Escolar Documentos
Profissional Documentos
Cultura Documentos
Semester
Subject
Subject Professor Incharge
Assisting Teachers
Laboratory
Student Name
Roll Number
Grade and Subject
Teachers Signature
Hitesh Khade
12110B1056
Experiment No. 7
Aashna Parikh
L05A
Experiment Number
Experiment Title
Resources / Apparatus
Required
7
Case Study of Malicious & Non- Malicious Programs.
Hardware:
Software:
IBM PC Compatible Computer System
JDK, Netbean
Objectives
(Skill Set / Knowledge
Tested / Imparted)
Theory of Operation
Malicious code
Malicious code is the term used to describe any code in any part of a software
system or script that is intended to cause undesired effects, security breaches or
damage to a system.
Types of Malicious code are as follows:
1) Computer Virus
A computer virus is a self replicating computer program which can attach itself to
other files/programs, and can execute secretly when the host program/file is
activated. When the virus is executed, it can perform a number of tasks, such as
erasing your files/hard disk, displaying nuisance information, attaching to other
files, etc.
Example:
1. The Morris worm
In 1998 Robert Morris, a university student, unleashed a worm which affected 10
per cent of all the computers connected to the internet (at the time the net was
estimated to consist of 60,000 computers), slowing them down to a halt. Morris is
(2) Worms
A worm is a self-replicating program that does not need to attach to a host
program/file. Unlike viruses, worms can execute themselves. Worms have the
ability to spread over a network and can initiate massive and destructive attacks in
a short period of time.
One typical example of a massive attack is the "SQL Sapphire Slammer
(Sapphire)" that occurred on 25 January 2003. The Sapphire exploited an MS
SQL Server or MSDE 2000 database engine vulnerability. The weakness lays in
an underlying indexing service that Microsoft had released a patch in 2002. It
doubled in size every 8.5 seconds, and infected more than 90 percent of
vulnerable hosts within 10 minutes. It eventually infected at least 75,000 hosts and
caused network outages that resulted in:
Canceled airline flights
Interference with elections
Bank ATM failures
Example:
1. The Morris worm
In 1998 Robert Morris, a university student, unleashed a worm which affected 10
per cent of all the computers connected to the internet (at the time the net was
estimated to consist of 60,000 computers), slowing them down to a halt. Morris is
now an associate professor at MIT.
2. The Anna Kournikova worm
The Anna Kournikova worm posed as a picture of the tennis player, but was in fact
a virus written by Jan de Wit, an obsessed admirer from the Netherlands. He
ended up receiving a community service sentence.
3. ILOVEYOU
The Love Bug flooded internet users with ILOVEYOU messages in May 2000,
forwarding itself to everybody in the user's address book. It was designed to steal
internet access passwords for its Filipino creator.
Trojan horses embedded into online game plug-ins which will help online
gamer to advance their game characters; however, the online game
account and password are also stolen. The gamer's cyber assets are
therefore stolen.
Trojan horses are particularly dangerous due to the fact that they can also open a
back door into a system and allow an attacker install further malicious programs
on your computer. Back Orifice and SubSeven are two well-known remote access
trojan horses that allow attackers to take control of a victim's computer.
Example:
The Japanese government has revealed that computers in the countrys
parliament suffered a cyber attack orginating from China in July.
Computers and servers in the lower house of the countrys parliament became
infected by a Trojan horse virus after one politician opened an email
attachment, according to a report from Channel News Asia.
It remains unclear exactly what information, if any, was compromised from the
incident as it was not reported until a month later. There is concern that during the
time it went unlogged, the Chinese based server behind the attack may have got
access to passwords and other data on the infected computers.
The government is reportedly investigating the issue, having not been aware of it
prior to todays announcement. It says that legal action will be taken if necessary.
News of this incident in Japan comes just a day after the UKs head of cyber
security warned of the threat that Chinese hackers pose to governments and
companies.
Maj Gen Shaw, who heads up the British Ministry of Defences cyber security
programme, told the Daily Telegraph that the biggest threat to [the] country by
cyber is not military, it is economic. Shaw recounted one example which saw a
company in the UK go bust after the blueprint for the revolutionary wind turbine
blades it designed was obtained by hackers who went on to develop a cheaper
version.
Japan is by no means the last government in Asia to have Internet security issues
of late. India recently pledged to improve its cyber security after revealing that 117
government websites had been hacked over a six month period.
Lane Davis and Steven Dake - wrote the earliest known rootkit in the early
1990s.
open the attached invitation to the funeral. The attachment, statistically more likely
to be opened by the elderly, contained malicious software.
ii)Other scammers try phone calls where you can hear someone screaming and
they tell you that your child has been kidnapped and you need to send them
money. Some threaten to shoot their "hostage" if you disconnect the call.
(9) Logic bombs
Logic bombs are small programs or sections of a program triggered by some
event such as a certain date or time, a certain percentage of disk space filled, the
removal of a file, and so on. For example, a programmer could establish a logic
bomb to delete critical sections of code if she is terminated from the company.
Logic bombs are most commonly installed by insiders with access to the system.
Example:
UBS PaineWebber system administrator Roger Duronio has been charged
with Logic bomb
Former UBS PaineWebber system administrator, Roger Duronio, has been
charged with sabotaging company computer systems in an attempt to manipulate
its stock price. Duronio placed logic bombs that deleted files on the computers.
Duronio has been charged with one count of securities fraud and one count of
violation of the Computer Fraud and Abuse Act.
(10)Time bombs
The ticking time bomb scenario is a thought experiment that has been used in
the ethics debate over whether torture can ever be justified. As a thought
experiment, there is no need that the scenario be plausible; it need only serve to
highlight ethical considerations. The scenario can be formulated as follows:
Suppose that a person with knowledge of an imminent terrorist attack, that will kill
many people, is in the hands of the authorities and that he will disclose the
information needed to prevent the attack only if he is tortured. Should he be
tortured?
Example:The Wall Street Journal online shortly after Feinstein began speaking,
six former directors and deputy directors of the CIA argued that was too narrow of
a reading of what a ticking time bomb means.
In the aftermath of the Sept. 11 attacks, former directors George Tenet, Porter
Goss and Michael Hayden wrote that the CIA had evidence that al Qaeda was
planning a second wave of attacks, that Osama bin Laden had met with Pakistani
nuclear scientists and reports (which turned out not to be accurate) that nuclear
weapons were being smuggled into New York and evidence that al Qaeda was
trying to manufacture anthrax.
It felt like the classic ticking time bomb scenarioevery single day, they wrote.
(11)Rabbit worm
1974- The Rabbit (or Wabbit) virus, more a fork bomb than a virus, is written. The
Rabbit virus makes multiple copies of itself on a single computer (and was named
"Rabbit" for the speed at which it did so) until it clogs the system, reducing system
performance, before finally reaching a threshold and crashing the computer.
Non-Malicious code
Non malicious (but intentional) flaws are often features that are meant to be in the
system, and are correctly implemented, but nonetheless can cause a failure when
used by an attacker
Types of Non-Malicious
1)Buffer Overflows
A buffer overflow is the computing equivalent of trying to pour two liters of water
into a one-liter pitcher: Some water is going to spill out and make a mess. And in
computing, what a mess these errors have made!
Definition
A buffer (or array or string) is a space in which data can be held. A buffer resides
in memory. Because memory is finite, a buffer's capacity is finite. For this reason,
in many programming languages the programmer must declare the buffer's
maximum size so that the compiler can set aside that amount of space.
Example:
A buffer overflow in a 2004 version of AOLs AIM instantmessaging software exposed users to buffer overflow vulnerabilities. If a
user posted a URL in their Im away message, any of his or her friends
who clicked on that link might be vulnerable to attack. AOLs response
was to suggest that users update to a new version that would fix the bug.
The Blaster worm that attacked Microsoft Windows Systems in August
2003 relied upon a known buffer overflow in remote procedure call
facilities. Once it was installed on a given computer, Blaster would attempt
to find other vulnerable computers. Upon finding a vulnerable computer,
Blaster would issue instructions that would create a process on the target
and cause the worm to be downloaded to it.
(2) Race Condition Exploits
Race conditions arise from multiple processes/threads that operate on related
entities in an OS that has preemptive scheduling. Any good OS book will describe
race conditions. The effects are often an unexpected result in a computation, a
deadlock, or a livelock.It is also called as Time-Of-Check To Time-Of-Use
Within user processes, almost all race conditions reduce to races in the file
system. Within OS kernels, race conditions are present in various places, e.g., in
virtual memory management code.
Exploits based on race conditions are subtle. They typically require repeated
attempts within the short time period. These exploits can be eliminated by
understanding the ideas and techniques of atomicity and mutual exclusion from
concurrent programming courses. To keep up performance, the race condition
eliminations have to be done after deep analyses. Real systems continue to suffer
from race conditions because of sloppy design and construction.
Example:
Internet Explorer 2011
"Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers
to execute arbitrary code or cause a denial of service (memory corruption) via
vectors involving access to an object, aka 'Window Open Race Condition
Vulnerability.' "
This vulnerability was discovered in Jan 2011 and a patch was released and
publicly disclosed in August 2011. An attacker composes a web page with
malicious code and when a user visits this page, the exploit happens.
(3)Incomplete Mediation
Incomplete mediation is another security problem that has been with us for
decades. Attackers are exploiting it to cause security problems.
Definition
The two parameters look like a telephone number and a date. Probably the client's
(user's) web browser enters those two values in their specified format for easy
processing on the server's side. What would happen if parm2 were submitted as
1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many?
Something would likely fail. As with buffer overflows, one possibility is that the
system would fail catastrophically, with a routine's failing on a data type error as it
tried to handle a month named "Min" or even a year (like 1800) which was out of
range. Another possibility is that the receiving program would continue to execute
but would generate a very wrong result. (For example, imagine the amount of
interest due today on a billing error with a start date of 1 Jan 1800.) Then again,
the processing server might have a default condition, deciding to treat
1Aardvark2Many as 3 July 1947. The possibilities are endless.
Conclusion