VIRUSES and RELATED THREATS Malicious Programs Malicious Program

  • Slides: 9
Download presentation
VIRUSES and RELATED THREATS

VIRUSES and RELATED THREATS

Malicious Programs Malicious Program Independent Need Host Programs Trapdoors Logic Bombs Trojan Horses Bacteria

Malicious Programs Malicious Program Independent Need Host Programs Trapdoors Logic Bombs Trojan Horses Bacteria Viruses Worms

Virus l Adalah program yang mampu menginfeksi program lain dengan cara memodifikasinya.

Virus l Adalah program yang mampu menginfeksi program lain dengan cara memodifikasinya.

Sifat Alamai Virus Dormant Phase (idle phase) l Propagation Phase (the virus places an

Sifat Alamai Virus Dormant Phase (idle phase) l Propagation Phase (the virus places an identical copy of itself into other program or system area on disk) l Triggering Phase (The Virus Activated to perform the function) l Execution Phase (The function is perform) l

Struktur Virus Algoritma virus Program V: = {goto main; 1234567; subroutin infect-executable-file: = {loop:

Struktur Virus Algoritma virus Program V: = {goto main; 1234567; subroutin infect-executable-file: = {loop: file: =get-random-executable-file; if(first-line-of-file=1234567) then goto loop else prepend V to file} subroutin do-damage: = {whatever damage to be done} subroutin trigger-pulled: = {return true if some condition holds} Main : main-program: = {infect-executable; if trigger-pulled then do-damage; goto next; } Next: } l

Proses Infeksi CV CV CV P 2 P 1’ P 2’

Proses Infeksi CV CV CV P 2 P 1’ P 2’

Jenis-Jenis Virus l l l Parasitic Virus (tradisional and still most common form) Memory-resident

Jenis-Jenis Virus l l l Parasitic Virus (tradisional and still most common form) Memory-resident Virus (lodges in main memory) Boot Sector Virus (Infect a master boot record (MBR) and spreads when a system is booted) Stealth Virus (a Form a Virus explicite design to hide itself from detection by antivirus software) Polymorphics (A mutates with every infection, making detection by signature of the virus imposible

Macro Virus A Macro virus is platform independent l Infect document, not executable portion

Macro Virus A Macro virus is platform independent l Infect document, not executable portion of code l Easy spread most by electronic mail l

Antivirus Approach Solusi pertama untuk mencegah virus menempatkan dirinya pada sistem. Langkah-langkahnya : -

Antivirus Approach Solusi pertama untuk mencegah virus menempatkan dirinya pada sistem. Langkah-langkahnya : - Detection - Identification - Removal l