356lecture09

356lecture09 - CS 356 Lecture 9 Malicious Code Spring 2013...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 356 – Lecture 9 Malicious Code Spring 2013
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Review Chapter 1: Basic Concepts and Terminology – Integrity, Confidentiality, Availability, Authentication, and Accountability – Types of threats: active vs. passive, insider/outsider Chapter 2: Basic Cryptographic Tools – Symmetric key encryption and secure hashing – Public key cryptography and Random Numbers Chapter 3 – User Authentication – Passwords, Checking passwords and Biometrics Chapter 4 – Access Control Lists – Concepts and Discretionary Access Control – Role Based Access Control (RBAC) Chapter 5 – Database Security (skipped) Chapter 6 – Malicious Software – Virus Malware
Background image of page 2
Chapter 6 Malicious Software
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Worms program that actively seeks out more machines to infect and each infected machine serves as an automated launching pad for attacks on other machines exploits software vulnerabilities in client or server programs can use network connections to spread from system to system spreads through shared media (USB drives, CD, DVD data disks) e-mail worms spread in macro or script code included in attachments and instant messenger file transfers upon activation the worm may replicate and propagate again usually carries some form of payload first known implementation was done in Xerox Palo Alto Labs in the early 1980s
Background image of page 4
Worm Replication worm e-mails a copy of itself to other systems sends itself as an attachment via an instant message service electronic mail or instant messenger facility creates a copy of itself or infects a file as a virus on removable media file sharing worm executes a copy of itself on another system remote execution capability worm uses a remote file access or transfer service to copy itself from one system to the other remote file access or transfer capability worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other remote login capability
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Worm Propagation Model
Background image of page 6
Morris Worm • earliest significant worm infection • released by Robert Morris in 1988 • designed to spread on UNIX systems – attempted to crack local password file to use login/ password to logon to other systems – exploited a bug in the finger protocol which reports the whereabouts of a remote user – exploited a trapdoor in the debug option of the remote process that receives and sends mail • successful attacks achieved communication with the operating system command interpreter – sent interpreter a bootstrap program to copy worm over
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Recent Worm Attacks Melissa’ 1998’ e-mail’worm’ frst’to’include’virus,’worm’and’Trojan’in’one’package’ Code’Red’ July’2001’ exploited’MicrosoFt’IIS’bug’ probes’random’IP’addresses’ consumes’signifcant’Internet’capacity’when’active’ Code’Red’II’ August’2001’ also’targeted’MicrosoFt’IIS’ installs’a’backdoor’For’access’ Nimda’ September’2001’
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 33

356lecture09 - CS 356 Lecture 9 Malicious Code Spring 2013...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online