Malicious Software

Picture this - the trade press is all abuzz with warnings of a new killer virus, Child of Chernobyl.Recall that Chernobyl struck on April 26, 1999. In Korea alone, it affected as many as a millioncomputers, causing more than $250 million in damages. The boss has just come down with amagazine article in hand and has told you to drop everything.
Nội dung trích xuất từ tài liệu:
Malicious Software Malicious Software Security Essentials The SANS Institute Encryption and Exploits - SANS ©2001 1This course on Malicious Software is part of the SANS Security Essentials series.Picture this - the trade press is all abuzz with warnings of a new killer virus, Child of Chernobyl.Recall that Chernobyl struck on April 26, 1999. In Korea alone, it affected as many as a millioncomputers, causing more than $250 million in damages. The boss has just come down with amagazine article in hand and has told you to drop everything. You have three days to ensure theorganization is ready before “Child of Chernobyl” day. Is this real or a hoax? What do you do tofind out? How do you meet the boss demands to get anti-viral software installed and updated asneeded? Stay tuned for answers to these questions and more…Of course this course isn’t going to solve all your problems if you suddenly get hit and have no planof action or procedures in place. So you are going to need to apply what you learn here. 5-1 Objectives • Malicious code • Virus and hoax information • Virus types and methods • Organizational AV policy • Desktop anti-viral care and feeding Malicious Software - SANS ©2001 2At the completion of this course, the student will be familiar with these core concepts of anti-viralprotection.What is malicious software? How does it spread? What are some of the characteristics of viruses?What is the difference between a virus and a hoax? Where can I go to get more information on them?Does my organization have an anti-viral policy? What does it say? Is it up-to-date?What is anti-viral software?What is involved in the care and feeding of desktop anti-viral software? 5-2 Malicious Software (Malware) • Viruses • Worms • Trojan horses • Malicious applets • Majority Microsoft-specific Malicious Software - SANS ©2001 3Malware is a generic term for a number of different types of malicious code - viruses, worms,Trojan horses, and malicious applets. First, we will define what these things are.A virus is a piece of parasitic code (or program) written specifically to execute on behalf of the userwithout the users permission (or knowledge). It is parasitic in that it attaches itself to files (or bootsectors) and then replicates, causing the spread to continue. Some viruses do little more thanreplicate and serve as a nuisance; others can do serious damage, such as affecting programs ordegrading system performance (the virus payload). Never assume that a virus is harmless and leaveit intact. We will look at the various types of viruses in the slides to follow.A worm is a self-contained program (or set of programs), that is able to spread functional copies ofitself to other computer systems (usually via a network). Host-computer worms are entirelycontained on their host computer. Host-computer worms that delete from one host upon propagationto a new host are called rabbits - they ‘hop’ around a network. Some worms run in multiple partson many hosts. These worms are called network worms. A network worm with one coordinatingsegment and many client sub-segments is termed an octopus! Note: Malicious code is called aworm when it requires no specific action on the part of the user to enable infection and propagation.It just spreads. If the code requires the user to open an email or load a screen saver or take someother action, then it is called a virus.Trojan horses are programs with an intended action that is not documented or revealed. Typically,Trojan horses masquerade as some other harmless or trusted program. A well-known Trojan horseis Back Orifice.Malicious applets are applets that attack the local system of a web surfer and involve denial ofservice, invasion of privacy, and annoyance. Malicious applets are distinguished from attackapplets that exploit vulnerabilities in the implementation of the Java security model.It is interesting to note that of the 60,000 or so known viruses, worms etc., about 55,000 of them areMicrosoft-specific (Gene Spafford). Care is needed here because this statistic does not mean thatsystems such as Linux, Unix, or Mac are immune - there are just less examples found here. Weusually think of infection via the network and floppy disks, but CDROMs are notorious for hostingmalware. Just think of the damage that could be done with a music CD. How a ...