Malicious Software: Types, Threats, and Advanced Viruses

Classified in Computers

Written on in English with a size of 3.31 KB

Logic Bombs and Resource Exhaustion Attacks

Logic Bombs

A logic bomb is a program that performs an action violating the site security policy when a specific external event occurs. These are typically associated with insider threats.

Example: A program that deletes a company’s payroll records when one particular record is deleted.

  • The "particular record" is usually that of the person who created the logic bomb.
  • The idea is that if (or when) the creator is fired and their payroll record is deleted, the company loses all those records.

Rabbits and Bacteria (Resource Exhaustion)

Rabbits or Bacteria refer to programs designed to absorb all of a specific class of system resources, leading to denial of service or system instability.

Example: For a UNIX system, the following shell commands can exhaust resources:

while true
do
  mkdir x
  chdir x
done

This script continuously creates new directories and changes into them, rapidly exhausting either disk space or file allocation table (inode) space.

Malicious Logic: Data vs. Instructions

It is crucial to distinguish between data and instructions in the context of malicious logic. Malicious logic often functions as both.

  • A virus, for instance, is initially written as program data but then executes as instructions.

Approach: One security approach is to treat "data" and "instructions" as separate types, requiring a certifying authority to approve any conversion between them.

Key Assumptions for this Approach:

  • The certifying authority will not make mistakes.
  • The tools and supporting infrastructure used in the certification process are not corrupt.

Advanced Virus Types and Operational Phases

Encrypted Viruses

An encrypted virus is a virus that is enciphered (encrypted) except for a small deciphering routine. This encryption makes detection by signature much harder, as the majority of the virus code is concealed.

Polymorphic Viruses

A polymorphic virus is a sophisticated type of virus that changes its form each time it inserts itself into another program. The primary idea behind this is to prevent signature-based detection by constantly altering its "signature" or the instructions used for its deciphering routine.

Virus Operational Phases

Viruses typically operate in two main phases:

  • Insertion Phase: The first phase, in which the virus inserts itself into a target file or system.
  • Execution Phase: The second phase, in which the virus performs its intended malicious action.

As indicated by typical virus pseudocode, the insertion phase must be present but does not always need to be executed immediately. For example, the Lehigh virus would check for an uninfected boot file (its spread condition). If found, it would infect that file (the set of target files), then increment an internal counter. If the counter reached four, it would erase the disk. These operations constituted its malicious actions.

Karma: 8%
Visits: 0

Related entries:

Tags:
encrypted virus malicious software malware types cybersecurity resource exhaustion digital threats polymorphic virus virus phases system security information security security threats insider threats data vs instructions computer virus logic bomb virus detection