CSCI6268L21 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #21 Oct 19 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Brief History Would take weeks to look at all the viruses we’ve seen Also, wouldn’t be that instructive We’ll look at the ones I think were most instructive, important, and which have interesting lessons So it’s a selective brief history of viruses
Background image of page 2
AIDS Trojan (1989) Often called a “virus” A trojan is a program with a “surprise” payload The AIDS trojan was distributed as a way to enable graphics on TTL monitors Duh Payload: erase harddisk Interesting note: first virus scanners appear around this time (1990)
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Tequila (1990) First polymorphic virus Polymorphic means “changing form” This was done to defeat virus checkers Current status of polymorphic viruses Well, the current virus toolkits (MPC, VCS, VCL) create code which is still caught by scanners VCL – Virus Creation Laboratory (1992); pull-down menus, selectable payload But it’s possible to make a toolkit which will defeat the scanners – hasn’t been done yet (to my knowledge)
Background image of page 4
Michelangelo (1992) First virus to get lots of headlines Lives in MBR (master boot record) Targets MS-DOS machines Transfers to floppies/hard-disks when intermixed Note this predates widespread use of the Internet Payload: destroy boot and FAT on March 6 th Michelangelo’s birthday
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DMV (1995) Word Macro virus Macros are sets of executable instructions specific to an application Back in 1995, MS Word was configured out-of-the-box to execute immediately any macros in a Word document This meant that simply opening a document in an email or from the Web was dangerous DMV Distributed with the paper “Document Macro Viruses” Harmless (even had dialog boxes) Trying to prove a point Other macro viruses possible with Excel, Access, Adobe Acrobat, and more
Background image of page 6
Back Orifice Trojan (1998) Pun on MS Back Office Allows remote access via the Internet of Win 95/98 boxes (BO-2000 runs on Win 2k and NT) Waits for commands starting with “*!*QWTY?” US version used encryption; international could not! Doesn’t show up in the task list Written by cDc (Cult of the Dead Cow) and advertised as a legitimate tool Used by network managers, in fact But has been abused of course Has plug-ins to 0wn your box (view remote screen, download registry, etc)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 27

CSCI6268L21 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online