Malicious s/w can be divided into two categories: Those that need a host program and those that are independent. The former are essentially fragment's of programs that cannot exist independently of some actual application program, utility or system program. Virus, Logic bombs and backdoor are example.
The letter are self-contained programs that can be scheduled and run by the O.S. Worms and Zombie programs are examples.
We can also differentiate b/w those s/w threats that do not replicate and those that do. The former are programs or fragments of program's that are activated by a trigger.Ex-Logic bomb, Backdoor, Zombie Programs.
BACKDOOR-> A backdoor also known as trapdoor is a secret entry point into a program that allows some one that is aware of the backdoor to gain access without going through the usual security access procedures.The backdoor is code that recognize some special sequence of input or is triggered by being run from a certain user id or by an unlikely sequence of events.
Backdoor become threats when unscrupulous programmers use them to gain unauthorized access.
It is difficult to implement O.S. controls for backdoor. Security measure must focus on the program development and software update activities.
LOGIC BOMB-> One of the oldest type of program threat predating viruses and worms is the logic bomb. The logic bomb is code embedded in some legitimate program that is set to"exploit" when conditions are met.Examples of conditions that can be used as trigger for the logic bomb are the presence or absence of certain file , a particular day of a week or date , or a particular user running the application.Once triggered a logic bomb alter or delete data aremtire file causes a machine halt or do some other damage. A A striking example of how logic bomb can be employed was the case of Tim Lloyd who was convicted of setting a logic bomb that cost his employer, Omega engineering more then 10 million $, derailed its corporate growth stratehy and eventually led to the lay off of 80 workers .Ultimately Lloyd was sentenced to 41 month in prison and ordered to pay $2 million in restitution.
TROJAN HORSE-> aA Trojan horse is a use full or apparently use full program or command procedure containing hidden code that when invoked, performs some unwanted or harmful function.
Trojan horse programs can be use to accomplish functions indirectly that an unauthorized user could not accomplish directly.
I want to clear one thing that Trojans are just remote administrative tools with the help of attackers can gain access to a victim computer.its not a type of virus it is very popular with a name RAT.
A Trojan come in mainly two parts one is Client and the other is Server.Attacker implant the server part to the victim computer and with the help of Client he send request for the server.When server executed it opens a port on the victim computer and through that post client communicate with the server.Every Trojn program work on a particular port number like "bief" work on 9999 port number of TCP.
ZOMBIE-> A zombie is a program that secretly takes over another Internet-Attached computer and then uses that computer to launched an attack that are difficult to trace to the Zombie creator.Zombies are used in Denial -of- service attacks typically against targeted websites.The Zombie is planned on hundred of computer belonging to unsuspecting third parties, and then used to overwhelm the target web site by launching an overwhelm on slough t of internet traffic.
VIRUSES-> A Virus is a piece of s/w that can "infect" other program by modifying them; the modification includes a copy of the virus program, which can then go on to infact other programs.
Biologist viruses are tiny scraps of genetic code DNA or RNA that can take over the machinery of a living cell and trick it into making thousands of flow less replicas of the original virus.Like its biological counter part, a computer virus carries in its instructional code the recipe for making perfect copies of itself.The typical virus become embedded in a program on a computer.Then when ever the infected computer comes into the new programs .Thus the infection can be spread from computer to computer by unsuspecting users who either swap disks or sends programs to one other over a network.Tn a network environment the ability to access application and system service on other computers provides a perfect culture for the spread of a virus. A Virus can do one thing that other programs do the only difference is that it attached it self to other program and executes secretly when the host program is run.Once a Virus is executing it can perform any function , such as erasing files and programs.
No comments:
Post a Comment