عنوان البحث(Papers / Research Title)
Win32 Executable Virus Under the concept of Information Warfare
الناشر \ المحرر \ الكاتب (Author / Editor / Publisher)
وسام سمير عبد علي بهيه
Citation Information
وسام,سمير,عبد,علي,بهيه ,Win32 Executable Virus Under the concept of Information Warfare , Time 6/6/2011 8:17:25 PM : كلية تكنولوجيا المعلومات
وصف الابستركت (Abstract)
Win32 Executable Virus Under the concept of Information Warfare
الوصف الكامل (Full Abstract)
Win32 Executable Virus under the concept of
Information Warfare
In this paper we construct a virus that works under all windows operating systems (windows 9x/me/nt/2000/xp) (win32 compatible virus) and infects files that have portable executable format. also, the proposed virus is undetectable by all current commercial antivirus programs especially which used heuristic technique that detects unknown viruses. in addition, the suggested virus is reliable under unexpected errors such that it can handles future errors in order to avoid host file crash and user aware. we implement the virus using 32-bit assembly language and pentium processors under win32 operating systems.
Introduction
:- Most people think of an "attack" as something that usually involves flying metal that could really kill you: bullets, tanks, aircraft, that sort of thing. most people do not realize that an information warfare attack could probably do as much damage (or more, depending on who you listen to) as conventional weapon systems, although the initial effects may not be as bloody. information, and the systems that the nation uses to process, change, and distribute that information, have become a vital part of the nation s infrastructure [11].
Information warfare
At the grand strategy level, nations seek to acquire, exploit, and protect information in a support of their objectives. this exploitation and protection can occur in the economic, political, or military arenas. knowledge of the adversary s information is a means to enhance our own capabilities, degrade or counteract enemy capabilities, and protect our own assets, including our own information [5].
Information warfare is the offensive and defensive use of information and information systems to deny, exploit, or corrupt an adversary s information, information-based processes, information systems, and computer-based networks while protecting one s own. such actions are designed to achieve advantages over military or business adversaries [6]. we can define information warfare in military context as an action taken to achieve information superiority in support of national military strategy by affecting adversary information and information systems while leveraging and defending our information and information systems [8][9][10].
Computer Viruses Warfare
One of the most important issues in technological warfare is the virus attacks that can be used to infiltrate enemy computers in order to disrupt a community s infrastructure. the reason this issue is important is because it has the potential to affect most people. viruses can cause regions and perhaps whole countries to be left without electricity, natural gas, telephone service, television broadcasts, and drinking water. So what is the big deal? after all, this is war and the goal of war is to do whatever it takes to win in the shortest time possible while using the least resource possible. by this definition, viruses are the ultimate weapon [3]. Event of the last few years have demonstrated dramatically that "computer viruses" are not only feasible but can quickly cause catastrophic disruption of computer systems and networks. current trends in the development of military electronic systems have significantly increased the vulnerability of these systems to computer virus attack. this has created a new form of electronic warfare consisting in the electronic insertion of computer virus microcode into a victim electronic system [7].
Computer Viruses
Computer viruses are instructions (code) that infect a computer system and, after a period of reproduction , they activate and demonstrate their presence. the name virusis used because many of the characteristics of these programs are similar to the behavior of living viruses. Computer viruses have the ability to reproduce themselves and attach themselves to other programs under certain circumstances, they can damage computer systems, programs, and data. a virus can be benign and cause no harm but many viruses are destructive, this depends on the intent of creator [13].
Computer viruses can be classified by their hosts:
- boot viruses, which infect boot sectors of hard drives and floppy disks.
- file viruses, which infect executables (program files).
- macro viruses, which use application macros for replication.
- script viruses, which use scripting language for replication.
- multipartite viruses, which utilize at least two of the previous replication methods.
some of these types of viruses are able to infect over networks, and can be called network viruses or worms.
There are several variations of viruses, regarding how they can hide their presence:
- stealth viruses have the ability to conceal their presence from antivirus programs.
- encrypted and polymorphic viruses are viruses that can not be identified by searching for a simple single sequence of types in a possible infected object, since they change with every replication [1].
Anti-virus Programs
Antivirus software prevents and cures attacks from viruses and other malicious codes.
scanners are the most readily available type of antivirus solution, but they are not the only type. it is perhaps best to think of anti-virus solutions in terms of:
• what is required to detect the virus
- generic methods.
- specific methods.
and
• when the virus is detected
- prior to the attempted infection.
- after the infection. A virus can be detected using either generic methods or specific methods. generic methods look for virus-like behavior rather than specific viruses. as a result, even new viruses can be detected, and there is little need for frequent up datings to the tool that is being used. because generic methods look for behavior rather than specific viruses, the name of the virus is normally not given. instead, users are simply warned that a virus is likely to be present. examples of generic detection methods are:
• check summing and integrity checking.
• heuristics.
•decoys.
• behavior blocking.
specific methods, on the other hand, rely on having prior knowledge of the virus. in this case, the tool is able to both detect that the virus is present as well as identify it. as a result, frequent updatings to the tool are necessary. examples of specific detection methods are:
• on-demand and scheduled scanning.
• on-access (real-time) scanning infected.
[4].
تحميل الملف المرفق Download Attached File
|
|