Scribd
Upload
2 views7 pages

U3 System Security-69-75

Uploaded by

MohanaPriya P
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views7 pages

U3 System Security-69-75

Uploaded by

MohanaPriya P
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Behavior-Blocking Software

• Behavior-blocking software integrates with the operating system of a host computer and monitors
program behavior in real-time for malicious actions.

• The behavior blocking software then blocks potentially malicious actions before they have a
chance to affect the system.

• Monitored behaviors can include,


• Attempts to open, view, delete, and/or modify files;
• Attempts to format disk drives and other unrecoverable disk operations;
• Modifications to the logic of executable files or macros;
• Modification of critical system settings, such as start-up settings;
• Scripting of e-mail and instant messaging clients to send executable content and
• Initiation of network communications.
WORMS
• A worm is a program that can replicate itself and send copies from computer to computer across
network connections.

• The worm may be activated to replicate and propagate again.

• The concept of a computer worm was introduced in John Brunner’s 1975 SF novel The
Shockwave Rider.

• Network worm programs use network connections to spread from system to system.

• To replicate itself, a network worm uses some sort of network vehicle.


• Electronic Mail Facility
• Remote Execution Capability
• Remote Login Capability

• MORRIS WORM
WORM PROPAGATION MODEL
Recent Worm Attacks
• Code Red Worm
• DoS Attack
• Code Red II
• Installs Backdoor
• Slammer Worm
• Mydoom
• Trojan Horse and Adware
State of Worm Technology
• The state of the art in worm technology includes the following:

• Multi – Platform
• Multi – Exploit
• Ultrafast Spreading
• Polymorphic
• Metamorphic
• Transport Vehicles
• Zero-day Exploits

• Mobile Phone Worms

• Bluetooth Wireless Connections


• Multimedia Messaging Service (MMS)
• CommWarrior
• MMS file
Worm Countermeasures
• Generality
• Timeliness
• Resiliency
• Minimal denial-of-service costs
• Transparency
• Global and Local Coverage
COUNTERMEASURE APPROACHES
• Signature based worm scan filtering
• Filter-based worm containment
• Payload-classification based worm containment
• Threshold random walk scan detection
• Rate limiting
• Rate halting

You might also like