dbkj bnklcnv k;cv

7/29/2019 dbkj bnklcnv k;cv

1/25

01/18/13 1


2/25

01/18/13 2

VirusVirus

Vital Information Resources UnderSiege

A computer virus is a self-replicatingcomputer program written to modify the way a

computer operates, without the permission or

knowledge of the user.

It is malicious software (MALWARE)


3/25

01/18/13 3

ClassificationClassification

Boot Sector Viruses

Companion Viruses

Email Viruses

Logic Bombs and Time Bombs

Macro Viruses


4/25

01/18/13 4

First computer viruses

Brain Created in Pakistan by brothers Basit and Amjad Farooq

Alvi

Vienna Created by Ralph Burger

Cascade

First Bootable Virus

Elk Cloner


5/25

01/18/13 5

Polymorphic virus The idea of self encrypting

Chameleon-the first polymorphic virus

Macro Virus Windows operated viruses

infected Microsoft Word documents


6/25

01/18/13 6

Intentionally created by programmers

Written as research projects, pranks,

vandalism

Releasing computer viruses (as well as

worms) is a crime in most jurisdictions.


7/25

01/18/13 7

Nonresident viruses

consisting of a finder module and a

replication module.

Resident viruses

contain a replication module.


8/25

01/18/13 8

For simple viruses the replicator's

tasks are to:

Open the new file

Check if the executable file has already

been infected (if it is, return to the finder

module)

Append the virus code to the executable

file

Save the executable's starting point


9/25

01/18/13 9

Change the executable's starting point sothat it points to the start location of thenewly copied virus code

Save the old start location to the virus in away so that the virus branches to thatlocation right after its execution.

Save the changes to the executable file Close the infected file

Return to the finder so that it can find newfiles for the replicator to infect.


10/25

01/18/13 10

Host typesHost types

Binary executable files (such as COM-files and EXE-files in MS-DOS, Portable Executable files in Microsoft Windows, and ELFfiles in Linux)

Volume boot records of floppy disks and hard disk partitions

The master boot record (MBR) of a hard disk

General-purpose script files (such as batch files in MS-DOS andMicrosoft Windows, VBScript files, and shell script files on Unix-like platforms).

Application-specific script files (such as Telix-scripts)

Documents that can contain macros (such as Microsoft Worddocuments, Microsoft Excel spreadsheets, AmiPro documents,

and Microsoft Access database files)


11/25

01/18/13 11

Avoiding bait files and other

undesirable hosts

Stealth Self-modification

Encryption with a variable key

Polymorphic code

Metamorphic code


12/25

01/18/13 12

If your computerIf your computermightmight bebe

infectedinfected

Your computer runs more slowly than normal Your computer stops responding or locks up often Your computer crashes and restarts every few

minutes Your computer restarts on its own and then fails torun normally

Applications on your computer don't work correctly Disks or disk drives are inaccessible

You can't print correctly You see unusual error messages You see distorted menus and dialog boxes


13/25

01/18/13 13

Steps to avoid virusesSteps to avoid viruses

Use an Internet firewall

Visit Microsoft Update and turn on AutomaticUpdates.

Subscribe to industry standard antivirus software andkeep it current.

Never open an e-mail attachment from someone youdon't know.

Avoid opening an e-mail attachment from someoneyou know, unless you know exactly what theattachment is. The sender may be unaware that itcontains a virus.


14/25

01/18/13 14

Always set security level to custom level to

avoid E-mail virus


15/25

01/18/13 15

SpywareSpyware

Spyware applications are typically

bundled as a hidden component of

freeware or shareware programs that

can be downloaded from the Internet

Shareware

Software distributed on the basis of an

honor system. Most shareware is

delivered free of charge


16/25

01/18/13 16

FreewareFreeware

Copyrighted software given away for

free by the author. Although it is

available for free, the author retains thecopyright, which means that you cannot

do anything with it that is not expressly

allowed by the author. Usually, theauthor allows people to use the

software, but not sell it.


17/25

01/18/13 17

AdwareAdware

Form of spyware that collects

information about the user in order to

display advertisements in the Webbrowser based on the information it

collects from the user's browsing

patterns


18/25

01/18/13 18

Trojan horseTrojan horse

A Trojan horse is a program that pretends tobe something else.

Appear to be something interesting and

harmless A game, but when it runs it may have harmful

effects AIDS First Trojan Horse

Some Trojan Horses GHOST.EXEAOL4Free


19/25

01/18/13 19

Logic bombLogic bomb

Infects a computers memory

Does not replicate itself

Has the ability to erase a hard drive or

delete certain files


20/25

01/18/13 20

A program or algorithm that replicatesitself over a computer network and

usually performs malicious actions,such as using up the computer'sresources and possibly shutting thesystem down.

write once, read many replicate itself on your system


21/25

01/18/13 21

List of WormsList of Worms

Badtrans Bagle Blaster

Brontok Code Red Code Red II Dabber Doomjuice Hybris Hydra Nimda

ILOVEYOU Klez Mabutu

Melissa Morris Mydoom Netsky W32/Bolgimo.worm Welchia Witty Zotob


22/25

01/18/13 22

HOAXHOAX

Does not self-replicate

Cause no direct damage

Messages only false warnings

Spread rapidly


23/25

01/18/13 23

List of HOAXList of HOAX

'WTC Survivor' VirusWarning

Blue Mountain GreetingCards 'Virus'

Budweiser Frogs ScreenSaver A Virtual Card for You California IBM / Wobbler

Virus Celcom Screen Saver

(CELLSAVER.EXE) Penpal Greetings MusicPanel (MP3) Virus

JDBGMGR.EXE 'Olympic Torch' Virus Osama Bin Laden 'Suicide'

Virus

Win a Holiday 'WTC Survivor' Virus ALL SEEING EYE ('We Are

Watching You') Be My Valentine 'Happy New Year' Virus Sandman Irina HTML Virus


24/25

01/18/13 24

Some external linksSome external links

http://www.help2engg.com

http://www.nipc.gov

http://www.cert.org

http://www.fedcirc.gov http://www.sans.org

http://www.virusbtn.com

http://www.wildlist.org

http://www.vmyths.com http://www.avien.net

http://www.virus-scan-software.com


25/25

01/18/13 25

THANK YOU FOR YOURTHANK YOU FOR YOUR

SUPPORTSUPPORT