Upload
medhat-dawoud
View
3.380
Download
1
Tags:
Embed Size (px)
DESCRIPTION
My session @ operating systems lecture
Citation preview
04/12/2023 1
Program ThreatsVirus & logic bomb
Prepared and presented by :Medhat Dawoud
04/12/2023 2
Program threats
Trojan horse
Trap doorWorms
Logic Bomb
Stack and Buffer overflow
Virus
04/12/2023 3
Logic Bomb
• Program that initiates a security incident under certain circumstances.
• Known by the Mentor Programmers (or any other one want to be professional in IT world).
04/12/2023 4
VirusCode fragment embedded in legitimate
program.How do viruses work ?Very specific to CPU architecture,
operating system, applications.Usually borne via email or as a macro.
04/12/2023 5
Virus Con.
• "payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.
• Virus dropper inserts virus onto the system.• virus signature is a pattern (a series of bytes)
that can be used to identify the virus .
04/12/2023 6
Virus Categories
– File– Boot– Macro– Source code– Polymorphic
– Encrypted– Stealth– Tunneling– Multipartite– Armored
Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more
categories:
04/12/2023 7
File
• Append itself to a file.• Change the start of the program to its
code.• Known as parasitic viruses.• usually with
extensions .BIN, .COM, .EXE, .OVL, .DRV.
04/12/2023 8
Boot
• The boot sector carries the Mater Boot Record (MBR) which read and load the operating system.
• Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.
• Executed every time the system is booting.• Known as memory viruses.
04/12/2023 9
04/12/2023 10
Example for :Wreak havoc
04/12/2023 11
Macro
• Written in a high-level language.• macros start automatically when a
document is opened or closed (word – Excel).
• can be spread through e-mail attachments, discs, networks, modems, and the Internet.
04/12/2023 12
Antivirus withMillions $$
Viruses for
free
04/12/2023 13
Source code
• Looks for a source code and modifies it to include the virus and to help spread the virus.
04/12/2023 14
04/12/2023 15
Polymorphic• Change virus’s signature each time.• It’s designed to avoid detection by
antivirus software.• A polymorphic virus acts like a
chameleon.
04/12/2023 16
Encrypted
• Encrypted virus to avoid detection.• It has a decryption code along with the
encrypted virus.
04/12/2023 17
Stealth
• It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it.
• in fact, the first computer virus, was a stealth virus
04/12/2023 18
Tunneling
• Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection.
• Try to intercept the actions before the anti-virus software can detect the malicious code.
04/12/2023 19
Multipartite
• Infect multiple parts of the system.• Including boot sector, memory, and
files.• So it’s difficult to be detected by the
antivirus scanner.
Armored
• The most dangerous type.• The virus may use methods to make tracing,
disassembling, and reverse engineering its code more difficult.
• Virus droppers and other full files which are part of a virus infestation are hidden.
04/12/2023 21
ANY QUESTIONS ?