Trap Doors - PowerPoint PPT Presentation

About This Presentation
Title:

Trap Doors

Description:

Friday the 13th Virus duplicated itself every Friday of the month and on the 13th causing slowdown on networks ... Virus, one of the first viruses to get ... – PowerPoint PPT presentation

Number of Views:304
Avg rating:3.0/5.0
Slides: 20
Provided by: stude230
Learn more at: http://www.cs.ucf.edu
Category:
Tags: 13th | doors | friday | the | trap

less

Transcript and Presenter's Notes

Title: Trap Doors


1
Trap Doors Logic Bombs
  • William Dotson

2
Overview
  • Malware Taxonomy
  • Definitions
  • Historical Overview
  • Protection Methods
  • Ethical Issues

3
Malware Taxonomy
Malware
No Host
Needs Host
Trapdoor
Trojan Horse
Logic Bomb
Virus
Worm
Bacteria
4
Trap doors
  • Method of bypassing normal authentication methods
  • Remains hidden to casual inspection
  • Can be a new program to be installed
  • Can modify an existing program
  • Also known as Back Doors

5
Logic Bombs
  • Piece of code that executes itself when
    pre-defined conditions are met
  • Logic Bombs that execute on certain days are
    known as Time Bombs
  • Code performs some payload not expected by the
    user.
  • Shareware that deactivates itself are not logic
    bombs.

6
Backdoor History
  • Made famous in the movie War games
  • 2003, an attempt was made to create a backdoor in
    the Linux Kernel
  • Early versions of the Sobig Virus in 2003
    installed backdoors to send its spam.
  • MyDoom virus in early 2004 created a backdoor on
    port 3127 to send spam

7
Backdoor History
  • No one really knows often backdoors are inserted
    into software
  • Some people speculate it is a prevalent practice
    in the industry
  • Most backdoors are obvious and clumsy

8
Backdoor History
  • The attempted Linux backdoor is more
    sophisticated
  • if ((options (__WCLONE__WALL))
    (current-gtuid 0))retval -EINVAL
  • Under casual inspection looks like it is just
    checking two flags, but actually setting the UID
    to root
  • Required good knowledge of Linux Kernel
  • Only caught because the part of code this line is
    contained in was modified manually rather than
    automatically as the section it was in was.
  • Caught during a file integrity check near release

9
Logic Bomb History
  • Some of the very first viruses had logic bombs
  • Friday the 13th Virus duplicated itself every
    Friday of the month and on the 13th causing
    slowdown on networks
  • Michelangelo Virus, one of the first viruses to
    get news coverage, execute itself on March 6th
    and tried to damage hard-disks

10
Logic Bomb History
  • 1985 a programmer at a insurance firm in Texas
    wrote a logic bomb that modified a data retrieval
    function to rewrite part of main memory, rename
    itself, relocate itself, then power down the
    computer.
  • 1992 a programmer at General Dynamics was fined
    5,000 Dollars that he was going to come back
    later and charge to remove.

11
Logic Bomb History
  • Win32.Kriz.3862 virus in 1999 executed itself on
    Christmas Day and causes serious damage by
    overwriting massive amounts of data on the hard
    disk and rewriting the BIOS
  • In 2000, a Deutsche Morgan Grenfell a securities
    trader who had initially been hired as a
    programmer was charged with inserting a logic
    bomb.

12
Protection
  • Difficult to prevent truly determined hackers
  • Requires thorough commitment to quality
    assurance, strict separation of programming
    duties, and strict security practices after
    deployment.

13
Protection Continued
  • Segregate operations from programming and testing
  • Have a carefully controlled process from for
    moving code into production
  • Give only operations staff write-access to
    production code
  • Lock down production code so that is as close to
    impossible for unauthorized people to modify
    programs
  • Assign responsibility for specific production
    programs to named positions in operations
  • Maintain a list of authorized programmers for
    authorized quality assurance officer before
    accepting changes to production
  • Keep records of exactly which modifications were
    installed when and at whose request
  • Keep audit trails running at all times and have
    them include a checksum not only be based on the
    record but the record that comes before it.

14
Protection Continued
  • Some of these seem more obvious than others
  • Not all of these practices are used
  • Many companies are not willing or are not able to
    commit the resources needed for quality assurance
    and extensive security measures.

15
Hacking in Media
  • Hackers are often glorified by the press and in
    the media
  • Hackers that get caught are often young and
    written off as misguided youth
  • Anti-Hacking Laws have been enacted that
    dramatically increase the penalties for anyone
    caught

16
Ethical Questions
  • Should software producers be allowed to include
    Logic Bombs to ensure final payment?
  • According to the governmentno.
  • But how many do? Probably a lot.

17
Legitimate Logic Bombs
  • Software openly time-limited
  • Problems arise if company stops supporting this
    product
  • Problems arise if a company goes out of business

18
Summary
  • Trap Doors can provide access to a system for
    unauthorized procedures
  • Logic Bombs execute malicious code at certain
    time
  • Total Security is difficult
  • How unethical are these practices, should they
    ever be legal?

19
Resources
  • Protecting against program threats
    http//www.unix.org.ua/orelly/networking/puis/ch11
    _01.htm
  • Conway, Richard. 2 Code hacking a developer's
    guide to network security 2004.
  • A guide to protecting your computer systems from
    hackers. http//www.securitymanagement.com/library
    /Harden0201.html
  • Logic Bombs. http//www.nwfusion.com/newsletters/s
    ec/2002/01514405.html
  • Thwarted Linux backdoor hints at smarter hackers.
    http//www.securityfocus.com/news/7388
  • Backdoor Wikipedia, the Free Encyclopedia.
Write a Comment
User Comments (0)
About PowerShow.com