356lecture09 - CS 356 Lecture 9 Malicious Code Spring 2013...

Info icon This preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 356 – Lecture 9 Malicious Code Spring 2013
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive, insider/outsider Chapter 2: Basic Cryptographic Tools Symmetric key encryption and secure hashing Public key cryptography and Random Numbers Chapter 3 – User Authentication Passwords, Checking passwords and Biometrics Chapter 4 – Access Control Lists Concepts and Discretionary Access Control Role Based Access Control (RBAC) Chapter 5 – Database Security (skipped) Chapter 6 – Malicious Software Virus Malware
Image of page 2
Chapter 6 Malicious Software
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Worms program that actively seeks out more machines to infect and each infected machine serves as an automated launching pad for attacks on other machines exploits software vulnerabilities in client or server programs can use network connections to spread from system to system spreads through shared media (USB drives, CD, DVD data disks) e-mail worms spread in macro or script code included in attachments and instant messenger file transfers upon activation the worm may replicate and propagate again usually carries some form of payload first known implementation was done in Xerox Palo Alto Labs in the early 1980s
Image of page 4
Worm Replication worm e-mails a copy of itself to other systems sends itself as an attachment via an instant message service electronic mail or instant messenger facility creates a copy of itself or infects a file as a virus on removable media file sharing worm executes a copy of itself on another system remote execution capability worm uses a remote file access or transfer service to copy itself from one system to the other remote file access or transfer capability worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other remote login capability
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Worm Propagation Model
Image of page 6
Morris Worm earliest significant worm infection released by Robert Morris in 1988 designed to spread on UNIX systems – attempted to crack local password file to use login/ password to logon to other systems – exploited a bug in the finger protocol which reports the whereabouts of a remote user – exploited a trapdoor in the debug option of the remote process that receives and sends mail successful attacks achieved communication with the operating system command interpreter – sent interpreter a bootstrap program to copy worm over
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Recent Worm Attacks Melissa 1998 e-­‐mail worm first to include virus, worm andTrojan in one package Code Red July 2001 exploited Microsoft IIS bug probes random IP addresses consumes significant Internet capacity when active Code Red II August 2001 also targeted Microsoft IIS installs a backdoor for access Nimda September 2001 had worm, virus and mobile code characteristics spread using e-­‐mail, Windows shares, Web servers, Web clients, backdoors SQL Slammer
Image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern