Berkeley COMPSCI 161 - Malware: Viruses (19 pages)

Previewing pages 1, 2, 3, 4, 5, 6 of 19 page document View the full content.
View Full Document

Malware: Viruses



Previewing pages 1, 2, 3, 4, 5, 6 of actual document.

View the full content.
View Full Document
View Full Document

Malware: Viruses

86 views


Pages:
19
School:
University of California, Berkeley
Course:
Compsci 161 - Computer Security
Computer Security Documents

Unformatted text preview:

Malware Viruses CS 161 Computer Security Profs Vern Paxson David Wagner TAs John Bethencourt Erika Chin Matthew Finifter Cynthia Sturton Joel Weinberger http inst eecs berkeley edu cs161 April 12 2010 The Problem of Viruses Virus code that replicates Instances opportunistically create new addl instances Goal of replication install code on additional systems Opportunistic code will eventually execute Generally due to user action Running an app booting their system opening an attachment Separate notions for a virus how it propagates vs what else it does when executed payload General infection strategy find some code lying around alter it to include the virus Have been around for decades resulting arms race has heavily influenced evolution of modern malware Original program instructions can be Entry point Original Program Instructions Virus Entry point Application the user runs Original Program Instructions 2 JMP Virus Original Program Instructions Disk blocks used to boot OS Autorun file on USB device 3 JMP 1 Entry point Run time library routines resident in memory Many variants are possible and of course can combine techniques Propagation When virus runs it looks for an opportunity to infect additional systems One approach look for USB attached thumb drive alter any executables it holds to include the virus Strategy if drive later attached to another system altered executable runs it locates and infects executables on new system s hard drive Or when user sends email w attachment virus alters attachment to add a copy of itself Works for attachment types that include programmability E g Word documents macros PDFs Javascript Virus can also send out such email proactively using user s address book enticing subject I Love You Payload Besides propagating what else can the virus do when executing Pretty much anything Payload is decoupled from propagation Only subject to permissions under which it runs Examples Brag or exhort pop up a message Trash files just to be nasty



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Malware: Viruses and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Malware: Viruses and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?