Program Threats

21
Program Threats Virus & logic bomb Prepared and presented by : Medhat Dawoud 06/07/2022 1

description

 

Transcript of Program Threats

Page 1: Program Threats

04/10/2023 1

Program ThreatsVirus & logic bomb

Prepared and presented by :Medhat Dawoud

Page 2: Program Threats

04/10/2023 2

Program threats

Trojan horse

Trap doorWorms

Logic Bomb

Stack and Buffer overflow

Virus

Page 3: Program Threats

04/10/2023 3

Logic Bomb

• Program that initiates a security incident under certain circumstances.

• Known by the Mentor Programmers (or any other one want to be professional in IT world).

Page 4: Program Threats

04/10/2023 4

VirusCode fragment embedded in legitimate

program.How do viruses work ?Very specific to CPU architecture,

operating system, applications.Usually borne via email or as a macro.

Page 5: Program Threats

04/10/2023 5

Virus Con.

• "payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.

• Virus dropper inserts virus onto the system.• virus signature is a pattern (a series of bytes)

that can be used to identify the virus .

Page 6: Program Threats

04/10/2023 6

Virus Categories

– File– Boot– Macro– Source code– Polymorphic

– Encrypted– Stealth– Tunneling– Multipartite– Armored

Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more

categories:

Page 7: Program Threats

04/10/2023 7

File

• Append itself to a file.• Change the start of the program to its

code.• Known as parasitic viruses.• usually with

extensions .BIN, .COM, .EXE, .OVL, .DRV.

Page 8: Program Threats

04/10/2023 8

Boot

• The boot sector carries the Mater Boot Record (MBR) which read and load the operating system.

• Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.

• Executed every time the system is booting.• Known as memory viruses.

Page 9: Program Threats

04/10/2023 9

Page 10: Program Threats

04/10/2023 10

Example for :Wreak havoc

Page 11: Program Threats

04/10/2023 11

Macro

• Written in a high-level language.• macros start automatically when a

document is opened or closed (word – Excel).

• can be spread through e-mail attachments, discs, networks, modems, and the Internet.

Page 12: Program Threats

04/10/2023 12

Antivirus withMillions $$

Viruses for

free

Page 13: Program Threats

04/10/2023 13

Source code

• Looks for a source code and modifies it to include the virus and to help spread the virus.

Page 14: Program Threats

04/10/2023 14

Page 15: Program Threats

04/10/2023 15

Polymorphic• Change virus’s signature each time.• It’s designed to avoid detection by

antivirus software.• A polymorphic virus acts like a

chameleon.

Page 16: Program Threats

04/10/2023 16

Encrypted

• Encrypted virus to avoid detection.• It has a decryption code along with the

encrypted virus.

Page 17: Program Threats

04/10/2023 17

Stealth

• It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it.

• in fact, the first computer virus, was a stealth virus

Page 18: Program Threats

04/10/2023 18

Tunneling

• Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection.

• Try to intercept the actions before the anti-virus software can detect the malicious code.

Page 19: Program Threats

04/10/2023 19

Multipartite

• Infect multiple parts of the system.• Including boot sector, memory, and

files.• So it’s difficult to be detected by the

antivirus scanner.

Page 20: Program Threats

Armored

• The most dangerous type.• The virus may use methods to make tracing,

disassembling, and reverse engineering its code more difficult.

• Virus droppers and other full files which are part of a virus infestation are hidden.

Page 21: Program Threats

04/10/2023 21

ANY QUESTIONS ?