malware - Malicious Code Analysis Malware Malicious Code...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CS177 2011 Malware 1 Malicious Code Analysis • Malicious Code (Malware) – software that fulfills malicious intent of author – term often used equivalent with virus (due to media coverage) – however, many different types exist – classic viruses account for only 3% of malware in the wild There is a wide variety of different types of malicious code – viruses, worms, spyware, rootkits, Trojan horses, botnets Common characteristic – perform some unwanted activity on your system – usually only available as binary (important for analysis) CS177 2011 Malware 2 Malware • Computer virus – A virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed • Computer worm – Spreads autonomously like a computer virus, but needs no host program that it can infect • Trojan horse – A computer program that is hidden inside another program that serves a useful purpose CS177 2011 Malware 3 Malware (continued) • Rootkit – Code introduced into system administration tools with the purpose of hiding the presence of an attacker on the system • Spyware – Programs that monitor the behavior of users and steal private information, such as keystrokes or browsing habits – Often bundled with free software that explicitly states that spyware is installed on a user’s machine – Information collected is sent back to the spyware distributer and used as a basis for targeted advertisements CS177 2011 Malware 4 Malware (continued) • Key-logger – Spyware that focuses on the recording of the keys that a user types • Dialer – A computer program that creates a connection to the Internet or another computer network over the analogue phone or ISDN network – Increasing use of broadband Internet reduces this threat – Some new attacks on sophisticated cell phones • Botnet – networks of remotely-controlled, compromised machines CS177 2011 Malware 5 History of Malware Development Stuxnet CS177 2011 Malware 6 Malicious Code Taxonomy
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 CS177 2011 Malware 7 Reasons for Malware Prevalence • Mixing data and code – violates important design property of secure systems – unfortunately very frequent • Homogeneous computing base – Windows is just a very tempting target • Unprecedented connectivity – easy to attack from safety of home • Clueless user base – many targets available • Malicious code has become profitable – compromised computers can be sold (e.g., spam relay, DoS) CS177 2011 Malware 8 Virus Lifecycle Lifecycle – reproduce, infect, run payload Reproduction phase – viruses balance infection versus detection possibility – variety of techniques may be used to hide viruses Infection phase – difficult to predict when infection will take place – many viruses stay resident in memory Attack phase – e.g., deleting files, changing random data on disk – viruses often have bugs (poor coding) so damage can be done
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 8

malware - Malicious Code Analysis Malware Malicious Code...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online