Lecture 16: Targeted Malware (Mar 29)

Lecture #16 started with Alex Rudd's presentation which gave us an overview about a history of Digital rights management. Digital rights management is a technological way of limiting access to copyrighted material. Then Dr. Gunes, gave us a overview of Lecture # 15 during which he talked about what a virus is, how it propagates, what a worm is and also about the difference between the worm and a virus. He also talked about Rabbit/Bacteria and Logic/ Time Bomb, Trojan, Trap Door and a Dropper. The four phases of a virus- Dormant, Propagation, Triggering and Execution phase were also discussed. Different types of viruses and how they append to the programs were talked about. Different virus signatures that help identify the virus, like the storage pattern, execution pattern and Transmission pattern are mentioned. Polymorphic viruses and the approaches that Anti virus software’s take in protecting against viruses are mentioned. Also, the prevention of virus attacks and damage limiting is also talked about.

Then, Dr. Gunes moved on to Targeted Malware. Trapdoors, Salami attacks, rootkit programs, privilege escalation, interface illusion and keystroke logging, Timing attack were mentioned. Covert channels that secretly leak information and provide unauthorized access were taught. Two different kinds of Covert channels exist- Storage Channels and Timing channels. Storage channels pass information by using the presence or absence of an object. An example of storage covert channel is File lock. Timing channels pass information by considering the speed at which things happen. Covert channels can be identified by the presence of shared resources, correctness of program code and analyzing the flow of information also slowing down the rate at which the information is transferred. Different methods for controlling program threats were discussed. Operating systems controls on use of programs were mentioned.