Sunteți pe pagina 1din 14

Software based attacks

Malicious software or malware

Software that enters a computer system without the owners knowledge or consent Malware is a general term that refers to a wide variety of damaging or annoying software Three primary objectives of malware Infect a computer system Conceal the malwares malicious actions Bring profit from the actions that it performs

Infecting Malware
Programs that secretly attach to another document or program and execute when the document or program is opened Once a virus infects a computer, it performs two separate tasks

Replicates itself by spreading to other computers Activates its malicious payload

Ranging from displaying an annoying message to erasing files from a hard drive or causing a computer to crash repeatedly

Types of computer viruses: 1. File infector virus: File infectors, also known as parasitic viruses, operate in memory and usually infect executable files. They activate every time infected files are executed 2. Resident virus: Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, a finder module does not call this module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. 3. Boot virus: A boot virus is a virus that infects the part of the computer called a system sector. A system sector is an area of the computer hard drive or a floppy disk that is executed when the computer is started.

4. Companion virus : A companion virus is a complicated computer virus which, unlike traditional viruses, does not modify any files. Instead, it creates a copy of the file and places a different extension on it, usually .com 5. Macro virus: a macro virus is a virus that is written in a macro language that is to say, a language built into a software application such as a word processor. 6. Metamorphic viruses Some viruses rewrite themselves completely each time they infect. These viruses are said to be metamorphic. 7. Polymorphic viruses A virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by antivirus program.

Program designed to take advantage of a vulnerability in an application or an OS in order to enter a system Worms are different from viruses in two ways:
A worm can travel by itself A worm does not requires any user action to begin its execution

Deleting files on the computer, allowing the computer to be controlled by hackers remotely

1. Trojan Horse

Concealing Malware

Program advertised as performing one activity that but actually does something else Executable programs that contain hidden code that attack the computer system

2. Root kit Set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and then hide all traces of its existence Hide the presence of other types of malicious software Replacing OS commands with modified versions which are specifically designed to ignore malicious activity so it can escape detection Removing a root kit from an infected computer is extremely difficult reformat the hard drive and reinstall the OS

3. Logic bomb
A computer program or a part of a program that lies dormant until it is triggered by a specific logical event Once triggered, the program can perform any number of malicious activities Difficult to detect before being triggered

4. Privilege escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining When a user with a lower privilege uses privilege escalation to access functions reserved for higher privilege users When a user with restricted privilege accesses the different restricted functions of a similar user

Malware for Profit

1. Spam
Unsolicited email Sending spam is a lucrative business Costs involved for spamming: email addresses, equipment and internet connection

2. Spyware Describing software that imposes upon a users privacy or security Two characteristics: creators are motivated by profit and not easily to be identified

3. Adware
Delivers advertising content in a manner that is unexpected and unwanted by the user Can be security risk Perform tracking function Monitor and track users activities

4. Keylogger
A small hardware device or a program that monitors each keystroke a user types on the computers keyboard As the user types, the keystrokes are collected and saved as text A small device inserted between the keyboard connector and computer keyboard port


5. Botnets Hundreds, thousands, or even tens of thousands of zombie computers are under the control of an attacker

6. Zombie An infected computer with a program that will allow the attacker to remotely control it Attackers use Internet Relay Chat (IRC) to remotely control the zombies