Essay Color Key

Free Essays
Unrated Essays
Better Essays
Stronger Essays
Powerful Essays
Term Papers
Research Papers





Malicious Code

Rate This Paper:
:: 7 Sources Cited
Length: 1905 words (5.4 double-spaced pages)
Rating: Red (FREE)      
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Malicious Code

Introduction

"The wind of change came on 26th March in the form of an email cyclone called Melissa. Moreover, during 1999 numerous changes in the level of computer virus technology were seen," Armstrong (May 2000, p1).

From an organisational point of view, societies around the world are just learning about the level of importance that computer security against virus attacks and the critical significance of cybercrime. Companies around the world lost vast amounts of time, money and resources due to the lack of defense systems and lack of knowledge.

Companies must ensure that the all data processing equipment like computers, routers and networks are robust and secure to withstand any type of malicious attack.

The following report details some of the more common malicious code specifically viruses, explaining some of the damage, which these very powerful viruses can inflict on to any computer that it is not well prepared for this kinds of attacks.

Armstrong (July 2000, p1), states that: ‘February's big story for the information security marketplace was the distributed denial-of-service attacks, which rendered the likes of Yahoo!, eBay, and E*Trade helpless. Most recently, news of the LoveBug hit. While statisticians still grapple with the costs associated with recuperating from this newest bug's sting, the latest reports indicate that approximately 90 per cent of networks worldwide were affected. Recovery costs associated with the LoveBug are estimated to range from about $600 million upwards to a big $10 billion. Along with all these woes, companies also have to fend off attacks - not only from the outside, but more importantly from inside.

Malicious Code - A Virus

According to Pfleeger (1997, p179) A virus is a program that can pass on malicious code to other nonmalicious programs by modifying them. The term virus arises because the affected program acts like a biological virus: modification of good programs is like a virus that infects other healthy subjects.

In Australia damaging data in a computer carries heavy penalties, according to Carroll (1997, p33) in New South Wales, section 310 of the Crimes Act as amended in 1989 states that a person intentionally and without authority or lawful excuse destroys, alters or erases data, or inserts data, or interrupts or obstructs the lawful use of a computer is liable to ten years of penal servitude or a fine of $100,000 or both .

According to Fites, Kratz & Brebner (1989) viruses or worms , program contructions which can degrade an operating system, destroy data files, and do much damage to the information a computer works with.

The main types Software Malicious Code

The Trojan Horse

According to Stamper (1998, P. 536-537), A Trojan horse program contains code intended to disrupt the system. The trojan horse program are coded segments hidden inside a useful program. Trojan horse programs have been created by disgruntled programmers. In one such instance, a programmer inserted code that would periodically activate and erase accounting and personnel records. A trojan horse program differs from viruses and worms in that it does not attempt to replicate itself.

The ANSI bomb

An "ANSI bomb" is a sequence of characters, usually embedded in a text file, that reprograms various keyboard functions of computers with ANSI console (screen and keyboard) drivers. Such a possibility however, need not translate into much of a threat. It is rare for modern software to require the computer it runs on to have an ANSI console, so few PCs or other machines should load ANSI drivers.

The Worm

As stated by According to Pfleeger (1997, p179), The worm is a program that spreads copies of itself through a network. The primary difference between a worm and a virus is that a worm operates through networks and a virus can spread through any medium, but usually copied program or data files.

Viruses

The Virus is the most popular of all kinds of malicious code. There are two main classes of viruses. The first class consists of viruses that infect files that attach themselves to ordinary program files. The second main type is the system or boot-record infectors.

File infectors usually attack executable programs, though some can infect any program for which execution or interpretation is requested, such as sys, ovl, obj, and bat files. File infectors can be either direct-action or resident.

A direct-action virus selects one or more programs to infect each time a program infected by it is executed. A residentvirus installs itself somewhere in memory, the first time an infected program is executed, infects other programs when they are executed. Direct-action viruses are also sometimes referred to as non-resident.

The second main type of viruses, the system or boot-record infectors, which infect executable code found in certain system areas on a disk. PCs boot-sector viruses, which infect only the DOS boot sector, and the MBR viruses, which infect the Master Boot Record (MBR) on fixed disks and the DOS boot sector on diskettes. Examples include Stoned, Empire and Michelangelo. All common boot sector and MBR viruses are memory resident.

The File system or cluster viruses are those that modify directory table or FAT tables, so that the virus is loaded and executed before the desired program is. The program itself is not physically altered, only the directory entry of the program file is. Some consider these to be a third category of viruses, while others consider them to be a sub-category of the file infectors. KERNEL viruses target specific features of the programs that contain the kernel of an operating system. A file infecting virus, that can infect kernel program files is not a kernel virus, this term is reserved for describing viruses that utilize somespecial feature of kernel files like their physical location on disk or a special loading or calling convention.

The stealth virus

According to Stallings (1995, p.248) A Stealth virus uses compression so that the infected program is exactly the same length as an uninfected version. A Stealth virus while operational, hides the changes made to files or boot records. The very first DOS virus was a stealth virus called Brain. Brian monitorsphysical disk I/O and re-directs all reads to a Brain-infected boot sector to the disk area where the original boot sector is stored.

The "fast" and "slow" infectors

A FAST infector is a virus that, when it is active in memory, infects not only programs which are executed, but even those that are merely opened. The result is that if such a virus is in memory, running ascanner or integrity checker can result in all (or at least many) programs becoming infected. Examples are the Dark Avenger and the Frodo viruses.

The term "SLOW infector" is sometimes used to refer to a virus that only infect files as they are modified or as they are created. The purpose is to fool people who use integrity checkers into thinking that modifications reported by their integrity checker are due solely to legitimate reasons. An example is the Darth Vader virus.

The sparse infector

The term "sparse infector" is sometimes used to describe a virus that infects only occasionally (e.g. every tenth program executed), or only files whose lengths fall within a narrow range, etc. By infecting less often, such viruses try to minimize the probability of being discovered.

The companion virus

A companion virus is one that, instead of modifying an existing file, creates a new program which (unknown to the user) is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. On PCs this has usually been accomplished by creating an infected .COM file with the same name as an existing .EXE file. Integrity checking antivirus software that only looks for modifications in existing files will fail to detect such viruses.

The tunnelling virus

A tunnelling virus is one that finds the original interrupt handlers in DOS and the BIOS and calls them directly, thus bypassing any activity monitoring program which may be loaded and have intercepted the respective interrupt vectors in its attempt to detect viral activity.

The cavity virus

A cavity virus is one that overwrites a part of the host file that is filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality. The Lehigh virus was an early example of a cavity virus.

The dropper Virus

A dropper is a program that has been designed or modified to "install" a virus onto the target system. The virus code is usually contained in a dropper in such a way, that it won't be detected, by any virus scanner that would normally clean that virus.While quite uncommon, a few droppers have been discovered. A dropper is effectively a Trojan Horse whose payload is installing a virus infection. A dropper which installs a virus only in memory (without infecting anything on the disk) is sometimes called an "injector".

The armored virus

An armored virus is one that uses special tricks to make tracing, disassembling and understanding of its code more difficult. A good example is the Whale virus.

The polymorphic viruses

According to Pfleeger (1997, p.188) “ A virus that can change its appearance is called a polymorphic virus (poly- means “many” and morph means “form”)”.

A technique for making a polymorphic virus is to choose among a variety of different encryption schemes requiring different decryptionroutines: only one of these routines would be plainly visible in any instance of the virus, an example of this kind was the Whale virus.

Another more sophisticated form of polymorphism used so far is the "Mutation Engine" (MtE) which comes in the form of an object module. With the Mutation Engine any virus can be made polymorphic by adding certain calls to its assembler source code and linking to the mutation-engine and random-number generator modules.

Conclusion

One could become pessimistic about the prospects and future trust and reliability of computers and the internet but the correct methods of defense, Encryption, Software Controls, Policies and Physical Controls we can improve the awareness and work towards a solution.

From an organisational point of view, societies around the world are just learning about the level of importance that computer security against virus attacks and the critical significance of cybercrime. Companies around the world lost vast amounts of time, money and resources due to the lack of defense systems and lack of knowledge.

Companies must ensure that the all data processing equipment like computers, routers and networks are robust and secure to withstand any type of malicious attack.

I hope the reporthas detail some of the more common malicious code specifically viruses, explaining some of the damage, which these very powerful viruses can inflict on to any computer that it is not well prepared for this kinds of attacks.

References & Bibilography

Association for Computing Machinery (ACM), 1992, "ACM Code of Ethics and Professional Conduct", http://www.acm.org/constitution/code.htm. ACM council. 10/16/92. Online accessed on 18th July 2000.

Armstrong, l., 2000, Beating the Bad Guys: Designing Secure Systems, [ONLINE]. Available at URL:
http://www.check-mark.com/securecomputing/2000_07/special/special.html [Accessed 29 July 2000].

Armstrong, l., 2000, Virus War Marches On, [ONLINE]. Available at URL:
http://www.check-mark.com/securecomputing/2000_05/cover/cover.html [Accessed 29 July 2000].

Carrol, J.M. 1997,”Computer Security”,3rd Edition, Buttleworth-Heinemann, MA, P33.
Fites, Kratz & Brebner, 1989, "Control & Security of computer information systems", Computer Science Inc. MD. P. 186.

Pfleeger, C.P., 1997, "Security in Computing", Prentice -Hall Inc., NJ. P. 517.

Stallings, W., 1995, “Network & Internetwork Security principles and practice", Prentice -Hall Inc., NJ. P. 248.

Stamper, D.A., 1999, “Business Data Communications”, Addison Wesley Longman P. 536-537).

How to Cite this Page

MLA Citation:
"Malicious Code." 123HelpMe.com. 20 Apr 2014
    <http://www.123HelpMe.com/view.asp?id=46281>.




Related Searches





Important Note: If you'd like to save a copy of the paper on your computer, you can COPY and PASTE it into your word processor. Please, follow these steps to do that in Windows:

1. Select the text of the paper with the mouse and press Ctrl+C.
2. Open your word processor and press Ctrl+V.

Company's Liability

123HelpMe.com (the "Web Site") is produced by the "Company". The contents of this Web Site, such as text, graphics, images, audio, video and all other material ("Material"), are protected by copyright under both United States and foreign laws. The Company makes no representations about the accuracy, reliability, completeness, or timeliness of the Material or about the results to be obtained from using the Material. You expressly agree that any use of the Material is entirely at your own risk. Most of the Material on the Web Site is provided and maintained by third parties. This third party Material may not be screened by the Company prior to its inclusion on the Web Site. You expressly agree that the Company is not liable or responsible for any defamatory, offensive, or illegal conduct of other subscribers or third parties.

The Materials are provided on an as-is basis without warranty express or implied. The Company and its suppliers and affiliates disclaim all warranties, including the warranty of non-infringement of proprietary or third party rights, and the warranty of fitness for a particular purpose. The Company and its suppliers make no warranties as to the accuracy, reliability, completeness, or timeliness of the material, services, text, graphics and links.

For a complete statement of the Terms of Service, please see our website. By obtaining these materials you agree to abide by the terms herein, by our Terms of Service as posted on the website and any and all alterations, revisions and amendments thereto.



Return to 123HelpMe.com

Copyright © 2000-2013 123HelpMe.com. All rights reserved. Terms of Service