Viruses and Malicious Code

About This Presentation

Title:

Description:

Number of Views:76

Avg rating:3.0/5.0

Slides: 12

Provided by: unc

Category:

Tags: code | girls | ls | malicious | viruses

Transcript and Presenter's Notes

Title: Viruses and Malicious Code

1
Viruses and Malicious Code

2
Malware

Viruses parasitic, must have a host. Depends
on user action to spread and replicate. See also
Melissa
Worm Self-contained. Requires no user
interaction to propagate. See also Code Red,
Jackson family.
Trojan programs which are something other than
they appear to be. Cannot replicate. Spread via
spam and Software piggybacks. See also SubSeven

3
Viruses

Boot Record Infectors found on floppy disks
and hard drives
Com infectors will prepend, append or overwrite
.comf files
Exe infectors Alter Code Segment pointer to run
virus code prior to program code
Macro viruses inhabit document files. Can
merge with other macros, which means that one day
they will evolve to challenge us for domination
of the planet.

4
Consequences of Malware

5
Virus Ecology

Like the stick insect, viruses attempt to hide
themselves.
Read Stealthing intercepts system calls and
responds with false information
Size Stealthing - intercepts system calls and
responds with false informationabout file size
Polymorphism Like the green blood guy from
X-files. Polymorphs change or encrypt their
underlying code in order to vary their signature
Rootkit Collection of tools designed to conceal
a system compromise. Often replaces tools like
ls, ps and top. Name taken from Tolkiens
writings on system administration.
One Root to rule them all, One Root to find them,
One Root to bring them all and in the darkness
bind them.

6
Defending Against Viruses

Do not use computers.
Urge others not to use computers.
If you must use computers, boil them thoroughly
beforehand and throw away after one use.
Alternatively Do what the nice people at Sans
do.

7
What The Nice People At Sans Do

Use anti-virus software
Activity monitors attempts to detect and block
malicious activity. Not particularly useful by
themselves.
Scanners Norton, McAfee. Scan files looking
for virus signatures.
Integrity checkers Tripwire, again. The
authors must own stock in the company. Computes
file checksums and compares them across time.

8
More of WTNPASD

Update anti-virus software often.
Update everything else often.
Disable access to unneeded system components
(except freecell, which will cause the sales
associates to revolt)
Disable macros

9
Indications of an Infection

The cute girl in marketing who never ever talks
to you or even deigns to notice your existence
drops by the cubicle and asks if you can keep a
secret.
Her computer runs slower and makes noise.
Her boss then appears and asks her What was in
that attachment you sent me? Nothing happened
when I clicked on it.

10
What to Do Once You Determine That The Entire
Marketing Department Has Been Infected

Consult your Infection Action Plan
What do you mean What Infection Action
Plan?
Do Not Panic
Make sure to carry a towel with you at
all times.
Contain the problem
Send the Marketing department out to a
barthats where they spend most of their time
anyway.
Eradicate the Malware
See Boiling the Computer, from earlier
in this presentation.
Recover From The Infection
Replace Marketings PCs with Macs.
Review the Incident
Sincerely intend to write an Infection
Action Plan. Go over personal data recovered
from cute marketing girls computer and integrate
with overall stalking strategy.

11
In Summary

Pabst Blue Ribbon is a really good mnemonic
device for Partition Boot Record, and Franklin
Belano Roosevelt will serve to remember Floppy
Boot Record, but Meister BRau for Master Boot
Record needs some work.
Cute girls from marketing can drink you under the
table without breaking a sweat.
You should probably read the chapter yourself
rather than relying on my notes.
This sublimely professional presentation may be
seen on the web at http//www.unc.edu/sstaff/Gsec
23.ppt