close

Вход

Забыли?

вход по аккаунту

?

Understanding How and Why Computer Viruses Spread

код для вставкиСкачать
Understanding Computer Viruses: What
They Can Do, Why People Write Them
and How to Defend Against Them
Classroom Activities Guide
What is a computer virus?
пЃ®
A computer virus is a malicious program
that spreads from computer to
computer.
Viruses, Worms, Trojan Horses
пЃ®
Have you heard other names for
malicious computer programs?
– Viruses, Worms, Trojan Horses
пЃ®
There are technical differences between
each of these, but all of them attempt to
run on your computer without your
knowledge.
Malware
The most general name for a malicious
computer program is malware.
пЃ® You may have heard computer
programs called software.
пЃ® The word malware comes from
MALicious softWARE.
пЃ®
How does malware invade your
computer?
You have probably heard of some ways
that malware can invade your computer.
пЃ® What are they?
пЃ®
– Through email attachments
– By clicking on a web link when surfing the
web
– By downloading a program that claims to
be a game or cool picture
– Others?
Front Door Attacks
пЃ®
What do many of these attacks (through
email, web browsing or downloads)
have in common?
– They all require the actions of a legitimate
user.
пЃ®
They can be considered “front door”
attacks because a user is tricked into
opening the door for the attack through
their action.
Understanding Front Door
Attacks
пЃ®
The key to understanding front door attacks is
that when you run a program it runs with *all*
your rights and privileges.
– If you can delete one file, any program you run
can delete all your files.
– If you can send one email, any program you run
could send thousands of spam emails.
пЃ®
This includes any program you run even
accidentally by opening an email attachment
or clicking on web link.
Back Door Attacks
Not all attacks require action by a
legitimate user.
 “Back door” attacks target vulnerabilities
in server software that is running on
your computer.
пЃ® Server software is software that listens
for requests that arrive over the network
and attempts to satisfy these requests.
пЃ®
– A web server is an example of server
software.
Are you running any servers?
Most home computer users think they
are not running any server software.
пЃ® However you would be surprised.
пЃ® For example, most default installations
of Windows run a number of network
services by default.
пЃ®
How can you check?
At a Windows command prompt, type
the command “netstat –an”.
пЃ® It will display a list of server software
that is listening for requests over the
network.
пЃ®
Things to Notice In the List
The server listening on port 135 was
attacked by the Blaster worm.
пЃ® The server listening on port 435 was
attacked by the Sasser and Korgo
worms.
пЃ®
Server Software
пЃ®
Server software is designed to provide
useful features.
– For example, server software allows you to
mount files from other computers or share
printers between computers etc.
пЃ®
So how then can server software be
used to attack a computer?
Legitimate vs. Illegitimate
Requests
пЃ®
Basically server software receives a
request over the network, examines the
request and decides if it can satisfy the
request
– Legitimate requests do not cause an
attack.
– Most illegitimate requests do not cause
attacks either because the server simply
answers that it does not understand or
cannot satisfy a request.
Carefully crafted, devious
requests
To attack server software, authors of
malware do not just send any old
illegitimate request.
пЃ® They send very carefully crafted
illegitimate requests that exploit a
weakness or flaw in the server software.
пЃ®
What is an example of such a
weakness? (part 1)
пЃ®
When programmers write server software,
they write it to listen for requests that come in
over the network.
пЃ® They might assume that no request will ever
be longer than 1000 letters long.
пЃ® This might be a perfectly valid assumption for
all reasonable requests, but an attacker might
send a request that is 100,000 letters long.
What is an example of such a
weakness? (part 2)
пЃ®
If the server only left room for 1000 letters,
then the rest of the letters may get copied
over the legitimate program instructions.
пЃ® Thus, the request sent by the attacker takes
the place of the legitimate program
instructions and the server starts to execute
the attackers code instead.
Buffer Overflow Attacks
This type of attack is called a “buffer overflow
attack” because it overflows the buffer of
space left for a request with too many
characters.
пЃ® Such an attack could be prevented if the
server always checked for requests that are
too long.
пЃ®
– Sometimes programmers neglect to do that and
this is what produces the weakness or flaw that is
exploited by the attacker.
– If you are learning to program, you should know
that you can prevent many viruses by following
good programming practices.
Buffer Overflow Attacks Aren’t
Easy
пЃ®
The attacker must
– Know how long of a request to send
– Send precisely the right data that can be
interpreted as instructions by the server
– Find a machine running a server with that
weakness.
пЃ®
If the attacker sends the wrong data, the
server might crash instead of running
the attackers instructions.
Exploiting a weakness
If an attacker crafts an attack that works
on their local machine then chances are
that it will work on many other
machines.
пЃ® Attackers tend to target the most
common computing platform – Windows
– so that their attacks will impact the
most machines.
пЃ®
What do viruses do?
Once an attacker manages to exploit a
weakness, they can run any code they
want on the victim’s machine.
пЃ® Attack codes vary in what they try to do.
пЃ® Have you ever suffered a computer
attack? What happened to your
machine? How hard was it to recover?
пЃ®
What does malware do?
пЃ®
Some attackers just want to see if they
can make an attack succeed.
– The malware they write may simply
displaying something to the user or
announce its presence in another way.
пЃ®
Other attackers want to do damage to
others without trying to benefit directly.
– The malware they write might delete files
or otherwise corrupt the system.
What does malware do?
(continued)
пЃ®
Still others try to write malware that
steals information from the victim.
– The malware they write might search for
credit card numbers or other personal
information and send it back to the
attacker.
– Spyware might watch for victim’s
passwords or otherwise spy on their online
activity.
What does malware do?
(continued)
пЃ®
Still others write malware that uses the
victim’s computer for their own
purposes.
– Use it to store files (often illegal) and make
them available to others – shifting liability
away from the attackers.
– Use it to attack other computers – making
it harder to trace the attack to its real
source.
Self-replicating
Regardless of its other goals, a large
percentage of malware tries to spread
itself automatically.
пЃ® Malware programs may try to spread by
пЃ®
– Sending out email with infected
attachments.
– Send out carefully-requests back door
attack packets.
Consequences of Attacks
пЃ®
If you have ever been attacked by a computer
virus, you know the damage it can cause
– Your computer can begin to run very slowly and
constantly pop-up annoying messages that make
it difficult to do anything productive.
– Having the virus removed by a technician can be
expensive and time-consuming.
– The virus itself may destroy irreplaceable files like
family pictures or videos. Even if the virus itself
does not cause data loss, often the process of
removing the virus can require reinstalling the
operating system and all the programs.
– Your credit card or other private information can
be stolen.
World-wide damage estimates
пЃ®
Computer viruses cause a huge amount of
damage worldwide.
– Damages from just one virus (The I Love You
Virus) are estimated at $10 billion dollars. It is also
estimated that 45 million people worldwide were
affected.
пЃ®
Costs come from restoring damaged
systems, replacing lost information, steps
taken to prevent attacks and steps taken to
prepare to recover from attacks.
Case
пЃ®
Jason, a 16 year old honor student,
wrote a computer virus that causes 4
billion dollars of damage and impacted
countless home and business
computers. The authorities traced the
virus to him. Jason says that he is very
sorry and didn’t mean for it to get so out
of hand. He said he was just fooling
around to see if he could do it.
Discussion
How would you feel if you were a friend
of Jason’s?
пЃ® How would you feel if you had lost your
entire MP3 collection or a book report
you had worked on for 3 weeks?
пЃ® What type of punishment would
recommend in this case?
пЃ®
Blackhat vs. Whitehat
Blackhat computer hackers look for
flaws in software to exploit them or
break into computer for malicious
purposes.
пЃ® Whitehat computer hackers look for
flaws in software to fix them or attempt
to break into computers to audit their
security.
пЃ®
What do whitehat hackers do?
Analyze server software for flaws that
could be exploited and recommend
fixes.
пЃ® Analyze new viruses or malware to
characterize what they are doing and to
build patches.
пЃ® Audit the overall security of computer
systems.
пЃ®
Defenses
пЃ®
Even if you are not whitehat hacker there is a
lot you can do to defend your computer
against attack
пЃ® Defending against front door attacks means
being careful about what programs you run
and what attachments and links you open
пЃ® Defending against back door attacks means
knowing what services are running on your
machine and keeping them patched
Defending against front door
attacks
пЃ®
1) Be careful opening email attachments even from
friends.
пЃ® 2) Be careful clicking on web links found on less
reputable web sites.
пЃ® 3) Beware of free downloads that seem too good to
be true.
пЃ® 4) Use a good virus scanner and keep your virus
signatures up-to-date.
пЃ® 5) Consider using less popular email readers and
web browser software.( Attackers target the most
popular software.) There are excellent and free open
source options.
Defending against back door
attacks
1) Use netstat to see what services are
running.
пЃ® 2) Periodically check to see if any new
services have been started.
пЃ® 3) Keep your server software patched
and up-to-date.
пЃ® 4) Consider shutting down any services
you do not need.
пЃ®
Prepare to recover from an attack
пЃ®
No matter how careful you are it is still
wise to prepare to recover from an
attack if one does occur.
– 1) Back up your personal data such as
digital pictures, letter and papers you’ve
written, your address book, etc.
– 2) Keep track of the software you’ve
installed on your computer including where
you got it and any activation keys you paid
for.
Review Questions
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
What is a front door attack? What are some
examples?
What is a back door attack? What are some
examples?
Give some examples of what malware tries to
accomplish.
Describe ways that whitehat hackers try to
make systems more secure.
Describe things you can do to secure your
computer against attack.
Conclusion
пЃ®
Knowing the different kinds of attacks
and the goals of attackers can help you
understand how better to defend
yourself.
Документ
Категория
Презентации
Просмотров
4
Размер файла
322 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа