Date post: | 27-Dec-2015 |
Category: |
Documents |
Upload: | moris-merritt |
View: | 214 times |
Download: | 0 times |
Computer Network ForensicsComputer Network ForensicsLecture - VirusLecture - Virus
© Joe CleetusConcurrent Engineering Research Center,
Lane Dept of Computer Science and Engineering, WVU
2
Viruses, Trojan Horses, and Worms: Viruses, Trojan Horses, and Worms: What’s the technical definition of a virus?What’s the technical definition of a virus?
A computer virus is a program that attaches itself to a file, reproduces itself, and spreads to other files
A virus can perform a trigger event:– corrupt and/or destroy data– display an irritating message
Key characteristic is their ability to “lurk” in a computer for days or months quietly replicating themselves
3
What’s the technical definition of a virus?What’s the technical definition of a virus?
File virus - a virus that attaches itself to an application program– Chernobyl - designed to lurk in computer until April 26
A boot sector virus infects the system files that your computer uses every time you turn it on– A macro virus infects a set of instructions called a
“macro”.– Macro - a miniature program that usually contains
legitimate instructions to automate document and worksheet production
4
How is a Trojan horse How is a Trojan horse different from a virus?different from a virus?
A modern day Trojan horse is a computer program that appears to perform one function while actually doing something else– Not a virus, but may carry a virus– Does not replicate itself
Another type of Trojan horse looks like a log-in screen
PictureNote.Trojan – arrives as e-mail named picture.exe and then tries to steal login and e-mail passwords
5
What’s a worm?What’s a worm?
A software worm is a program designed to enter a computer system through security holes– usually through a network– does not need to be attached to a document to reproduce
“Love Bug” – arrives as e-mail attachment and overwrites most music, graphic, document, spreadsheet and web files on your disks
Denial of Service attacks
6
How are viruses spread?How are viruses spread?
7
How are viruses spread?How are viruses spread?
Viruses are spread through e-mails as wellMacro viruses are usually found in MS Word
and MS Excel files (.doc and .xls)To keep safe, you can disable macros on files
you do not trust
8
What are the symptoms of a virus?What are the symptoms of a virus?
– Your computer displays a vulgar, embarrassing or annoying message
– Your computer develops unusual visual or sound effects
– You have difficulty saving files: files mysteriously disappear
– Your computer reboots suddenly– Your computer works very slowly– Your executable files unaccountably increase in
size– Your computer starts sending out lots of e-mail
messages on its own
9
Antivirus Software: What’s Antivirus Software: What’s antivirus software?antivirus software?
Antivirus software is a set of utility programs that looks for and eradicates a wide spectrum of problems such as viruses, Trojan horses, and worms
10
How does antivirus software work?How does antivirus software work?
Hackers have created viruses that can insert themselves into unused portions of a program.
To counterattack the work of hackers, antivirus software designers created software with a checksum - a number calculated by combining binary values of all bytes in a file– compares checksum each time you run a program
11Page 189
How does antivirus software work?How does antivirus software work?
Antivirus software also checks for a virus signature – a unique series of bytes used to identify a known virus
Write-protecting a floppy disk will not prevent virus infection because you need to remove write protection each time you save a file to disk
12
When should I use antivirus software?When should I use antivirus software?
“All the time”Most antivirus software allows you to specify
what to check and when to check itNorton AntivirusMcAfee Antivirus
13
How often should I get an update?How often should I get an update?
New viruses and variations of old viruses are unleashed just about everyday
Check website of antivirus software publisher for periodic updates
Some software updates itself automatically
14
How reliable is antivirus software?How reliable is antivirus software?
Antivirus software is pretty reliable, but viruses try to get around detection– Multi-partite viruses– Polymorphic viruses– Stealth viruses– Retro viruses
Antivirus software is not 100% reliable, but protection is worth the risk
15
How do I recognize a hoax?How do I recognize a hoax?
Bogus virus e-mail message usually contain a long list of people in the To: and CC: boxes and have been forwarded to a lot of people
List some “authority”Most recommend reformattingFake viruses are often characterized as doing
bizarre deedsYou can validate the hoax by going to a
reliable website that lists hoaxes and viruses
16
Chapter
4
Virus Hoaxes: What’s a virus hoax?Virus Hoaxes: What’s a virus hoax?
Some viruses don’t really existsA virus hoax arrives as an e-mail message
containing dire warnings about a supposedly new virus that is on the loose– Recommends a strategy – Recommends forwarding the email– Says no one has a fix for it yet
Most cases it is a fake
17
How do I recognize a hoax?How do I recognize a hoax?
18
How can I protect myself?How can I protect myself?
PRACTICE SAFE SURF!
Step One: Purchase a good antivirus program like Norton AntiVirus or McAfee Viruscan.
19
How can I protect myself?How can I protect myself?
Step Two: Update your virus definitions once a week!
If you don’t,
YOU AREN’T PROTECTED!
20
How can I protect myself?How can I protect myself?
Step Three: Never double-click (or launch) ANY file, especially an email attachment, regardless of who the file is from, until you first scan that file with your antivirus program.
How did Melissa, Bubbleboy, and WormExploreZip come to infect so many computers? Simple! People ignored this step.
21
How can I protect myself?How can I protect myself?
Step Four: Turn on macro virus protection in Microsoft Word, especially if you don’t know what macros are.
To find out how, go to NetSquirrel.com and look in the Urban Legend Combat Kit.
22
QuestionsQuestions
What is the:– I Love You Virus?– Sircam?– Code Red II?
How can you protect yourself from it?What virus is current?
23
More ReferencesMore References
http://www.symantec.com/avcenter/