3. Malicious Program
• Malicious programs refers to a broad
category of programs that can cause
damage or undesirable effects to computer
networks.
• The other words for this is Malware
(Malicious Software), Badware, Rouge
Program (a form of internet fraud using
internet)
• Besides malicious programs there are
non-malicious programs as well.
4. Malicious program cont…
• Malicious program is not a new concept, it
was officially defined by Cohen in 1984,
but the behaviour of the viruses was first
observed in 1970.
• The damages caused because of
malicious code are:
Potential damage can include modifying.
Destroying or stealing data.
5. Gaining or allowing unauthorised access to
a system
Executing functions that a user never
intended.
7. Viruses:
• Viruses: A hidden self-replicating
section of computer software,
usually malicious code that
propagates by infecting (i.e.
inserting a copy into becoming a
part of) another program or
system memory.
The viruses can damage your
hardware, software or files and
replicate themselves.
8. Categories of Viruses
1. Boot sector virus :
• infect boot sector of systems.
• become resident.
• activate while booting machine
2. File virus :
• infects program files.
• activates when program is run.
9. Types of Viruses
• Can classify on basis of how they
attack
• Parasitic virus
• Memory-resident virus
• Boot sector virus
• Stealth
• Polymorphic virus
• Macro virus
10. Transient Virus is active only when its host
program is active.
Resident virus establishes itself in the computer’s
memory & can remain active without its host.
Macro Virus attached to some data file
Email Virus spread using email with attachment
containing a macro virus
11. Properties of Viruses
Virus program should be hard to detect by
anti-virus software.
Viruses should be hard to destroy or deactivate.
Spread infection widely.
Should be easy to create.
Be able to re-infect.
Should be machine / platform independent, so
that it can spread on different hosts.
13. Worms:
• Worms: Reproducing programs that run
independently and travel across network
connections.
• “Famous” worms are:
- Morris Internet Worm(1988)
- Code Red : had triggered time for Denial of
Service attacks.
- Code Red 2 : had backdoor installed to allow
remote control.
- Nimba : use multiple infection i.e.email,share,
web clients, etc.
15. This dialog box appears
after the
PIKACHUPOKEMON.EXE
file has been activated. Worm:
• Accesses Outlook Address Book
• Embeds code to delete Windows
and Windows Subfolders upon
Restart.
• +: Does ask for permission to
delete files with a “Y” command.
16. Virus v/s. Worms:
• Viruses require interaction whereas
worms act on there own.
• Viruses has to relay on users
transferring to infect files / programs
while worms can use a network to
replicate itself .
• Speed of worms is more
than viruses.
17. Trojan Horse:
• Trojan Horse:
– A Trojan horse is a program in
which malicious or harmful code is
present in such a way that it can
get a control over the system & use
to do its chosen form of damage.
─Trojans are not viruses since they do
not replicate, but Trojan horse
programs can be just as destructive.
18. Continued…
• Trojan Horses appear to be useful or
interesting to an unsuspecting user, but
are actually harmful.
• A Trojan horse can be attached to any
useful software by a cracker & can be
spread by tricking users into believing that
it is a useful program.
19. Damages caused by Trojans
• Erasing or overwriting data on a computer.
• Corrupting files.
• Installing a backdoor on a computer.
• Spreading other malware, such as viruses,
hence they are also known as “dropper”.
• Logging keystrokes to steal information
such as passwords & credit card numbers
(known as key loggers).
20. Attack of Trojan Horse
• Trojan horse attacks any system in the
following manner.
22. Logic Bomb:
• Logic Bomb: A logic bomb is a
type of Trojan Horse that executes
when specific conditions occur.
– Triggers for logic bombs can include
change in a file, by a particular series of
keystrokes, or at a specific time or date.
– Suppose a programmer may hide a
piece of code that starts deleting files.
23. Spyware
• A spyware is a computer
software which is installed
automatically when you surf
internet or when you install
free software.
• Spyware is known to
change computer settings.
24. • Spyware collects various types of
information like:
Internet surfing habits.
Visited sites.
Interfere in installing additional software.
Redirect web browser activity.
25. Spyware is a legal program…..
• Here it is in the form of virus alerts.
26. Adware
• Adware is any software package which
automatically plays, displays or downloads
advertisements to a computer after the
software is installed on it or while the
application is being used.
• It’s a legal program.
• Well known adware program is
“123 Messenger”
27. 123 Messenger….
• Is in the form of popups & unexplained
advertising programs in your computer.
28. • Advertising companies
hope to generate
money from customers
who receive the popups
or unexplained programs
on their computers
29. How to detect that your computer has a
spyware or adware??
Continuous popups.
Persistent change
in your homepage.
Slower computer
processing, takes
the computer longer
to process or startup.
30. Software Security
• Only install necessary and trusted
software.
• Beware of *free* games, screen savers,
and graphics.
• Keep a hard copy of the copyright
release for all “free” products!
• Run and UPDATE anti-virus software!!