computer virus.ppt
DESCRIPTION
PPT On Computer VirusTRANSCRIPT
![Page 1: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/1.jpg)
Computer Viruses
![Page 2: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/2.jpg)
Definition
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.
![Page 3: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/3.jpg)
Background
Evolution of virus In the mid-1980s Basit and Amjad Alvi of Lahore, Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged. Today new viruses sweep the planet in hours and virus scares are major news.
![Page 4: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/4.jpg)
They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.
How does a virus infect computers?
![Page 5: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/5.jpg)
• Virus writers don’t gain in financial or career terms; they rarely achieve real fame; and, unlike hackers, they don’t usually target particular victims, since viruses spread too indiscriminately. Virus writers tend to be male, under 25 and single. Viruses also give their writers powers in cyberspace that they could never hope to have in the real world.
Who writes viruses?
![Page 6: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/6.jpg)
Virus Languages
![Page 7: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/7.jpg)
Symptoms of Virus Attack
![Page 8: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/8.jpg)
Viruses and Virus Like Programs
![Page 9: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/9.jpg)
Virus & Worms
![Page 10: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/10.jpg)
Classifying Virus - General
![Page 11: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/11.jpg)
Classifying Virus - Categories
![Page 12: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/12.jpg)
Trojan Horse
Back Orifice Discovery Date: 10/15/1998
Origin: Pro-hacker Website
Length: 124,928
Type: Trojan
SubType: Remote Access
Risk Assessment: Low
Category: Stealth
![Page 13: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/13.jpg)
Trojan Horse
About Back Orifice requires Windows to work distributed by “Cult of the Dead Cow” similar to PC Anywhere, Carbon Copy software allows remote access and control of other
computers install a reference in the registry once infected, runs in the background by default uses UDP port 54320 TCP port 54321 In Australia 72% of 92 ISP surveyed were infected
with Back Orifice
![Page 14: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/14.jpg)
Trojan Horse
Features of Back Orifice pings and query servers reboot or lock up the system list cached and screen saver password display system information logs keystrokes edit registry server control receive and send files display a message box
![Page 15: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/15.jpg)
Torjans…..
![Page 16: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/16.jpg)
Worms
Bubbleboy
Discovery Date:11/8/1999
Origin: Argentina
Length: 4992
Type: Worm/Macro
SubType: VbScript
Risk Assessment: Low
Category: Stealth/Companion
![Page 17: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/17.jpg)
Worms
Bubbleboy requires WSL (windows scripting language),
Outlook or Outlook Express, and IE5 Does not work in Windows NT Effects Spanish and English version of Windows 2 variants have been identified Is a “latent virus” on a Unix or Linux system May cause DoS
![Page 18: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/18.jpg)
Worms
How Bubbleboy works Bubbleboy is embedded within an email
message of HTML format. a VbScript while the user views a HTML page a file named “Update.hta” is placed in the start
up directory upon reboot Bubbleboy executes
![Page 19: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/19.jpg)
Worms
How Bubbleboy works changes the registered owner/organization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner = “Bubble Boy”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization = “Vandalay Industry”
using the Outlook MAPI address book it sends itself to each entry
marks itself in the registry HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy =
“OUTLOOK.Bubbleboy1.0 by Zulu”
![Page 20: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/20.jpg)
Macro
Specific to certain applications Comprise a high percentage of the virusesUsually made in WordBasic and Visual
Basic for Applications (VBA) Microsoft shipped “Concept”, the first
macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995
![Page 21: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/21.jpg)
Macro
MelissaDiscovery Date: 3/26/1999
Origin: Newsgroup Posting
Length: varies depending on variant
Type: Macro/Worm
Subtype: Macro
Risk Assessment: High
Category: Companion
![Page 22: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/22.jpg)
Macro
Melissa requires WSL, Outlook or Outlook Express Word
97 SR1 or Office 2000 105 lines of code (original variant) received either as an infected template or
email attachment lowers computer defenses to future macro virus
attacks may cause DoS infects template files with it’s own macro code 80% of of the 150 Fortune 1000 companies
were affected
![Page 23: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/23.jpg)
Macro
How Melissa works the virus is activated through a MS word document document displays reference to pornographic
websites while macro runs 1st lowers the macro protection security setting for
future attacks checks to see is it has run in current session before
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Melissa = “by Kwyjibo”
propagates itself using the Outlook MAPI address book (emails sent to the first 50 addresses)
![Page 24: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/24.jpg)
![Page 25: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/25.jpg)
Viruses That Travelled Furthest..!
Love Bug VBS/Love Let-A Best known & pretends to
be a LL First seen : May 2000 Origin : Philippines Trigger : On initial infection Effect :E-mail with subject
LL,distribute via MS-outlook, Steal user info, overwrites cert files
Melissa WM97/Melissa-Word 97
macro virus Uses psychological subtlety First seen : March 1999 Origin : A 31 yr old US
programmer, David .L.Smith Trigger : On initial infection Effect :Sends message to
first fifty in all address books ,Attaches infected document
![Page 26: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/26.jpg)
Viruses That Travelled Furthest..!
CIH (Chernobyl) W95/CIH-10xx-parasitic
virus, runs on Win-95 First virus to damage
hardware First seen : June 1998 Origin :Written by Chen Ing
Hau of Taiwan Trigger :April-26th,June 26th
or 26th of any month Effect :Overwrites
HD,overwrites BIOS, needs BIOS chip replacement
![Page 27: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/27.jpg)
Overview
![Page 28: Computer Virus.ppt](https://reader033.vdocuments.us/reader033/viewer/2022061113/545fbe66b1af9f09598b4eff/html5/thumbnails/28.jpg)
Questions?