Worms and viruses

Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Worms and Viruses CS 161/194-1 Anthony D. Joseph October 26, 2005 October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 2 Outline • What is a Worm/Virus? • Why are they created? • Infection Vectors and Payloads – How they propagate and what they do • Worm propagation rates • Virus/Worm detection/prevention – File scanners, host scanners, network scanners – Host monitors • Targeted Worms and Viruses October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 3 Internet Worms and Viruses • Self-replicating code and data – Worms are self-propagating (search network) • Typically exploit vulnerabilities in an application running on a machine or the machine’s OS – Viruses typically require a human interaction before propagating • Running e-mail attachment, or click link in e-mail • Inserting/connecting “infected” media to a PC • Behavioral invariant: they seek to propagate October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 4 Why Create Worms/Viruses? • Formerly was a prestige motivation – Finding bugs, mass infections, … – 50% of viruses contain crackers’/groups’ names • Cracking for profit, including organized crime – Create massive botnets 10-100,000+ machines infected • Overloading/attacking websites, pay-per-click scams, spaming/phishing e-mail, or phishing websites… • More on botnets on Wednesday… – Corporate/personal espionage (SSN, passwords, docs, …) • Closing security loopholes – Is this ethical? October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 5 Revisiting Zotab Virus (August 2005) • Financially-driven motive –Infected machines and set IE security to low (enables pop-up website ads) –Revenue from ads that now appear –User may remove virus, but IE settings will likely remain set to low –Continued revenue from ads… • Update (August 25 th ) –Farid Essebar was arrested in Morocco and Atilla Ekici was detained by police in October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 6 Infection Vectors and Payloads • Two components to worms and viruses • Infection vectors – How they get onto your machine and then propagate • Payloads – What they do on your machine
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 7 Infection Vectors • Network scanning for potential victims (worms) • Local/server/P2P files (viruses/worms) • E-mail message components (viruses) • Web sites (worms/viruses) October 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 8 Network Scanning for Potential Victims (Worms) • How to scan the network? – Pick address, try to exploit protocol vulnerabilities • How to generate addresses? – Use a PRG, but how to initialize the PRG?
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 7

Worms and viruses - Outline What is a Worm/Virus Why are...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online