on a machine or the machine’s OS – Viruses typically require a human interaction before propagating Running e-mail attachment, or click link in e-mail • Inserting/connecting “infected” media to a PC Behavioral invariant: they seek to propagate October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 4 Why Create Worms/Viruses? Formerly was a prestige motivation Finding bugs, mass infections, … 50% of viruses contain crackers’/groups’ names Cracking for profit, including organized crime Create massive botnets 10-100,000+ machines infected Overloading/attacking websites, pay-per-click scams, spaming/phishing e-mail, or phishing websites… More on botnets on Wednesday… Corporate/personal espionage (SSN, passwords, docs, …) Closing security loopholes Is this ethical? October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 5 Revisiting Zotab Virus (August 2005) Financially-driven motive –Infected machines and set IE security to low (enables pop-up website ads) –Revenue from ads that now appear –User may remove virus, but IE settings will likely remain set to low –Continued revenue from ads… Update (August 25 th ) –Farid Essebar was arrested in Morocco and Atilla Ekici was detained by police in October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 6 Infection Vectors and Payloads Two components to worms and viruses Infection vectors – How they get onto your machine and then propagate • Payloads – What they do on your machine
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 7 Infection Vectors Network scanning for potential victims (worms) Local/server/P2P files (viruses/worms) E-mail message components (viruses) Web sites (worms/viruses) October 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 8 Network Scanning for Potential Victims (Worms) How to scan the network? Pick address, try to exploit protocol vulnerabilities How to generate addresses? Use a PRG, but how to initialize the PRG? Same seed on each host (common flaw!) Need to generate local seed… Generate 32-bit IP address or 4 8-bit parts?
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern