1 / 50

Chapter 2

Chapter 2. Viruses, Worms, and Malicious Software. Learning Objectives. Explain how viruses, worms, and Trojan horses spread Discuss typical forms of malicious software and understand how they work

tanner
Download Presentation

Chapter 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 2 Viruses, Worms, and Malicious Software

  2. Learning Objectives • Explain how viruses, worms, and Trojan horses spread • Discuss typical forms of malicious software and understand how they work • Use techniques to protect operating systems from malicious software and to recover from an attack Guide to Operating System Security

  3. Viruses, Worms, and Trojan Horses • Different forms of malicious software (malware) • Intended to • Cause distress to a user • Damage files or systems • Disrupt normal computer and network functions Guide to Operating System Security

  4. Viruses • Programs borne by a disk or a file that has the ability to replicate • Typically affect • Executable program • Script or macro • Boot or partition sector of a drive Guide to Operating System Security

  5. How Viruses Spread • Transported from one medium or system to another • Replicated throughout a system (eg, W32.Pinfi) Guide to Operating System Security

  6. Virus Classification (Continued) • How they infect systems • Boot or partition sector • File infector • Macro • Multipartite Guide to Operating System Security

  7. Virus Classification (Continued) • How they protect themselves from detection or from a virus scanner • Armored • Polymorphic • Stealth • Companion • Benign or destructive Guide to Operating System Security

  8. Worms • Programs that replicate on the same computer or send themselves to many other computers • Can open a back door Guide to Operating System Security

  9. How Worms Spread • Buffer overflow (eg, Code Red and CodeRed II) • Port scanning or port flooding • Compromised passwords Guide to Operating System Security

  10. Trojan Horses and How They Spread • Programs that at first appear useful, but can cause damage or provide a back door • Examples • Backdoor.Egghead • AOL4FREE • Simpsons AppleScript Virus Guide to Operating System Security

  11. Locations for Viruses, Worms, and Trojan Horses (Continued) Guide to Operating System Security

  12. Locations for Viruses, Worms, and Trojan Horses (Continued) Guide to Operating System Security

  13. Locations for Viruses, Worms, and Trojan Horses (Continued) Guide to Operating System Security

  14. Location for a UNIX/Linux System Guide to Operating System Security

  15. Location for a Windows XP System Guide to Operating System Security

  16. Typical Methods Used by Malicious Software • Executable methods • Boot and partitions sector methods • Macro methods • E-mail methods • Software exploitation • Spyware Guide to Operating System Security

  17. Executable Methods • Files that contain lines of computer code that can be run • Examples: .exe, .com, .bat, .bin, .btm, .cgi, .pl, .cmd, .msi • Can infect source or execution code of a program Guide to Operating System Security

  18. Boot and Partition Sector Methods • Particularly affect Windows and UNIX systems • Typically infect/replace instructions in MBR or Partition Boot Sector • Can corrupt address of primary partition • May move boot sector to another location if size of virus exceeds space allocated for boot sector • Eradication typically involves recreating MBR and Partition Boot Sector instructions Guide to Operating System Security

  19. Macro Methods • A virus can infect a macro and spread each time the macro is used • Software is configured so that macros are disabled unless digitally signed by a trusted source Guide to Operating System Security

  20. Macro Protection Guide to Operating System Security

  21. E-Mail Methods • Sent as attachments to e-mail Guide to Operating System Security

  22. Software Exploitation • Particularly aimed at new software and new software versions • Examples of potential vulnerabilities • DNS services • Messaging services • Remote access services • Network services and applications Guide to Operating System Security

  23. Spyware • Software placed on a computer • typically without user’s knowledge • reports back information about user’s activities • Some operate through monitoring cookies Guide to Operating System Security

  24. Protecting an OS from Malicious Software • Install updates • View what is loaded when a system is booted • Use malicious software scanners • Use digital signatures for system and driver files • Back up systems and create repair disks • Create and implement organizational policies Guide to Operating System Security

  25. Installing Updates for Windows • Windows Update • Provides access to patches that are regularly issued • Service packs • Address security issues and problems affecting stability, performance, or operation of features included with the OS Guide to Operating System Security

  26. Using Windows Update Guide to Operating System Security

  27. Using Windows Update Guide to Operating System Security

  28. Installing Updates for Red Hat Linux (Continued) • Issued frequently; can be downloaded from Web site • Red Hat Network Alert Notification Tool must be configured Guide to Operating System Security

  29. Installing Updates for Red Hat Linux (Continued) Guide to Operating System Security

  30. Installing Updates for NetWare • Download updates and/or consolidated support packs from Novell’s Web site Guide to Operating System Security

  31. Installing Updates for Mac OS X • Software Update tool enables you to: • Configure the system to automatically check for updates at specified intervals • Manually check for updates • View currently installed updates Guide to Operating System Security

  32. Installing Updates for Mac OS X Guide to Operating System Security

  33. Viewing What Is Loaded When a System Is Booted • Windows 2000, Windows XP Professional, and Windows Server 2003 • View information on-screen • Have a log record information (Advanced Options menu) • Red Hat Linux and NetWare • Automatically display boot load information • Mac OS X • Display boot process by booting into either single user mode or verbose mode Guide to Operating System Security

  34. Advanced Options Menu Guide to Operating System Security

  35. Using Malicious Software Scanners • Effective way to protect operating system • Scan systems for virus, worms, and Trojan horses • Often Called Virus Scanners Guide to Operating System Security

  36. Malicious Software Scanners: Features to Look For (Continued) • Scans memory and removes viruses • Continuous memory scanning • Scans hard and floppy disks and removes viruses • Scans all know file formats • Scans HTML documents and e-mail attachments Guide to Operating System Security

  37. Malicious Software Scanners: Features to Look For (Continued) • Automatically runs at a scheduled time • Manual run option • Detects known and unknown malicious software • Updates for new malicious software • Scans files that are downloaded • Uses protected or quarantined zones for downloaded files Guide to Operating System Security

  38. Using a Virus Scanner Guide to Operating System Security

  39. Virus Scanning Software (Continued) continued… Guide to Operating System Security

  40. Virus Scanning Software (Continued) Guide to Operating System Security

  41. Using Digital Signatures for System and Driver Files • Digital signature • Code placed in a file to verify its authenticity by showing that it originated from a trusted source • Driver signing • Placing a digital signature in a device driver to • Show that the driver is from a trusted source • Indicate compatibility with an OS Guide to Operating System Security

  42. Backing Up Systems and Creating Repair Disks • Most OSs offers ways to back up your system • Some OSs enable creation of a boot disk or repair disk • Windows 2000 • Emergency Repair Disk (ERD) • Windows XP or Windows Server 2003 • Automated System Recovery (ASR) set • Red Hat Linux • Boot disk Guide to Operating System Security

  43. Creating a Windows 2000 ERD • Create a new ERD each time you: • Install software • Make a server configuration change • Install a new adapter • Add a NIC • Restructure a partition • Upgrade the OS • Enables you to fix problems with the server Guide to Operating System Security

  44. Creating a Windows 2000 ERD Guide to Operating System Security

  45. Creating an ASR Set • Two components • Backup of all system files (1.5 MB or more) • Backup of system settings (about 1.44 MB) • Does not back up application data files Guide to Operating System Security

  46. Creating an ASR Set Guide to Operating System Security

  47. Creating a Red Hat LinuxBoot Disk • Enables booting a system from a floppy disk Guide to Operating System Security

  48. Creating and Implementing Organizational Policies (Continued) • Provide users with training in security techniques • Train users about common malicious software • Require users to scan floppies and CDs before use • Establish policies about types of media that can be brought in from outside and how they can be used • Establish policies that discourage/prevent users from installing their own software Guide to Operating System Security

  49. Creating and Implementing Organizational Policies (Continued) • Define policies that minimize/prevent downloading files; require users to use a virus scanner on any downloaded files • Create quarantine areas for files of uncertain origin • Use virus scanning on e-mail and attachments • Discard e-mail attachments from unknown or untrusted sources Guide to Operating System Security

  50. Chapter Summary • Viruses, worms, and Trojan horses • How they spread through operating systems and across networks • What they target and why • Typical forms of malicious software • Boot sector viruses • Viruses that attack through macros • How to set up defenses, such as operating system patches and repair disks Guide to Operating System Security

More Related