Lecture22 - Lecture 22: Malware: Viruses and Worms Lecture...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Lecture 22: Malware: Viruses and Worms Lecture Notes on Computer and Network Security by Avi Kak (kak@purdue.edu) April 21, 2011 9:49am c circlecopyrt 2011 Avinash Kak, Purdue University Goals: Attributes of a virus An example of a virus Attributes of a worm Examples of worms The Conficker and Stuxnet worms How afraid should we be of viruses and worms? 1 22.1: Viruses A computer virus is a malicious piece of executable code that propagates typically by attaching itself to a host document usually an executable piece of code just as a biological virus needs a host, a living cell, that it inserts itself into for propagation. Typical hosts for computer viruses are: Executable files (such as the .exe files in Windows machines), usually sent around as email attachments Boot sectors of disk partitions Script files for system administration (such as the batch files in Windows machines, shell script files in Unix, etc.) Documents that are allowed to contain macros (such as Mi- crosoft Word documents, Excel spreadsheets, Access database files, etc.) Any operating system that allows third-party programs to run can support viruses. 2 Because of the way permissions work in Unix/Linux systems, it is more difficult for a virus to wreak havoc on such machines. Lets say that a virus embedded itself into one of your script files. The virus code will execute only with the permissions that are assigned to you. For example, if you do not have the permission to read or modify a certain system file, the virus code will, in general, be constrained by the same restriction. [ Windows machines also have a multi-level organization of permissions. For example, you can be an administrator with all possible privileges or you can be just a user with more limited privileges. But it is fairly common for the owners of Windows machines to leave them running in the administrator mode. That is, most owners of Windows machines will have only one account on their machines and that will be the account with administrator privileges. For various reasons that we do not want to go into here, this does not happen in Unix/Linux machines. ] At the least, a virus will duplicate itself when it attaches itself to another host document, that is, to another executable file. But the important thing to note that this copy does not have to be an exact replica of itself. In order to make more difficult the detection by pattern matching, the virus may alter itself when it propagates from host to host. In most cases, the changes made to the viral code are simple, such as rearrangement of the order independent instructions, etc. Viruses that are capable of changing themselves are called mutating viruses ....
View Full Document

Page1 / 46

Lecture22 - Lecture 22: Malware: Viruses and Worms Lecture...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online