Program threats
-
Upload
medhat-dawoud -
Category
Technology
-
view
3.378 -
download
1
description
Transcript of Program threats
![Page 1: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/1.jpg)
04/12/2023 1
Program ThreatsVirus & logic bomb
Prepared and presented by :Medhat Dawoud
![Page 2: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/2.jpg)
04/12/2023 2
Program threats
Trojan horse
Trap doorWorms
Logic Bomb
Stack and Buffer overflow
Virus
![Page 3: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/3.jpg)
04/12/2023 3
Logic Bomb
• Program that initiates a security incident under certain circumstances.
• Known by the Mentor Programmers (or any other one want to be professional in IT world).
![Page 4: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/4.jpg)
04/12/2023 4
VirusCode fragment embedded in legitimate
program.How do viruses work ?Very specific to CPU architecture,
operating system, applications.Usually borne via email or as a macro.
![Page 5: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/5.jpg)
04/12/2023 5
Virus Con.
• "payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.
• Virus dropper inserts virus onto the system.• virus signature is a pattern (a series of bytes)
that can be used to identify the virus .
![Page 6: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/6.jpg)
04/12/2023 6
Virus Categories
– File– Boot– Macro– Source code– Polymorphic
– Encrypted– Stealth– Tunneling– Multipartite– Armored
Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more
categories:
![Page 7: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/7.jpg)
04/12/2023 7
File
• Append itself to a file.• Change the start of the program to its
code.• Known as parasitic viruses.• usually with
extensions .BIN, .COM, .EXE, .OVL, .DRV.
![Page 8: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/8.jpg)
04/12/2023 8
Boot
• The boot sector carries the Mater Boot Record (MBR) which read and load the operating system.
• Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.
• Executed every time the system is booting.• Known as memory viruses.
![Page 9: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/9.jpg)
04/12/2023 9
![Page 10: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/10.jpg)
04/12/2023 10
Example for :Wreak havoc
![Page 11: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/11.jpg)
04/12/2023 11
Macro
• Written in a high-level language.• macros start automatically when a
document is opened or closed (word – Excel).
• can be spread through e-mail attachments, discs, networks, modems, and the Internet.
![Page 12: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/12.jpg)
04/12/2023 12
Antivirus withMillions $$
Viruses for
free
![Page 13: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/13.jpg)
04/12/2023 13
Source code
• Looks for a source code and modifies it to include the virus and to help spread the virus.
![Page 14: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/14.jpg)
04/12/2023 14
![Page 15: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/15.jpg)
04/12/2023 15
Polymorphic• Change virus’s signature each time.• It’s designed to avoid detection by
antivirus software.• A polymorphic virus acts like a
chameleon.
![Page 16: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/16.jpg)
04/12/2023 16
Encrypted
• Encrypted virus to avoid detection.• It has a decryption code along with the
encrypted virus.
![Page 17: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/17.jpg)
04/12/2023 17
Stealth
• It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it.
• in fact, the first computer virus, was a stealth virus
![Page 18: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/18.jpg)
04/12/2023 18
Tunneling
• Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection.
• Try to intercept the actions before the anti-virus software can detect the malicious code.
![Page 19: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/19.jpg)
04/12/2023 19
Multipartite
• Infect multiple parts of the system.• Including boot sector, memory, and
files.• So it’s difficult to be detected by the
antivirus scanner.
![Page 20: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/20.jpg)
Armored
• The most dangerous type.• The virus may use methods to make tracing,
disassembling, and reverse engineering its code more difficult.
• Virus droppers and other full files which are part of a virus infestation are hidden.
![Page 21: Program threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555a6720d8b42a972b8b48b0/html5/thumbnails/21.jpg)
04/12/2023 21
ANY QUESTIONS ?