Malicious Software

Malware

& Their Countermeasures

Malware
Malware,

short for malicious software

Software used to disrupt computer operation
Gather sensitive information
Gain access to private computer systems

Malicious Software
Divided

Those that need a host program

into two main categories.

Viruses, logic bombs and backdoor

Can not exist independently

Those that are independent

Worms & Zombies are examples

Self contained programs

VIRUS
A

computer virus attaches itself to a file

Spread from one computer to another
Leaving infections as it travels.

Backdoor
Program

modification that allows

unauthorized access to functionality

Secret

entry point into a program

Logic Bomb
Triggers

action when
condition occur

Trojan Horse
A

Trojan is a useful or
apparently useful.

Program

codes

When

containing hidden

invoked perform some

harmful function.

Virus Phases
Dormant
waiting on trigger event
Propagation
Each infected program will
now contain a clone of the
virus.
Triggering
The virus is activated.
Execution
The function is performed.

Virus Structure
program V :=
{goto main;
1234567;
subroutine infect-executable :=
{loop:
file := get-random-executable-file;
if (first-line-of-file = 1234567) then goto
loop
else prepend V to file; }
subroutine do-damage := {whatever
damage is to be done}
subroutine trigger-pulled := {return true
if condition holds}
main: main-program :=
{infectexecutable;
if trigger-pulled then do-damage;
goto next;}
next:
}

Types of Viruses (by attacking behaviour)

Parasitic virus
It attaches itself to executable files
and replicates.

. Memory-resident virus
Resides in memory.
This virus infects every program that
executes

Boot sector virus

Infects a master boot record
Spread when a system in booted

Types of Viruses (by attacking behaviour)

Polymorphic

virus
Mutates with every infection
Making detection impossible

Email Virus
Spread

using email with attachment

Triggered

when user
opens attachment

Worms
Replicating

(sending copies) but not

infecting program

typically
Lack

spreads over a network

of security of permanently
connected PC's

Virus Countermeasures

ANTI-VIRUS

VIRUS

When Antivirus Arrives,

Malware have to go

Virus Countermeasures
Best

countermeasure is prevention
But in general not possible
hence need to do one or more of:

Detection

Identification

Locate the virus inside the system.

Once detection, identify the specific virus.

Removal

Once identified, remove all traces of the virus.

What happens if
Two

Antivirus Software run simultaneously on

a system?
Their policies will collide with each other

Digital immune system

Any

virus entering org is captured,

analyzed, detected & removed

Digital Immune System

ALWAYS UPDATE THE

ANTIVIRUS TO KEEP AWAY
FROM MALWARE