New version page


Upgrade to remove ads
Upgrade to remove ads
Unformatted text preview:

CHAPTERMALICIOUS SOFTWARE21.1 Types Of Malicious SoftwareBackdoorLogic BombTrojan HorsesMobile CodeMultiple-Threat Malware21.2 VirusesThe Nature of VirusesViruses ClassificationVirus KitsMacro VirusesE-Mail Viruses21.3 Virus CountermeasuresAntivirus ApproachesAdvanced Antivirus Techniques21.4 WormsThe Morris WormWorm Propagation ModelRecent Worm AttacksState of Worm TechnologyMobile Phone WormsWorm Countermeasures21.5 Distributed Denial Of Service AttacksDDoS Attack DescriptionConstructing the Attack NetworkDDoS Countermeasures21.6 Recommended Reading And Web Sites21.7 Key Terms, Review Questions, And Problems21-1M22_STAL7044_05_SE_C21.QXD 12/3/09 12:14 PM Page 21-121-2 CHAPTER 21 / MALICIOUS SOFTWAREWhat is the concept of defense: The parrying of a blow. What is its characteristicfeature: Awaiting the blow.—On War, Carl Von ClausewitzKEY POINTS◆ Malicious software is software that is intentionally included or inserted ina system for a harmful purpose.◆ A virus is a piece of software that can “infect” other programs by modify-ing them; the modification includes a copy of the virus program, which canthen go on to infect other programs.◆ A worm is a program that can replicate itself and send copies from com-puter to computer across network connections. Upon arrival, the wormmay be activated to replicate and propagate again. In addition to propaga-tion, the worm usually performs some unwanted function.◆ A denial of service (DoS) attack is an attempt to prevent legitimate usersof a service from using that service.◆ A distributed denial of service attack is launched from multiple coordinatedsources.Perhaps the most sophisticated types of threats to computer systems are presented byprograms that exploit vulnerabilities in computing systems. Such threats are referred toas malicious software, or malware. In this context, we are concerned with threats toapplication programs as well as utility programs, such as editors and compilers, andkernel-level programs.This chapter examines malicious software, with a special emphasis on virusesand worms. The chapter begins with a survey of various types of malware, with amore detailed look at the nature of viruses and worms. We then turn to distributeddenial-of-service attacks. Throughout, the discussion presents both threats andcountermeasures.21.1 TYPES OF MALICIOUS SOFTWAREThe terminology in this area presents problems because of a lack of universal agree-ment on all of the terms and because some of the categories overlap. Table 21.1 is auseful guide.Malicious software can be divided into two categories: those that need a hostprogram, and those that are independent. The former, referred to as parasitic, areessentially fragments of programs that cannot exist independently of someactual application program, utility, or system program. Viruses, logic bombs,M22_STAL7044_05_SE_C21.QXD 12/3/09 12:14 PM Page 21-221.1 / TYPES OF MALICIOUS SOFTWARE 21-3Table 21.1 Terminology of Malicious ProgramsName DescriptionVirusMalware that, when executed, tries to replicate itself into other executable code; when itsucceeds the code is said to be infected. When the infected code is executed, the virus alsoexecutes.Worm A computer program that can run independently and can propagate a complete workingversion of itself onto other hosts on a network.Logic bomb A program inserted into software by an intruder.A logic bomb lies dormant until a prede-fined condition is met; the program then triggers an unauthorized act.Trojan horse A computer program that appears to have a useful function, but also has a hidden andpotentially malicious function that evades security mechanisms, sometimes by exploitinglegitimate authorizations of a system entity that invokes the Trojan horse program.Backdoor (trapdoor)Any mechanism that bypasses a normal security check; it may allow unauthorized accessto functionality.Mobile code Software (e.g., script, macro, or other portable instruction) that can be shipped unchangedto a heterogeneous collection of platforms and execute with identical semantics.Exploits Code specific to a single vulnerability or set of vulnerabilities.Downloaders Program that installs other items on a machine that is under attack. Usually, a downloaderis sent in an e-mail.Auto-rooter Malicious hacker tools used to break into new machines remotely.Kit (virus generator)Set of tools for generating new viruses automatically.SpammerprogramsUsed to send large volumes of unwanted e-mail.Flooders Used to attack networked computer systems with a large volume of traffic to carry out adenial-of-service (DoS) attack.Keyloggers Captures keystrokes on a compromised system.Rootkit Set of hacker tools used after attacker has broken into a computer system and gainedroot-level access.Zombie, bot Program activated on an infected machine that is activated to launch attacks on othermachines.Spyware Software that collects information from a computer and transmits it to another system.Adware Advertising that is integrated into software. It can result in pop-up ads or redirection of abrowser to a commercial site.and backdoors are examples. Independent malware is a self-contained programthat can be scheduled and run by the operating system. Worms and bot programsare examples.We can also differentiate between those software threats that do not repli-cate and those that do. The former are programs or fragments of programs thatare activated by a trigger. Examples are logic bombs, backdoors, and bot pro-grams. The latter consist of either a program fragment or an independentprogram that, when executed, may produce one or more copies of itself to beM22_STAL7044_05_SE_C21.QXD 12/3/09 12:14 PM Page 21-321-4 CHAPTER 21 / MALICIOUS SOFTWAREactivated later on the same system or some other system. Viruses and worms areexamples.In the remainder of this section, we briefly survey some of the key categoriesof malicious software, deferring discussion on the key topics of viruses and wormsuntil the following sections.BackdoorA backdoor, also known as a trapdoor, is a secret entry point into a program thatallows someone who is aware of the backdoor to gain access without going throughthe usual security access procedures. Programmers have used backdoors legiti-mately for many years to debug and test programs; such a backdoor is called amaintenance hook. This usually is done when the programmer is developing anapplication that has an authentication procedure, or

View Full Document
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...

Join to view MALICIOUS SOFTWARE and access 3M+ class-specific study document.

We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view MALICIOUS SOFTWARE 2 2 and access 3M+ class-specific study document.


By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?