DOC PREVIEW
Princeton COS 116 - Viruses, Worms, Zombies, and other Beasties

This preview shows page 1-2-17-18-19-35-36 out of 36 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Viruses, Worms, Zombies, and other BeastiesEncrypted vs. SecureEncrypted ≠ SecureBreaking into a ComputerWhat’s at Stake?Main themes of today’s lectureBreaking into a ComputerTrojan HorsesBuffer Overflow AttacksViruses and WormsComputer VirusesEmail VirusesThe Melissa Virus (1999)Combating VirusesComputer WormsThe Morris Worm (1988)The Slammer Worm (2003)Can We Stop Worms?BotnetsZombiesReason 1: DDOS AttacksReason 2: Sending SpamOther Attacks…Spyware/AdwareSpoofing AttacksAttackers are AdaptiveCan we stop computer crime?Protecting Your ComputerKeep Software Up-to-DateUse Safe Software to Go OnlineAnti-virus / Anti-spyware ScansAdd an External FirewallBack Up Your DataLearn Online “Street Smarts”Viruses, Worms, Zombies, and other BeastiesCOS 1164/25/2006Guest Lecturer: Alex HaldermanEncrypted vs. SecureEncryption strongly protects data en routeBut attackers will choose weaker targetsYou Amazon.comEncrypted ≠ SecureBreak into your computer and “sniff”keystrokes as you typeYou Amazon.comBreaking into a ComputerWhat does it mean?How is it done?Can we prevent it?What’s at Stake?Kinds of damage caused by insecurity Data erased, corrupted, or held hostage Valuable information stolen(credit card numbers, trade secrets, etc.) Services made unavailable (email and web site outages, lost business)Main themes of today’s lectureComputer security is about much more than viruses and wormsThe current state of Internet security is like the Wild West: weak or nonexistent policing means citizens have to protect themselvesThere is no magic bullet against cyber crime, but following good security practices can help you stay safeBreaking into a ComputerWhat? Run unauthorized codeHow? Trick the user into running bad software Exploit software bugs to run bad software without the user’s helpTrojan HorsesCoolScreenSaver.exe1 2 6 0 0Buffer Overflow AttacksSpace reserved for email subjectReturn addressMemory100000From: COS 116 StaffSubject: Welcome Students!… W e l c o m e S t u d e n t s ! 1 2 6 0 0… < e v i l c o d e . . . . . . . . . . 1>.. 0 0 0 0From: Bad GuySubject: <evil code . . . . . . . . . . . . . . . . . >100000.Buffer overflow bug: Forget to check whether input is too big to fit in memoryViruses and WormsAutomated ways of breaking in;Use self-replicating programsComputer VirusesSelf-replicating programs that spread by infecting other programs or data filesPayloadCool Screen SaverMust fool users into opening the infected fileNotepad Solitaire PaintPayloadPayloadPayloadEmail Viruses Infected program, screen saver, or Word document launches virus when opened Use social engineering to entice you to open the virus attachment Self-spreading: after you open it, automatically emails copies to everyone in your address bookThe Melissa Virus (1999) Social engineering: Email says attachment contains porn site passwords Self-spreading: Random 50 people from address book Traffic forced shutdown of many email servers $80 million damage 20 months and $5000 fineDavid L. SmithCombating VirusesConstant battle between attackers and defendersExample:  Anti-virus software looks for “signatures” of known Attacker response: Polymorphic viruses – change their code when they reproduce to make detection harder Anti-virus software adapts to find some kinds of polymorphism But an infinite number of ways to permute viruses are available to attackersPayloadComputer WormsSelf-replicating programs like viruses, except exploit security holes to spread on their own without human interventionPayloadPayloadPayloadPayloadPayloadPayloadThe Morris Worm (1988) First Internet worm Created by student at Cornell Exploited holes in email servers, other programs Infected ~10% of the net Spawned multiple copies, crippling infected servers Sentenced to 3 years probation, $10,000 fine, 400 hours community serviceRobert Tappan MorrisThe Slammer Worm (2003) Fastest spreading worm to date Only 376 bytes—Exploited buffer overflow in Microsoft database server products Spread by sending infection packets to random servers as fast as possible, hundreds per second Infected 90% of vulnerable systems within 10 minutes! 200,000 servers No destructive payload, but packet volume shut down large portions of the Internet for hours 911 systems, airlines, ATMs — $1 billion damage! Patch already available months before, not widely installedCan We Stop Worms?Spread of the Slammer wormWhy do people write worms and viruses?Botnets Virus/worm payload:Install bot program on target computer Bot makes target a zombie, remotely controlled by attacker Many zombies harnessed into armies called botnets – sometimes 100,000s of PCsBotZombiesBot program runs silently in the background, awaiting instructions from the attackerAttacker’sProgramWhy go to the trouble of creating a botnet?“Distributed Denial of Service”Objective: Overwhelm target site with trafficReason 1: DDOS Attacks“Attack www.store.com”Messages are hard to filter because there are thousands of sendersReason 2: Sending Spam“Forward this message:Subject: Viagra!…”Other Attacks…Spyware/Adware Hidden but not self-replicating Tracks web activity for marketing, shows popup ads, etc. Usually written by businesses: Legal gray areaSpoofing AttacksYouAmaz0n.comAttacker impersonates the merchant (“spoofing”)Your data is encrypted……all the way to the bad guy!Amaz0n.com’s keyAttackers are AdaptiveDefenders must continually adapt to keep upCan we stop computer crime?Probably not! Wild West nature of the Internet Software will always have bugs  Rapid exponential spread of attacksBut we can take steps to reduce risks…Protecting Your ComputerSix easy things you can do… Keep your software up-to-date Use safe programs to surf the ‘net Run anti-virus and anti-spyware regularly Add an external firewall Back up your data Learn to be “street smart” onlineKeep Software Up-to-DateUse Safe Software to Go OnlineFirefox(web browser)Thunderbird(email)Anti-virus / Anti-spyware ScansSymantec Antivirus(Free from OIT)Spybot Search & Destroy(Free download)Add an External FirewallProvides layered security(think: castle walls, moat)Back Up Your DataTivoli Storage Manager(Free from OIT)Learn Online “Street Smarts” Be aware of your surroundings Is the web site being spoofed? Don’t accept candy from strangers How do


View Full Document

Princeton COS 116 - Viruses, Worms, Zombies, and other Beasties

Documents in this Course
Lecture 5

Lecture 5

15 pages

lecture 7

lecture 7

22 pages

Lecture

Lecture

32 pages

Lecture

Lecture

16 pages

Midterm

Midterm

2 pages

Lecture

Lecture

23 pages

Lecture

Lecture

21 pages

Lecture

Lecture

24 pages

Lecture

Lecture

22 pages

Lecture

Lecture

28 pages

Lecture

Lecture

21 pages

Lecture

Lecture

50 pages

Lecture

Lecture

19 pages

Lecture

Lecture

28 pages

Lecture

Lecture

32 pages

Lecture

Lecture

23 pages

Lecture

Lecture

21 pages

Lecture

Lecture

19 pages

Lecture

Lecture

22 pages

Lecture

Lecture

21 pages

Logic

Logic

20 pages

Lab 7

Lab 7

9 pages

Lecture

Lecture

25 pages

Lecture 2

Lecture 2

25 pages

lecture 8

lecture 8

19 pages

Midterm

Midterm

5 pages

Lecture

Lecture

26 pages

Lecture

Lecture

29 pages

Lecture

Lecture

40 pages

Lecture 3

Lecture 3

37 pages

lecture 3

lecture 3

23 pages

lecture 3

lecture 3

20 pages

Lecture

Lecture

21 pages

Lecture

Lecture

24 pages

Lecture

Lecture

19 pages

Load more
Download Viruses, Worms, Zombies, and other Beasties
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Viruses, Worms, Zombies, and other Beasties and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Viruses, Worms, Zombies, and other Beasties 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?