网络攻击-恶意代码概论.pptVIP

Introduction of Malicious Programs Basis knowledge Trapdoors Logic bomb Virus Trojan Horse Root kit Worm Botnet Future? Growth and Change in Malware Development In the beginning there were viruses… 2003 saw the beginning of spyware, phishing, botnets, etc. as an outgrowth of spamming outfits, not hacking outfits. Spyware, Phishing, Botnets still growing despite the increase of money being spent to remediate the problem. Growth in Malware Number of trojans intercepted by Kaspersky Labs.2 About 10-15k new bot machines per day. Dropped to 5k after SP2 release for only a few months. Only 4-6 days until exploit released, yet 40-60 days for patch. Why do they keep growing? Because it keeps working. We haven’t eliminated the real problem. What is Malicious Code? Set of instructions that causes a security policy to be violated Generally relies on “legal” operations Authorized user could perform operations without violating policy Malicious code “mimics” authorized user Malicious Programs Malicious Program’s Evolution Trapdoors Trapdoor An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. Trapdoors (Back doors) Secret entry point into a program Allows those who know access bypassing usual security procedures, e.g., authentications Have been commonly used by developers A threat when left in production programs allowing exploited by attackers Very hard to block in O/S Examples of Backdoor 2003, an attempt was made to create a backdoor in the Linux Kernel Early versions of the Sobig Virus in 2003 installed backdoors to send its spam. MyDoom virus in early 2004 created a backdoor on port 3127 to send spam Backdoor Types Local Escalation of Privilege Remote command-line access. Remote control of the GUI. Backdoor Installation Attacker has compromised the system Virus, worm, or malicious mobile code installs th