1 / 42

"Trojan Horses and Other Malicious Codes"

"Trojan Horses and Other Malicious Codes". by Song Chung and Adrianna Leszczynska. Examples of Malicious Codes. Trojan Horses Viruses Worms Logic Bombs - Time Bombs. What are Trojan horses ?.

ajaxe
Download Presentation

"Trojan Horses and Other Malicious Codes"

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. "Trojan Horses and Other Malicious Codes" by Song Chung and Adrianna Leszczynska

  2. Examples of Malicious Codes • Trojan Horses • Viruses • Worms • Logic Bombs - Time Bombs

  3. What are Trojan horses ? • Trojan Horses are a relatively new and probably the most dangerous strain of viruses that have appeared in recent times • They also threaten to overwhelm systems that only run anti-virus applications and firewalls as a means of combating the threat

  4. Trojan Horse History Brief • The name "Trojan Horse" derives itself from a page in Greek history when the Greeks had lain siege to the fortified city of Troy for over ten years. Their spy, a Greek called Sinon offered the Trojans a gift in the form of a wooden horse and convinced them that by accepting it, they would become invincible.

  5. History Brief (cont.) • The horse though was hollow and was occupied by a contingent of Greek soldiers. When they emerged in the dead of night and opened the city gates, the Greeks swarmed in, slaughtered its citizens and subsequently pillaged, burned and laid waste to the city

  6. In IT Environment • Trojan Horse acts as a means of entering the victim’s computer undetected and then allowing a remote user unrestricted access to any data stored on the user's hard disk drive whenever he or she goes online • In this way, the user gets burned and like the unfortunate citizens of Troy, may only discover that fact when it is too late.

  7. Examples of Trojan Horses • “Picture.exe” • “RIDBO” • “FIX2001“ • “AOL4FREE“

  8. Origin of Trojan horses • These types of viruses were originally designed as a means of self expression by gifted programmers and did little more than to cause the system to lock up, behave abnormally in a specific way or perhaps cause loss of data on the user’s machine

  9. Objectives of the Horse • allow a remote user a means gaining access to a victim's machine without their knowledge • Allows the intruder can do anything with the machine that the user can do • browse the user's hard drive in order to determine if there is anything of value stored on it

  10. Objectives ( cont.) • things of value are such as valuable research papers, credit card details or passwords to restricted web sites • If anything of value is found, then the intruder can copy the data to his own hard drive in exactly the same way that the user can copy a file to a floppy disk • cause havoc to the system by deleting (system) files, erasing valuable data or ultimately destroying the hard drive

  11. Can Passwords Provide Protection? • Passwords offer no protection at all because today's Trojans are capable of recording the victim’s keystrokes and then transmitting the information back to the intruder • Those passwords can subsequently be deciphered by the Trojan and even changed in order to prevent the user getting access to his own files!

  12. How does a Trojan Affect Your Computer? • In order to gain access to a user’s computer, the victim has to be induced to install the Trojan himself • The usual method is to offer a seemingly useful system enhancement or perhaps a free game that has the Trojan attached to it • By installing it, the user also installs the Trojan

  13. Common Sources • Executing any files from suspicious or unknown sources • Opening an email attachment from an unknown source • Allowing a "friend" access to your computer while you are away • By executing files received from any online activity client such as ICQ

  14. Main Parts of a Trojan • Virtually every Trojan virus is comprised of two main parts: • the "server" • the "client” It is the server part that infects a user’s system

  15. What Problems can Trojans Cause? • The server part is the part of the program that infects a victim's computer • The client part is the one that allows a hacker to manipulate data on the infected machine • Let's suppose that you have already been infected. How do intruders attack and get a full control of your computer?

  16. Problems (cont.) • Intruders scan the Internet for an infected user (technically speaking, an attacker sends request packets to all users of a specific Internet provider) using the client part of the virus • Once an infected computer has been found (the server part of the virus that is located on infected machine replies to client part's request) • the attacker connects to that user's computer and creates a "link" between the two just like the one in an ordinary telephone conversation

  17. Problems (cont.) • Once that has happened (this procedure may only take a few seconds), the intruder will be able to get unrestricted access to the user's computer and can do anything he likes with it • The intruder becomes the master and the user the slave because short of disconnecting from the Internet, the user is helpless and has no means at his disposal to ward off an attack • Intruders can monitor, administer and perform any action on your machine just as if they were sitting right in front of it

  18. Analogy of a Trojan Horse • A Trojan Horse works a bit like the backdoor to your house. If you leave it unlocked, anybody can come in and take whatever they want while you're not looking • The main difference with a backdoor installed on your computer is that anybody can come in and steal your data, delete your files or format your hard drive even if you are looking • There are no visible outward signs that anything untoward is happening other than perhaps unusual hard disk activity for no apparent reason

  19. How do you protect yourself from a Trojan Horse ? • You can try manual deletion, however, they are both time-consuming and monotonous. In addition, the user can never be absolutely certain that he has covered every option. • Even if he is successful in removing the Trojan from his system, he may unwittingly reinstall it with the very next command he enters

  20. How to Protect? (cont. ) • There’s many trojan horse protection programs available for download which perform various tasks • An example of an program is Tauscan, it is a universal Trojan Horse scanner that detects and removes practically every type of Trojan virus that may have infected your system • Another example is Jammer, it is a network analyser designed primarily to warn you if your system is under attack, but it also has a secondary feature. That is to remove all known versions of Back Orifice and Netbus from your system if detected

  21. Other Forms of Malicious Codes • Viruses • Worms • Logic Bombs • Time Bombs

  22. What is a virus? • A virus is a type of malicious code that will attach itself to a file and then replicate in order to spread to other files. • A virus is usually attached to an executable file so that it will spread rapidly. • Viruses are restricted to personal computers.

  23. Characteristics of a virus • replication • requires a host program • activated by an external action • replication limited to one system

  24. Virus History • Viruses are increasing at a fast rate • 1986 – 1 known virus • 1989 – 6 known viruses • 1990 – 80 known viruses • Today – between 10-15 new viruses discovered every day. • Between 1998 and 1999 total virus count increased from 20,500 to 42,000.

  25. Virus Examples • “W32/Vote@MM” - spread via email with an attachment WTC.EXE. Email includes Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM !" and asks to vote about the war issue by opening the WTC.EXE attachment. • “W97/Prilissa” - 10 Fortune 500 companies on three continents have been hit with this virus

  26. A worm is a program that replicates itself and causes execution of new copies of itself. A worm enters an Internet host computer and mails itself to other hosts. The purpose of a worm attack is to fill storage space and slow down operations Worms

  27. Characteristics of Worms • replication • must be self-contained; does not require a host • needs a multi-tasking system

  28. Examples of worms • “I Love You” – aka LoveLetter or LoveBug, sends itself to everyone in the Microsoft Outlook address • “W32/Navidad” - spread using Outlook email. Usually sent from a familiar source, including an attachment NAVIDAD.EXE. The virus affects the system tray and will attach itself to other messages.

  29. “I Love You” Worm 1. Open email attachment “LOVE-LETTER-FOR-YOU.TXT.VBS” 2. The virus scans for certain files, replaces the content of these files with virus code, and adds extention .vbs to the end of files. 3. Virus sends itself to everyone in the Outlook address book 4. Infected files cannot be retrieved and must be restored by a backup copy.

  30. Difference Between Worms and Viruses • A worm is similar to a virus but does not need to attach itself to an executable file to replicate itself. • Also, unlike a virus, it attacks only multi-user systems.

  31. Logic bombs are malicious codes that cause some destructive activity when a specified condition is met Unlike viruses, logic bombs do their damage right away, then stop. Logic Bomb

  32. What can trigger a logic bomb? • The trigger can be a specific date • Number of times the program is executed • A random number • Or a predefined event such as a deletion of a certain record.

  33. Damage by Logic Bombs • The damage done by logic bombs can range from changing a random byte of data somewhere on the disk to making the entire disk unreadable.

  34. A time bomb is a logic bomb but unlike a logic bomb it may exist in the system for weeks or even months before it is detected. The damage is not caused, until a specified date or until the system has been booted a certain number of times. Time Bomb

  35. Examples of Time Bombs • "Friday the 13th" - 1980s, it duplicated itself every Friday the 13th, caused system slowdown and corrupted all available disks • “Michelangelo “ - 1990s, tried to damage hard disk directories • “Win32.Kriz.3862” - written in 1999, damage included overwriting of data on all data storage units

  36. Virus Preventions Tactics • Install a virus scanner • Update it often • Program it to run automatically • Examples of virus scanners include: • VirusScan • AntiVirus • F-Prot

  37. Virus Preventions Tactics Cont. • Do not run unknown programs from the Internet • Don’t open unknown mail attachments • If an unknown mail attachment is received delete it immediately

  38. Virus Symptoms • Virus scanner detects a virus • Programs stop working as expected • Computer crashes more frequently • Unknown files appear • Disk space gets smaller for no reason

  39. What if a virus is detected? • On a network system: - contact the network administrator • On a personal computer: - Use the disinfect function of the virus detection software, so it can try to restore the program to it’s original state - Erase the infected program and reinstall from the original disk after virus scan confirms that no viruses have been found

  40. Conclusion • 5 types of malicious codes: - Trojan Horses - Viruses - Worm - Logic–Time Bombs Destructive codes hidden inside other programs Both replicate and attach themselves to files, but unlike viruses, worms attack multi-user systems Set-off when a specified condition is met

  41. References http://www.agnitum.com/products/tauscan/ http://www.cyberangels.org/hacking/trojan.html http://ksi.cpsc.ucalgary.ca/courses/547-96/cochrane/present/#LINK1 http://www.mpip-mainz.mpg.de/~bluemler/extra/teaching/virus.pdf http://www.google.com/url?sa=U&start=2&q=http://getvirushelp.com/iloveyou/&e=7249 http://csrc.nist.gov/publications/nistir/threats/section3_3.html

  42. Questions? ? ? ? ? ? ? ? ? ? ? ?

More Related